Managing today's hybrid workforce with Secure Access Service Edge (SASE)

Remote work is nothing new, but the impacts of the global pandemic sped up work-from-home momentum and today we have workers who are defining their own schedules, determining which days they are at home, in the office or traveling. This hybrid workforce, as it is known, provides both opportunities and challenges for businesses, many of those challenges, are centered around IT and security.

The majority of data and applications being accessed by these individuals are highly distributed, being hosted on premises, with service providers, in Hyperscalers or as SaaS. This new way of working exposes a security vulnerability at the edge.

Fortunately, Secure Access Service Edge (SASE) addresses this exact use case and more. SASE provides policy-based access to users, devices and applications, delivering a seamless and consistent user experience regardless of where the user is or what applications they are accessing.

SASE is a security architecture that integrates several existing technologies with enhanced security tools (SD-WAN, Firewall, Secure Web Gateway, EMS, Identity Management and CaSB).

"SASE provides a layer of security at the edge, between the user and their applications or data," said Duncan MacDonald, RapidScale’s senior director of product development.

This is particularly important for employees who do not work out of a corporate location and access applications or data remotely.

"Four, five, six years ago, the easiest way to secure an environment was to have people come to an office and sit behind a firewall, " said Barnes. "That was sort of traditional IT, very easy, very contained. It was a very standardized way of securing an environment. Those days are long gone, even pre-pandemic. We’re seeing a lot more work from home, or work from anywhere."

In fact, SASE is even more secure than a traditional firewall when users access business applications like Salesforce or Microsoft 365.

"SASE provides a conduit, a security layer between users and their applications or data, regardless of where they are located," MacDonald said. "Tieing security to the applications and where they reside is the way to go and [will] always be more secure than a traditional network because employees may not have, or be in a position to access that traditional network."

A crucial element in robust security is Zero Trust Network Access, which allows companies to set and manage policies that determine which users, devices, and applications are trusted.

"At the point of accessing an application, SASE begins to apply its policies for users, devices and applications. It checks if you are who you say you are (Identity Management), it checks if you are accessing from the correct and bona fide device. Finally, it confirms that you have access to the application you are wanting to access," said MacDonald. "If yes, excellent, you can access it. If not, then sorry, not going to let you in."

This procedure of “never trusting and always verifying” differentiates SASE from other security tools, like virtual private networks, which authenticate a user only once, when signing in.

"You might be logged in all day to an application, and SASE is checking that you are still you," said MacDonald. "It’s checking that your device is still bona fide and that the application policy is still current and still real."

Using SASE eliminates the security concerns that come with employees using a variety of networks when working.

"We don’t know where our employees are working from," said Barnes. "They could be at the grandparents, Starbucks, or a library. We have to assume that they aren’t connecting to a trusted network."

This is particularly important because most security breaches happen through unsuspecting employees.

"They [employees] are the ones who ultimately cause the breach by clicking on something they shouldn’t or fall for a social engineering hack, where people impersonate a boss or a finance person or an accounting person," said Barnes."And then you’ll see everything from ransomware to wire fraud and, unfortunately, it’s all preventable."

Fortunately, companies can set up SASE through a provider like RapidScale, whose team can provide peace of mind when it comes to security. RapidScale’s managed SASE provides an a-la-carte offering and can easily integrate into existing environments that have already made investments in security or identity management, protecting an organization’s critical infrastructure even further against today’s advanced security threats.