As remote and hybrid work models become the new normal and enterprises accelerate the migration of application workloads to the cloud, it is essential that the underlying infrastructure is evolved to a next-generation architecture that can leverage the benefits of a Secure Access Service Edge (SASE). A much tighter convergence and integration of network connectivity and security functions secure work from anywhere at any time, as demanded by modern businesses while they undergo their digital transformation.
Taking the decision to embrace SASE acknowledges that today’s work environment has forever shifted to a cloud-based model that gives employees access to the digital assets and applications they need to do their jobs. Many organisations have been forced to overcome this major cultural hurdle which was accelerated by the pandemic. For many organisations, transforming the legacy perimeter into cloud-based, converged capabilities does not happen overnight. It requires careful design and planning since enterprises have already invested heavily in the hardware and software that underpin their existing datacentre-oriented model. Most businesses simply cannot afford to abandon those investments, so this is often a phased approach.
Step 1: Assess your entire technology stack
The first step in any SASE journey should start with an assessment of your existing investments. Take an inventory of hardware and software to fully understand refresh cycles and develop a reasonable timeframe for phasing out your on-premise perimeter and branch hardware. Enterprises must understand the parameters of their existing contracts, the time that remains on them, and how that maps to their near-term capacity needs.
Another critical element is soliciting input from voices on both the operations and network sides of the organisation. Enterprise network and operations teams often operate separately, which could further complicate a move to a new converged architecture, albeit one that relies on many of the same tools already in use, like secure web gateways (SWG), cloud access security brokers (CASB), firewall as a service (FWaaS), data loss prevention (DLP), SD-WAN, and Zero Trust Network Access (ZTNA). Any migration plan should include bringing together members of both teams to assess potential benefits, sticking points, and impacts of the change.
Enterprises should also take into account the skills of their staff, as they are key to any successful SASE strategy. The strengths and skills of the operational and security teams are also crucial to this transformation and any gaps need to be filled by a skilled partner with the correct skills and experience to ensure these services are delivered against the right SLA.
Vendor selection is also critical. After years of building on a datacentre oriented, perimeter-based model, most organisations now find themselves managing a mish-mash of software tools and vendors, and some will be more capable than others of making the shift to an anytime, anywhere approach. It is crucial that organisations work with a skilled partner like Intelys Telecom to find a vendor or vendors with platforms that can integrate all elements critical to a successful SASE strategy, and one that can securely scale up as your workforces shift and expand.
In the rush to move to SASE, it may be tempting to plunge in headlong without much research or prep work. But simply taking the above-mentioned steps alone can pick up the pace for SASE adoption, cutting the time to implement by half. Like any migration project from on-premises to the cloud, simply taking a “lift-and-shift” approach and assuming that the functional requirements for yesterday are the same as for tomorrow is flawed. Taking the time to work with a skilled partner to do a much deeper assessment at the beginning will save a lot of time and pain down the road.
Step 2: Know your data and let insights drive you
In the enterprise, data makes the world go around. It is the lifeblood of any organisation and the currency of modern-day business. It is important to understand what data your business has, where it is located and how it is used. This has proved difficult for some organisations. The migration to SASE offers the perfect opportunity for the enterprise to assess its data landscape from both operational and security standpoints.
Knowing what data employees need to do their jobs, and how to protect it, will go a long way in securing newly defined ways of working. From there, the enterprise can turn its attention to developing a set of policies, processes, and procedures to implement as it migrates to a SASE architecture.
As with anything, start with the big data elements that will secure early project wins and have a big business impact.
Step 3: Document your plan
Using the post-pandemic accelerated rate of adoption as a guide, like Gartner, we believe a migration plan should include the following milestones:
- Phase-out of hardware and software. Most of what is in use is no longer needed in a cloud-first strategy.
- Consolidate and eliminate vendors. From a management standpoint, “the fewer, the better” should be a guiding principle. Many of the tools currently in use were made for a datacentre-oriented environment and will not transition easily to the cloud. This is where companies can save money.
- Eliminate legacy VPNs used at the network level for remote access. As enterprises found when the pandemic forced workers home, VPNs just did not cut it and became an operational and security liability.
- Establish qualified metrics for measuring migration success. The best plans might not yield the expected results. Metrics can serve as an early warning system that something is off, and give you an opportunity to fine-tune your plan.
Step 4: Nail down your security
Perimeter security stuck in a box at the edge of the datacentre has not caught up with the move to the cloud. Putting a SASE framework in place will bring security up to speed to adequately protect the modern business.
Focus on these key security stages:
- An enterprise should start with a SWG to provide security coverage no matter where a user is located.
- Rework and revitalize a data loss prevention (DLP) policy. Lay out where data can be stored, how it can be used, and who can access it.
- Increase visibility into assets across the computing environment. Without clear visibility, security teams do not know what to protect or where the real threats lie. This is especially true in multiple cloud environments that use both public and private cloud offerings.
- Add a CASB data authentication layer and encryption points to protect applications on the cloud, establish control, and improve visibility.
- Adopt a ZTNA mindset that assumes no one is trusted and access to resources is given on a one-at-a-time determination.
None of these changes are an easy lift for companies, so adopting the SASE architecture with the proper security controls in place will take time and resources. For skittish organisations or those with limited resources, even a partial implementation will yield the many benefits of SASE and put companies in position to meet the requirements of modern-day business.
On your journey to SASE, do not forget to put a premium on the user experience. That is what the journey is all about; protecting productivity by giving employees, administrators and others access to the applications and tools they need to do their jobs, no matter where they are, without the friction that security can often cause. That is good business!!!
Ready to take the first step in your SASE journey? Get in touch with our team to set up a session to discuss our approach.