Gartner: Why CISO’s Need Cloud to Secure the Network

By Lawrence Orans, Research Vice President, Gartner.

  • Monday, 25th May 2020 Posted 4 years ago in by Phil Alsop

Chief information security officers (CISOs) need a new way to secure networks, while avoiding any disruption to a company’s employee experience. Meet Martha, a salesperson, who prides herself on being an “always on the move” digital worker. She often accesses sensitive data on her managed device at airport lounges while preparing for the next meeting. She also surfs the internet, checks her social media feeds while updating her personal blog.

 

This type of connected employee, while a boon to the organisation, can be a nightmare to the CISO. Martha is not only exposing critical data to unknown networks while using WiFi services in public area. She is also exposing her company’s network to possible threat exposures through external websites. In a modern cloud-centric digital business, the need to access information anywhere and everywhere is a top priority. And in a modern office environment, the lines between professional and personal activities is blurring.

 

Due to the recent shifts in the technology landscape, the adoption rate for secure access service edge (SASE) offerings is as low as 1%. SASE supports the need for dynamic secure access. It delivers services and policy enforcements on demand, independent of location or the entity requesting the service.

 

SASE is in the early stages of development and its evolution is driven by the pace of digital transformation of businesses, mobile workforces and adoption of edge computing. It offers security and network professionals the opportunity to completely rethink and redesign network architectures over the next decade.

 

However, the adoption rate for SASE offerings is low. Before implementing SASE, security and risk management professionals must consider a few specific actions:

1.       Be a part of planning meetings: Include network security services when building the IT architecture of the organisation. Create a strong business case based on the network security requirements and capabilities while supporting vendor recommendations with independent research findings to select the most appropriate security capabilities.

 

2.       Consider short-term opportunities: Think about investing in small-scale projects. Start with specific digital-business-enabled projects and build on them as the requirements of the organisation expand or evolve. Invest in precise identity and application-aware access for unmanaged devices used by partners or contract employees.

 

3.       Involve leadership to drive transition: Bring in senior IT executives and lead network architects from the evaluation stages to establish buy-in early on in the shift to SASE. The change will require a cultural shift, as non-IT employees may be more comfortable with existing solutions and may resist moving towards SASE. Hence, involvement of leadership to drive a cross-functional change is necessary.

 

4.       Keep contracts short term: This is an emerging technology, and the licensing models are still in flux. Limit contracts to a maximum of one or two years. This provides the opportunity to test a wider breadth of offerings and eventually select what works best for the organisation’s needs.

5.       Avoid one-size-fits-all models: A large vendor may have SASE elements stitched together from multiple acquisitions and partnerships. However, one-size-fits-all solutions will not serve the desired purpose of delivering a single experience for your organisation.