With more than 40% of companies globally planning to have adopted secure access service edge (SASE) before the end of this year, South African organisations must consider embracing this technology as a means to reduce the complexity of their existing cybersecurity environments.

By Brendan Maccarron, Palo Alto Networks channel manager at Westcon-Comstor Sub-Saharan Africa

SASE sees the convergence of WAN and networking security services like CASB (cloud access security broker), FWaaS (firewall as a service), and Zero Trust into a single, cloud-delivered service model. While Gartner cautions that the market for well-architected single-vendor SASE offerings is still immature, it is developing quickly as corporate interest grows, given the rapidly evolving cyber threat landscape.

The research firm has found that demand for single-vendor SASE tends to come from smaller companies that do not have strongly siloed network and security teams. Typically, these businesses require different capabilities to access best-of-breed solutions across their entire environment in the same way larger organisations do.

Considering how much of South Africa’s economy is driven by the small to medium business (SMB) sector, SASE has the potential to become a vital enabler to drive meaningful security improvements in the local digital environment.

High-performing security

Given how hybrid work has become normalised and how many South African businesses are looking to start trialling the four-day work week from 2023, how cybersecurity is managed must be reinvented.

Legacy VPN and Zero Trust Network Access (ZTNA) fall short of protecting these workforces. Cloud-first companies must provide direct-to-app connectivity while reducing the attack surface without impacting performance or the user experience.

This is where SASE and ZTNA 2.0 combine to protect remote employees while not compromising on security or the ability of these workers to still manage their day-to-day tasks. The ideal SASE solution is purpose-built in the cloud to secure at scale while protecting all application traffic with best-in-class capabilities.

It comes down to securing both access and data to reduce the risk of a breach. An example of this can be found in the Palo Alto Prisma Access solution that features a common policy framework and single-pane-of-glass management to secure the hybrid workforce while delivering on stringent service level agreements.

Implementation considerations

However, SASE is not an off-the-shelf solution that can be plugged into existing infrastructure environments. The journey begins with selecting a single-vendor SASE offering that provides single-pass scanning, a single unified console, and a data lake to cover all functions while improving the user experience and staff efficacy.

Gartner suggests that the organisation should evaluate a single-vendor SASE offering, along with two explicitly partnered vendors and managed SASE offerings, to provide the most flexibility in selection and timing.

Additionally, the team responsible for the SASE implementation must rank the requirements based on what is mandatory versus what is preferred or optional. Finally, the business needs to run a functional pilot with real-world users and locations before deciding on a single-vendor SASE offering.

This will help demonstrate the solution’s capabilities in the practical, day-to-day scenarios that users are likely to face.

Securing the hybrid workforce

ZTNA 2.0, when delivered in conjunction with a single-vendor SASE solution, can provide local organisations with the means to manage least-privileged access. This enables precise access control at the application and sub-application levels. Furthermore, it will result in the means to verify trust continuously. For instance, after access is granted to an application, continuous trust assessment continues based on changes in device posture and user and application behaviour.

Much of this comes down to being able to protect all organisational data. ZTNA 2.0 and SASE provide consistent data control across all applications, including private and SaaS applications. This is done through a single data loss prevention (DLP) policy.

SASE-first

With more local companies looking to accelerate their digital transformation plans heading into 2023, resilience, workforce flexibility, and seamless connectivity have become some of the key priorities for business and technology leaders.

This has contributed to an increasing interest in adopting cloud-delivered security and networking solutions capable of providing low latency, high performance, and superior security. Of course, these SASE-enabled offerings must keep connections up especially given the growing hybrid workforce.

If the past few years have highlighted anything, then it is the need for companies to have a more resilient infrastructure; to take care of their connectivity concerns while still safeguarding mission-critical data and systems.

By combining ZTNA 2.0 and SASE into a single solution, companies can ensure protection wherever employees are located. This combines encrypted application access, authentication, policy management, and threat detection. SASE can no longer be ignored. Local businesses must determine how best to integrate this new approach into their cybersecurity and data resilience strategies to protect them in a cloud-driven market.