The architecture called secure access service edge (SASE; pronounced
“sassy”) is the proven way forward.
Chapter one focuses on the vision, how SASE can secure an enterprise. One assumption here is, no enterprise can avoid SaaS apps/services, if you want to be competitive, but old security mechanisms can cope with that challenges. In this chapter the starting building blocks for SASE are enumerated:
- SWGs (Secure web gateways)
- CASBs (Cloud access security brokers)
- ZTNA (Zero trust network access)
- DLP (Data loss prevention)
and then some others are added like FWaaS and RBI (Remote browser isolation). All these tools are summarized under "Security Service Edge" (SSE). The end of the section focuses on the discussion if SSE and SDWAN has to be delivered from one vendor or if a dual vendor approach will work as well.
The title of chapter 2 is "Bringing SASE to Life with SSE and SDWAN": and the proposal here is, that security and network performance will enhance each other within SASE. The chapter is divided in to parts: looking into the SSE part and the into the networking part. For the SSE part the identity is key and the integration of all the different building blocks (s. enumeration above) with advanced thread protection (ATP). The SDWAN part is from my perspective somehow an advertising of netskope.
Chapter 3 is named "Empowering People through SASE". A summary of this section can be given with the following quote:
But security is also about shielding your staff from themselves —
guarding against the mistakes, temptations, negligence, and errors
of judgment that can do irreparable harm. This is critical in a land-
scape where more than 85 percent to 95 percent of cybersecurity
incidents are attributable to human error, according to research
from Tessian and IBM --- SASE is a powerful tool for navigating these
waters, removing restrictions on your people while empowering
them to work safely in new ways.
Key for empowering SASE is context - every action is examined and based on user behavior activities can be taken to prevent attacks, etc..
"Protecting data and applications" is the fourth chapter of the book. The promise of SASE is, that traffic is not simply blocked or allowed - there a context aware policies possible and there are less tools, which have to be configured and integrated.
Chapter 5 is a 10-step guide, how to implement SASE in your enterprise. These steps vary from "gain awareness" to "optimize network performance". From my perspective a good checklist to start from.
Overall i liked the clear structure of this book. Every section starts with 5 key phrases, what you can learn in that section. There are many comparisons drawn with castles, modern homes or airport security or .... That is really a good idea and makes it much more understandable. Maybe the following snippets shows, why this book was sponsored by netskope:
