Cybersecurity Essentials: Cloud Security and SASE

Traditionally, network security was pretty straightforward. Employees tended to work in locations with physically defined network perimeters, such as an office building with a data center. Even when users connected to public cloud services in these circumstances, data had to flow through on-premises firewalls and proxy network security appliances before reaching Enterprise applications.

The new era of mobile workforces and bring-your-own-device (BYOD) policies renders this security model irrelevant. Workers are using cloud-based apps from their homes, on trains, planes, busses, in coffee shops, and many other locations where a physical network perimeter would be impossible to maintain. The data leaving their devices travels on public networks, and organizations can’t direct it through company-owned firewalls and proxies. Network security solutions must, therefore, be able to protect data both at the level of the individual device and while it is in motion, a challenge that is much more complicated than simply protecting a well-defined physical network.

Addressing the security challenges posed by distributed, mobile workforces calls for a new service model that Gartner has named “Secure Access Service Edge (SASE).” This new approach shifts the focus of network security to the individual user’s identity and/or device, rather than a traditional data center.

SASE can seamlessly integrate with SD-WAN while simultaneously providing the cyber-security functions required by this type of WAN.

This model works very well for remote users, wherever they may be, with an agent that it is deployed to the user’s devices making sure to protect that traffic too. Just as cloud-based applications allow for greater flexibility on the part of the user, cloud-based security allows for a flexible application of security measures. This allows all data to be secured from anywhere, anytime.

Network security delivered in the cloud also lacks the bandwidth restrictions of an on-premise, appliance-based approach. Security appliances have throughput limits that govern the amount of data they can process and secure before becoming completely saturated and slowing down connections. With SASE, the compute and processing power available is not limited by any physical constraint and can scale on-demand as needed. A containerized approach allows for low latency and fast connections, with the ability to take advantage of horizontal scaling to process high volumes of traffic.

When evaluating cloud-based network security platforms, it’s critical that the platform is able to deliver the same functionality and reliability found in on-premise firewalls and proxies. When deploying SASE for customers, Meriplex leverages the iboss cloud platform. This containerized architecture allows both the stream-based security functions found in firewalls and the file-based security functions found in proxies to be delivered via a SaaS solution in the cloud, thus reducing costs and complexity.

Traditional data centers are unsuitable for today’s network security needs due to bandwidth and scalability limitations. Delivering the network security capabilities of on-premise solutions via cloud-based SaaS requires the ability to secure network traffic from anywhere, at any scale. Netrality’s interconnected colocation data centers, located at the edge – the periphery of the network – enable SASE solutions to encrypt and secure massive volumes of data without ever having to worry about latency or disruption. Contact us for more information.

Andres Ruz, Director of Information Security
Andres has over 20 years’ experience in IT and Information Security and leads the Product Security team at Meriplex. He has an MBA in MIS, a Bachelor’s in computer science and six certificates in Information Technology Management and Security. He is also the Sector Chief for the Telecommunications Cross Sector Council (CSC) of the InfraGard with the FBI.