SASE: Finally, a security blanket for government IT
- By Amit Bareket
- Jul 06, 2020
Breaches at government agencies, like the 2016 hack of the Office of Personnel Management, can be attributed to a convergence of multiple inescapable trends: The decentralized nature of the federal government and its digital infrastructure, the slow adoption of the cloud and bad actors attracted to valuable data. While there’s no turnkey solution to these problems yet, public sector IT teams have learned to defend against each of them. However, a contender has emerged in recent months that looks likely to provide a way for governments to batten down the hatches.
Integration with divergent data infrastructure
A top-notch data defense strategy revolves around managing IT infrastructure and the software applications deployed on top of it. Running opposite to this idea is that government agencies are typically free to build and launch IT systems within a silo in pursuit of specific goals, irrespective of what solutions other agencies are using.
Under these conditions, even the most stringent systematic effort to update the federal IT apparatus will fail. Hardware and software are hard to patch consistently, and some critical infrastructure is at the end of its lifespan, bereft of vendor support. The Cloud First and Cloud Smart programs attempt to address this reality by encouraging effective cloud adoption among the federal IT crowd, but if the same misguided and siloed approach is encouraged, agency programs will falter before they can take hold.
Public sector IT teams must have access to cloud security solutions that will easily integrate with any local or as-a-service resource and support the variety of tools and roles that are present within government offices.
When IT systems are so diverse, maintaining and securing them becomes a monumental task. Introducing cloud technology into the mix has helped agencies gain agility and improve defenses against outside attacks, but it doesn’t address the threat from inside.
Zero trust, while not a new concept in security, can counter insider threats by allowing IT to easily limit how deep users can get into any network and monitor and log their activities at all times. Zero-trust solutions might seem extreme, but data loss on the federal level is a zero tolerance game.
Gartner sees a solution for government IT
In 2019, Gartner described a solution that might check all of the public sector’s boxes. In a report entitled The Future of Network Security Is in the Cloud, the research company coined the term SASE, or secure access service edge, to describe a new cloud-based network security capability that is “a package of technologies … with the ability to identity sensitive data or malware and the ability to decrypt content at line speed, with continuous monitoring of sessions for risk and trust levels.”
Still an emerging technology, SASE would be deployed to the edge of networks as a service and incorporate the full range of security tools required to keep networks airtight against unauthorized access.
Relying on SD-WAN architecture, SASE is also hardware-free and helps IT administrators exercise greater control over network access from a single web panel. With integration directly into any cloud-based resource, agencies will be able to use SASE as a security umbrella under which their entire range of IT assets are covered -- no matter what or where they are. Because it’s consumed as a service, SASE is easily deployed to the edge of disparate networks.
The real reason that the government will be a relevant application for SASE, however, is zero trust. With the ability to quickly onboard resources and then segment access to them based on role, device and other granular identifiers, SASE makes it simpler to implement a least-privilege access policy for government employees. Because it limits how deep into the network any user can get, unless espionage occurs at the highest levels of access, it can be stopped.
Making public-sector waves
It’s important for the government to understand the potential of SASE, but given its newness, there is yet time. As the security space consolidates with new mergers, acquisitions and technology partnerships, SASE products will soon hit the market en masse and call attention to the problems they intend to solve. For governments, SASE will be difficult to ignore, as it can kill three birds with one stone: easy onboarding of disparate and misaligned systems under one roof; segmentation and zero-trust access to reduce exposure; along with integration with the cloud resources on which governments increasingly depend.
Government moves slowly, but once it embraces something new or switches course, it makes significant waves. SASE offers great promise for the public sector, which has large amounts of data to protect, and it will soon be commonplace, propelling a much-needed shift towards effective cloud security.
Amit Bareket is the CEO, of Perimeter 81.