Everyone feels they have the magic cloud security answer, but many challenges need a broader perspective.
As a cloud architect, I’m astounded that cloud security is still so difficult. Identity access management (IAM) has been around for over a decade. Deep encryption services, key management, and, most recently, zero trust and secure access service edge are now available (SASE). It should be noted that the words zero trust and SASE are defined by Forrester Research and Gartner, not by organisations of security solution vendors.
Despite all of this security technology, security solutions are becoming increasingly complicated and difficult to manage as cloud installations get more complex. As technology and technological concepts (such as SASE) add additional large ideas to the challenge, the rise of cloud, Internet of Things, edge computing, and increasingly work from anywhere outpaces our capacity to offer functional and cost-effective security. Our deployments grow less secure, not more so.
Don’t get me wrong, I tell my clients all the time that enough time and money will solve all security problems. But no enterprise has unlimited money or time. The challenge is to define a framework of technology that can provide cost-effective, nearly optimized security solutions with the understanding that full optimization is impossible. The framework also needs to be flexible and remove operational complexity.
SASE and other big idea solutions are just conceptual at this point. Security providers promote SASE as the answer, but the actual solutions are still evolving and implementations are few and far between. According to Gartner Analyst Nat Smith, SASE is more of a philosophy than a checklist of features.
So, just what is SASE and will it save us?SASE combines SD-WAN and security capabilities and provides them on demand. Security policies are implemented and adapted to each user session depending on the connected entity’s identification, context (device behaviour), compliance regulations, and an ongoing risk assessment for each session.
Not to disparage SASE, zero trust, or any other projects in the works, but I believe we need 20 poor ideas to choose a few excellent ones. We’ve already had some bad ideas, so SASE and zero trust might emerge as the winners. Just keep in mind that security goods and/or concepts will not appear in your basket as a preset set of solutions.
We still have to piece together security technologies that may or may not be optimised for cloud and/or enterprise security installations. This implies that we must continue to rely on the expertise of the cloud security architect, as well as a number of disconnected security solutions that we hope will suffice.
We’re in the midst of a perfect storm: too many security issues remain unresolved, and the rate of cloud adoption continues to skyrocket. Something is about to occur. It’s time for some huge ideas from unexpected places. To weather this storm, a certain degree of leadership from the masses, thought leaders, and solution providers is required. And it has to happen soon.