Intelligent CISO Issue 50 | Page 34

We ’ ve seen attackers are moving to host their phishing pages on known and well trusted cloud applications .

We ’ ve seen attackers are moving to host their phishing pages on known and well trusted cloud applications .

2 . Centralising policies and configuration requirements
3 . Assessing how you can rollout new security services faster
4 . Ensuring that the employee gets a better user experience and performance
5 . Making sure required metrics for the security team are available 6 . Looking at reducing total cost of ownership . That ’ s usually achieved through a consolidation of these controls .
How can organisations change their approach to remedy these challenges ?
Security Service Edge ( SSE ) – an iteration around SASE – is one of the best-known architectures for modernising a security programme .
Gartner has highlighted that the growth rate for SSE is around 30 % year on year and in the next three years , over half of organisations will have a specific strategy around this .
It ’ s something that organisations are really focusing on right now . Looking at frameworks , architectures and how they can measure those benefits in the six areas I mentioned .
What are the business and security benefits of a Security Service Edge ( SSE ) approach ?
Every employee wants a better user experience . There ’ s always going to be a demand for employees to have more freedom and more flexibility so they can choose the devices they use , as well as the services they consume . They don ’ t want to be restricted based on legacy architecture . For most organisations , it ’ s also about understanding their use of the cloud .
This also helps from a business benefit perspective because it helps focus on cloud governance . When data sits on a service , a platform or a server you don ’ t actually own , you have to start thinking about cloud governance . With SSE , you ’ re more appropriately managing the data where it ’ s residing and can understand who has access to this information , ensuring that data – a true business value asset – is protected .
Where do organisations start if they want to transition to this approach ?
There are usually two approaches – the most common is where an organisation has an existing web gateway . They may have also invested in a Cloud Access Security Broker ( CASB ) to manage their cloud applications and services . Usually , the goal is to combine those , consolidating their web gateway and CASB . This is key for inline security , performance improvement and day-today security management . That ’ s the first approach .
The second could be found in an organisation that has a Zero Trust initiative and is looking to move away from a reliance on a VPN . In these situations , it ’ s looking at a VPN replacement or a Zero Trust Network Aaccess ( ZTNA ) capability that returns control and allows access to on-premise or legacy apps , without having to rely on a VPN .
How does this approach bridge the gap between security and business functions ?
We ’ ve seen new use cases being created from the additional visibility that organisations get when they start more effectively managing web and cloud services . Security teams can offer insights and share this information with a procurement team , for example , and can ensure that their purchase of cloud apps and infrastructure goes through the
correct methods , using marketplaces . The benefit of this is that when you purchase through a marketplace , you ’ re enrolled in a reward scheme .
One organisation we worked with estimated its savings would be more than 30 % of its annual spend on cloud services – considering that annual spend was an eight-figure number that ’ s a huge saving .
This helps from an organisation perspective marrying the need between good security ; reducing risks ; better user experience ; better control ; better capability ; but also sharing visibility with business functions ; streamlining processes and reducing the overall spend on cloud .
What is your best practice approach for organisations
34 www . intelligentciso . com