SASE and what it can do for information security!

September 11, 2023

To talk about information security or cybersecurity is definitely not the easiest of tasks, as developments in this area seem to be happening at a speed that is difficult to keep up with. The cat-and-mouse race between hackers and information security experts is incessant and at a breathtaking pace. Something that appears to be novel today may already be outdated, because in another corner of the world a more efficient solution may have already been discovered or a flaw in the current solution may have been identified that makes it vulnerable.

There was a time, in the early days of the digital age, when the internet didn't even exist, and data subjects were only concerned with physical security of their stored data, thus implementing cameras (CCTV), armed security, locks and even safes. Later, with the adoption and popularization of the internet, attention shifted to the digital security of data storage, with the concepts of access control and cryptography gaining relevance.

But then came the concept of the cloud, which describes a system model that enables on-demand network access to a set of configurable computing tools, including networks, computers, tablets, cell phones, software, etc. The cloud model advocates some basic characteristics for it to be successful, namely on-demand self-service, location independence, Internet access from anywhere, customizable elasticity, concentration of resources and measurement of the service.

With the development of this concept, cloud models have been divided into three distinct types:

1. Software as a service in the cloud (SaaS) – use of a network to access applications from a host.

2. Cloud Platform as a Service (PaaS) – permission for customers to install their software in the cloud.

3. Infra-structure as a Service (IaaS) — renting of processing, storage, network bandwidth and other fundamental computing resources in the cloud.

Although a cloud system can be developed by a company for its own use, the high investment involved in creating and maintaining a data center, its servers and all the security measures necessary for its existence, justifies the demand for various companies that sell or charge for cloud infrastructure services, offering the security of their systems as the icing on the cake. On the other hand, the big challenge is to maintain an acceptable processing speed, since security measures generally imply a loss of processing speed.

With the arrival of cloud systems, there was a need to improve security measures, and in 2019 the concept of SASE (Secure Access Service Edge) emerged, which is a security system defined by Gartner, a renowned American information technology research and consulting company founded in 1979 by Gideon Gartner. The system is characterized by a converged network and security-as-a-service resources, including SD-WAN, SWG, CASB, NGFW and ZTNA. In this type of structure, security and network connectivity technologies converge on a single cloud platform to enable rapid and secure digital transformation.

Therefore, to better understand the scope of this concept, we need to understand each of the acronyms mentioned above, defined in detail in the table below:

INFORMATION SECURITY RESOURCE

MEANING OF THE RESOURCE

PURPOSE

SD-WAN

Software-defined Wide Area Network

It is a virtual WAN architecture that allows businesses to leverage any combination of carrying services—including MPLS, LTE, and broadband Internet services—to securely connect users to applications. Traditional WAN routers are replaced, as this technology provides dynamic, policy-based application path selection by relying on multiple WAN connections and supporting the chaining of services to additional services such as WAN optimization and firewalls.

SWG

Secure Web Gateway

It is a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces compliance with corporate and regulatory policies, blocking risky or unauthorized user behavior. These gateways should, at a minimum, include URL filtering, malicious code detection and filtering, and controls for popular web-based applications such as instant messaging (IM) and Skype. Native or integrated data leak prevention is also increasingly included.

CASB

Cloud Access Security Broker

It corresponds to on-premises or cloud-based security policy enforcement points, placed between cloud service customers and cloud service providers to combine and interpose corporate security policies as cloud-based resources are accessed. CASBs consolidate various types of security policy enforcement. Examples of security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention, etc.

NGFW

Next-Generation Firewall

These are deep packet inspection firewalls, adding defensive layers that go beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall. Thus, next-generation firewalls can recognize applications regardless of port, protocol, evasive tactics, or SSL encryption and provide real-time protection against a wide range of threats, including those operating at the application layer. Firewalls, up to this point, were limited to providing security based on certain ports and protocols.

ZTNA

Zero Trust Network Access

It is a new cybersecurity model that creates a logical identity- and context-based access boundary around an application or set of applications. Applications are hidden and access is restricted through a trusted agent. The agent verifies the identity, context, and adherence to the policy of the specified participants before allowing access and prohibits lateral movement anywhere else in the network. This prevents access to the application by anyone who has not been authorized and significantly reduces the visibility of someone carrying out any attack.

SASE, therefore, is made up of two sets of technology, including WAN Edge Services (SD-WAN) and Security Service Edge (ZTNA, SWG, CASB and NGFW) which together allow information security professionals to enable a user, device or server to connect securely from anywhere, via any carrying method.

SASE has therefore become an indispensable technology for companies using cloud systems, in order to guarantee adequate information security without compromising the processing flow of users accessing applications and data remotely.

No items found.

RECENT POSTS

Você sabe o que é a No Surprises Act? Entenda sua importância

October 7, 2024

SEC Combate Retaliação de Empresas Contra Informantes

September 20, 2024

CFM Intervém na Relação do Médico com a Indústria Farmacêutica e de Produtos Médicos

September 12, 2024

Do you know what the No Surprises Act is? Understanding its importance

October 7, 2024

SEC Combats Corporate Retaliation Against Whistleblowers

September 20, 2024

The Brazilian Medical Association Intervenes in the Relationship between Physicians and the Pharmaceutical and Medical Products Industry

September 12, 2024

Contracts and artificial intelligence: legal and ethical considerations

November 13, 2024

Digital Signatures in Contracts (Part 2)

November 5, 2024

Contractual dispute resolution: choosing the right mechanism

October 16, 2024

LINKEDIN FEED

Newsletter

Register your email and receive our updates

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

FOLLOW US ON SOCIAL MEDIA

Newsletter

Register your email and receive our updates-

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

FOLLOW US ON SOCIAL MEDIA

Licks Attorneys' Government Affairs & International Relations Blog

Doing Business in Brazil: Political and economic landscape

Licks Attorneys' COMPLIANCE Blog

SASE and what it can do for information security!

September 11, 2023
No items found.

To talk about information security or cybersecurity is definitely not the easiest of tasks, as developments in this area seem to be happening at a speed that is difficult to keep up with. The cat-and-mouse race between hackers and information security experts is incessant and at a breathtaking pace. Something that appears to be novel today may already be outdated, because in another corner of the world a more efficient solution may have already been discovered or a flaw in the current solution may have been identified that makes it vulnerable.

There was a time, in the early days of the digital age, when the internet didn't even exist, and data subjects were only concerned with physical security of their stored data, thus implementing cameras (CCTV), armed security, locks and even safes. Later, with the adoption and popularization of the internet, attention shifted to the digital security of data storage, with the concepts of access control and cryptography gaining relevance.

But then came the concept of the cloud, which describes a system model that enables on-demand network access to a set of configurable computing tools, including networks, computers, tablets, cell phones, software, etc. The cloud model advocates some basic characteristics for it to be successful, namely on-demand self-service, location independence, Internet access from anywhere, customizable elasticity, concentration of resources and measurement of the service.

With the development of this concept, cloud models have been divided into three distinct types:

1. Software as a service in the cloud (SaaS) – use of a network to access applications from a host.

2. Cloud Platform as a Service (PaaS) – permission for customers to install their software in the cloud.

3. Infra-structure as a Service (IaaS) — renting of processing, storage, network bandwidth and other fundamental computing resources in the cloud.

Although a cloud system can be developed by a company for its own use, the high investment involved in creating and maintaining a data center, its servers and all the security measures necessary for its existence, justifies the demand for various companies that sell or charge for cloud infrastructure services, offering the security of their systems as the icing on the cake. On the other hand, the big challenge is to maintain an acceptable processing speed, since security measures generally imply a loss of processing speed.

With the arrival of cloud systems, there was a need to improve security measures, and in 2019 the concept of SASE (Secure Access Service Edge) emerged, which is a security system defined by Gartner, a renowned American information technology research and consulting company founded in 1979 by Gideon Gartner. The system is characterized by a converged network and security-as-a-service resources, including SD-WAN, SWG, CASB, NGFW and ZTNA. In this type of structure, security and network connectivity technologies converge on a single cloud platform to enable rapid and secure digital transformation.

Therefore, to better understand the scope of this concept, we need to understand each of the acronyms mentioned above, defined in detail in the table below:

INFORMATION SECURITY RESOURCE

MEANING OF THE RESOURCE

PURPOSE

SD-WAN

Software-defined Wide Area Network

It is a virtual WAN architecture that allows businesses to leverage any combination of carrying services—including MPLS, LTE, and broadband Internet services—to securely connect users to applications. Traditional WAN routers are replaced, as this technology provides dynamic, policy-based application path selection by relying on multiple WAN connections and supporting the chaining of services to additional services such as WAN optimization and firewalls.

SWG

Secure Web Gateway

It is a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces compliance with corporate and regulatory policies, blocking risky or unauthorized user behavior. These gateways should, at a minimum, include URL filtering, malicious code detection and filtering, and controls for popular web-based applications such as instant messaging (IM) and Skype. Native or integrated data leak prevention is also increasingly included.

CASB

Cloud Access Security Broker

It corresponds to on-premises or cloud-based security policy enforcement points, placed between cloud service customers and cloud service providers to combine and interpose corporate security policies as cloud-based resources are accessed. CASBs consolidate various types of security policy enforcement. Examples of security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention, etc.

NGFW

Next-Generation Firewall

These are deep packet inspection firewalls, adding defensive layers that go beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall. Thus, next-generation firewalls can recognize applications regardless of port, protocol, evasive tactics, or SSL encryption and provide real-time protection against a wide range of threats, including those operating at the application layer. Firewalls, up to this point, were limited to providing security based on certain ports and protocols.

ZTNA

Zero Trust Network Access

It is a new cybersecurity model that creates a logical identity- and context-based access boundary around an application or set of applications. Applications are hidden and access is restricted through a trusted agent. The agent verifies the identity, context, and adherence to the policy of the specified participants before allowing access and prohibits lateral movement anywhere else in the network. This prevents access to the application by anyone who has not been authorized and significantly reduces the visibility of someone carrying out any attack.

SASE, therefore, is made up of two sets of technology, including WAN Edge Services (SD-WAN) and Security Service Edge (ZTNA, SWG, CASB and NGFW) which together allow information security professionals to enable a user, device or server to connect securely from anywhere, via any carrying method.

SASE has therefore become an indispensable technology for companies using cloud systems, in order to guarantee adequate information security without compromising the processing flow of users accessing applications and data remotely.

Related
No items found.

ABOUT US

Licks’ Blog provides regular and insightful updates on Brazil’s political and economic landscape. The posts are authored by our Government Affairs & International Relations group, which is composed of experienced professionals from different backgrounds with multiple policy perspectives.

Licks Attorneys is a top tier Brazilian law firm, speciallized in Intellectual Property and recognized for its success handling large and strategic projects in the country.

ABOUT US

Licks Attorneys Compliance’s Blog provides regular and insightful updates about Ethic and Compliance. The posts are authored by Alexandre Dalmasso, our partner. Licks Attorneys is a top tier Brazilian law firm, specialized in Intellectual Property and recognized for its success handling large and strategic projects in the country.

QUEM SOMOS

O blog Licks Attorneys Compliance fornece atualizações regulares e esclarecedoras sobre Ética e Compliance. As postagens são de autoria de Alexandre Dalmasso, sócio do escritório. O Licks Attorneys é um escritório de advocacia brasileiro renomado, especializado em Propriedade Intelectual e reconhecido por seu sucesso em lidar com grandes e estratégicos cases no país.

Follow Us on Social Media

Offices

Rio de Janeiro

Av. Oscar Niemeyer, 2000
9th floor, Aqwa Corporate
Rio de Janeiro RJ - Brazil
20220-297
Phone: +55 21 3550 3700
Fax: +55 21 3956 9444
info@lickslegal.com

Sao Paulo

Rua George Ohm, 230
Tower A CJ 112/113
Sao Paulo SP - Brazil
04576-020
Phone: +55 11 3033 3700
info@lickslegal.com

Brasilia

SH/Sul Zone 06, Unit A,
Complexo Brasil 21, Block E,
Rooms 515 and 516 – Asa Sul
Brasilia DF - Brazil
70316-902
Phone: + 55 61 3772 3700
info@lickslegal.com

Curitiba

Rua da Glória, 251, #601
Centro Cívico
Curitiba - Brazil
80030-060
Phone: + 55 41 2391 0680
info@lickslegal.com

Tokyo

Chiyoda Kaikan Bldg, 6F, 1-6-17
Kudan Minami Chiyoda-Ku
Tokyo - Japan
102-0074
Phone:+81 3 6256 8972
Fax:+81 (03) 6740 1453
japan@lickslegal.com

© Copyright 2024 Licks Attorneys

Selo COVID-19 FIRJAN e Albert Einstein
Covid-19 Safe Certified Office