Transcription
Secure Access Service Edge (SASE)The shift to migrate data and applications to the cloud provides clear benefits such as lower cost, improvedperformance, and enhanced agility but also presents a set of unique challenges. Legacy architecturesslow down the business, the visibility of threats becomes limited and complex ecosystems of securitycan be overwhelming and costly to manage. Secure Access Service Edge is a model that provides theright path for many organizations to modernize their enterprise for security, speed, growth, and costreductions. Accenture and Palo Alto Networks have defined four ways organizations can embracedigital transformation and deliver cybersecurity success with SASE.Palo Alto Networks Secure Access Service Edge (SASE) White Paper1
Moving Your OrganizationConfidently into the Future withSecure Access Service Edge(SASE)Networking and security infrastructures are the backbone oftechnology for all organizations. Yet, business leaders all toooften overlook the impact IT architecture has on their abilityto drive the business, become nimble, operate seamlessly,reduce complexity, and mitigate risk.In recent years, there has been a large shift to migrate dataand applications to the cloud based on benefits such as lowercost, improved performance, and enhanced agility. However,this move from enterprise data centers to the cloud bringsunique challenges:1.2.3.Legacy architectures slow down the business: Existingnetwork approaches and technologies cannot provide theperformance needed for the workforce dynamics of today.Traffic patterns have changed, and the way data movesthrough the network does not address today’s applicationconsumption needs. Enterprises must be able to deliveruninterrupted access for their users, wherever they maybe around the globe, without sacrificing cybersecurity.Moving data and applications to the cloud limits visibility :Securing data and applications in the cloud requiresorganizations to have complete visibility of risks andthreats – specifically, visibility to traffic at rest, in transit,and in the cloud. With increased remote use, softwareas-a-service (SaaS) applications, data in the cloud andtraffic going to the public cloud, it becomes more difficultto track and to ensure consistently enforced securitycontrols. This emphasizes the need for deeper visibilityand control – and the need to introduce efficiencies toreduce operational cost.Inherent complexities can be overwhelming and costlyto manage: Enterprises are struggling to manage highlycomplex ecosystems, due to a plethora of security andnetworking tools. These complexities often result inmisconfigurations and gaps in security. The lack ofefficiencies tied to integrating these solutions makes itdifficult and expensive to manage, with little visibility toapplication context and performance.In an evolving business environment, change isinevitableTo stay competitive, organizations must decide how torespond and navigate transformations around businesssupport systems, data centers, cyber security, remoteworkers, data, analytics and maturing technologies such asartificial intelligence and machine learning. While this pathcan be daunting, inaction is not an option. The time to moveis now.Secure Access Service Edge (SASE) White PaperCybersecurity and innovation must go hand in hand:71 percent of executives surveyed said cybersecurityconcerns are impeding digital innovation, with a full75 percent admitting their IT spend isn’t aligned withbusiness growth.1Start with a strong foundation:SASESecure Access Service Edge is a service model that providesthe right path for many organizations to modernize theirenterprise for security, speed, growth, and cost reductions:The SASE service model can reduce costs (by as mu ch as 40percent2), increase application performance and improve userexperiences, while reducing complexity.These advantages illustrate why SASE is a transformationenabler and accelerator, helping companies create newbusiness models and platforms that can generate revenuefrom new products and services. It frees us from theconstraints of legacy systems and enables companies tosecurely embrace a cloud and mobile-driven world. It alsosaves organizations from making a potentially fatal mistake:shifting their problems from the data center to the cloud.Prior to the evolution of SASE technologies, organizations wereforced to choose between performance, security, and cost,often having to optimize for a single factor. This ultimatelyhampered speed to market. Leveraging the SASE service modelremoves that need for compromise and allows the business togrow securely, while lowering operational cost.What is SASE, exactly?Digital transformation and adoption of mobile, cloud andedge deployment models have fundamentally changed theway traffic moves on the network, relegating the networkas we know it today to true ‘legacy’ status. SASE offersall the benefits of as-a-service cloud-hosted delivery,including plug-and-play implementation, fast optimization,scalability, lower total cost of ownership, and hands-freeupgrades and maintenance. Instead of considering mobileaccess, cloud access, and site access as separate issues, SASEputs it all into a single global solution. With this service model,businesses no longer need multiple security policies. There isone policy — for protecting against network-based threats.In essence, SASE is the convergence of wide area networking(WAN) and network security services like CASB, FWaaS andZero Trust, into a single, cloud-delivered service model.As described by Gartner, it provides cloud-delivered,identity driven, any device/anywhere access by convergingnetworking and security services into one unified, clouddelivered solution. See Figure 1.2
PublicCloudSaaSHQ/DataCenterInternetSecurity as a Service LayerSASESSL DecryptionCASBZTNACloud SWGSandboxingDLPDNSFWaaSNetwork as a Service LayerSD-WANIPSec VPNPolicy Based ForwardingQoSSSL VPNNetwork as a ServiceBranchRetailMobileFigure 1: Cloud-delivered Service ModelWhy it’s differentWith the number of devices connected to theInternet exploding – IDC forecasts up to 41.6 billionby 20253 – a prevention-based architecture with aNext Generation Firewall can simplify security anddeliver consistency with complete visibility.SASE is different (and better) because it focuses on the user,rather than the modus operandi of legacy systems of yesterday(and, unfortunately for many, today). It does this by helpingorganizations become: Identity-driven: Employing a least-privileged, Zero Trustmethodology and enabling the strict enforcement of accesscontrol, SASE enables interactions to be controlled withinall resources, based on attributes such as application access,user and group identities and the sensitivity of all data. Itmakes security pervasive. Cloud-based: As a cloud-native architecture and platform,SASE embeds the agile, holistic, adaptive, self-updating andsecure capabilities of cloud without the need to maintainon-premise infrastructure. It is an efficient, flexible andeasily adaptable way to serve all business needs regardlessof location. Streamlined: SASE includes the delivery of networking andsecurity services for traffic directed to the internet, cloudapplications and/or the data center with faster provisioningof new services. This means, for example, that SD-WANappliances support physical network edges (i.e., branchoffices) while mobile clients and clientless browser accessgives users on-the-go secure access to the internet. Globally distributed: With true low-latency service to allenterprise network edges, SASE makes the theory of globalwork and distribution a productivity-enhancing reality.Secure Access Service Edge (SASE) White PaperThe BenefitsThe SASE service model offers three key benefits:1.Rapid transformation: Critical business applications areincreasingly SaaS and cloud-hosted, estimated to accountfor 80 percent of enterprise applications by 2022.4 Inaddition, networks are rapidly becoming, by necessity,perimeter-less, to give users secure access to cloudbased applications from any location. SASE eliminatesthe need for appliances to support separate security andnetworking stacks and simplifies management of theinfrastructure. With cloud-based services from diversegeographical locations replacing slow, expensive MPLSnetworks with SASE’s SD-WAN (anticipated to increaseby 168 percent over the next five years5) secure networkaccess will improve dramatically. As a result, employeescan work unencumbered by network latency, securelyaccessing the tools and information they need.3
2.3.Enhanced security: To improve security within theenterprise, organizations must increase end-to-endvisibility. The average large enterprise is trying tomanage as many as 130 separate security tools, includingaging and slow virtual private networks (VPNs).6 Inthis scenario, it’s easy to see that the risk can increaseexponentially. SASE’s simplicity enhances securityby providing visibility across the entire environment,delivering fully integrated, high performance, all-in-onesecurity policies that eliminate gaps and redundancies.Immediate and continuing savings: Reducing the numberof vendors, tools, and technology stacks means SASE cansave organizations up to 40 percent of their current WANbudgets allocated to security and network access.7 Bylaying the foundation for stronger cybersecurity, it canalso provide significant operational cost and incidentavoidance ROI. SASE also provides the flexibility toeasily spin up or down a remote office/branch, aligningtechnology and security with business cycles.Future investments in security technologies andservices need to drive efficiency and not be a knee-jerkreaction to an accelerated remote-work migration.Security leaders should be smart about investing ina comprehensive, sustainable architecture. A wrongchoice could waste investment dollars and exposebusinesses to significant security threats.Four keys to transformationAccenture has defined four ways organizations can embracedigital transformation and deliver cybersecurity successwith SASE. While each is important, all four can be addressedat once or they can be approached uniquely. This flexible,step-by-step, meet-an-organization-where-it-now-standsapproach helps tremendously regarding budget, leadershipbuy-in and laying a proven foundation for success.1.The foundation for a digital transformation is migratingto a secure virtualized private cloud, based on a Zero Trustmethodology, to further secure business assets.2.This is followed by network consolidationoptimization to align assets with business needs.3.Now the stage is set for secure network modernizationwith visibility and simplification of the network. Thispaves the way for automation to expand business services.4.This is when organizations are truly ready to leverageSASE, while also gaining business agility throughanalytics and automation.andAt least 40 percent of enterprises will have explicitstrategies to adopt SASE by 2024, up from less than1 percent at year-end 2018.8Quantifying the ROI of cybersecurityNew Accenture methodology enables organizations to make far more informed decisions about the benefits of their investmentsin cybersecurity. For example, when Accenture calculated the costs vs. risk reduction associated with adding user activitylogging, the mitigation ROI was calculated at 356 percent. (See the graphic below for sample security risk ROI estimates).Prioritized Recommendation Details for Strategic Cyber Risk ManagementBusiness ApplicationControl RecommendationChange inP(L)RiskReductionCost toImplementMitigationROIProduct Line #1 ApplicationsAdd Hardware token basedauthentication-3.77% 4.7M 2M135%Product Line #1 ApplicationsAdd Software token basedauthentication-1.55% 1.93M 500k286%Product Line #1 ApplicationsAdd Biometric authentication-1.55% 1.93M 1.5M29%Product Line #1 ApplicationsAdd automatic log monitoring-1.37% 1.71M 500k242%Product Line #1 ApplicationsAdd logging of user activity-0.91% 1.14M 250k356% The table above outlines the top recommendations output from Risk Quantification Risk reductions are created by computing the change in P(L) that controls effect That change is applied to the expected loss, which is used to calculate ROISecure Access Service Edge (SASE) White Paper4
How to get startedAbout AccentureGartner calls upon security leaders to embrace the ContinuousAdaptive Risk and Trust Assessment (CARTA) strategicapproach. An initial step in implementing CARTA is adoptingZero-Trust. We can help you get started by assessing thereadiness of your environment to adopt a Zero Trust strategyand start your journey to enabling an easier control of users,data and devices traversing your networks.To schedule your assessment and learn how Palo AltoNetworks and Accenture can help you use SASE todrive transformation in your organization, reach out toaccenture@paloaltonetworks.com.Accenture is a leading global professional services company,providing a broad range of services in strategy andconsulting, interactive, technology and operations, withdigital capabilities across all of these services. We combineunmatched experience and specialized capabilities acrossmore than 40 industries — powered by the world’s largestnetwork of Advanced Technology and Intelligent Operationscenters. With 513,000 people serving clients in more than 120countries, Accenture brings continuous innovation to helpclients improve their performance and create lasting valueacross their enterprises. Visit us at www.accenture.com.About the authorsAbout Palo Alto NetworksThis whitepaper was jointly developed by Palo Alto Networksand Accenture Security.Palo Alto Networks, the global cybersecurity leader, is shapingthe cloud-centric future with technology that is transformingthe way people and organizations operate. Our mission isto be the cybersecurity partner of choice, protecting ourdigital way of life. We help address the world’s greatestsecurity challenges with continuous innovation that seizesthe latest breakthroughs in artificial intelligence, analytics,automation, and orchestration. By delivering an integratedplatform and empowering a growing ecosystem of partners,we are at the forefront of protecting tens of thousands oforganizations across clouds, networks, and mobile devices.Our vision is a world where each day is safer and moresecure than the one before. For more information, visitwww.paloaltonetworks.com.Working through a strategic partnership, Palo Alto Networksand Accenture Security offer multiple solutions around andbeyond SASE: Cybersecurity, Managed Security Services,Network Optimization and Transformation Services,Security Operations & Optimization Services, ComplianceStrategy/Risk management, Endpoint Security and NetworkTransformation.1. 2. -misconceptions-need-more-explanation.html3. https://www.idc.com/getdoc.jsp?containerId prUS45213219#: :text a%20New%20IDC%20Forecast&text %20data%20in%2020254. d-by-2020/#635a1e2f62615. -expected-to-increase-168-percent-by-2024#: :text de,surpass%20%243.2%20billion%20in%2020246. ools7. -misconceptions-need-more-explanation.html8. 3000 Tannery WaySanta Clara, CA 95054Main:Sales: 1.408.753.4000 1.866.320.4788Support: 1.866.898.9087www.paloaltonetworks.com 2020 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. A list of our trademarks can be found rks.html. All othermarks mentioned herein may be trademarks of their respective companies.PANW WP Accenture SASE
Palo Alto Networks Secure Access Service Edge (SASE) White Paper 1 Secure Access Service Edge (SASE) The shift to migrate data and applications to the cloud provides clear benefits such as lower cost, improved . IPSec VPN SSL VPN Policy Based Forwarding Network as a Service SaaS Public Cloud Internet H/Data Center
