August 24, 2023
Secure Access Service Edge (#SASE) is a concept introduced by Gartner in 2019 which combines network and security capabilities as a service, based on the identity of device or entity, and real-time context. A SASE architecture streamlines network access and improves the adherence to security and compliance policies by identifying users and devices using policy-based security.
In today’s digital environment, as cloud-native applications and SaaS are increasingly adopted by organizations, we are seeing a surge in corporate data being stored in cloud-based systems. It is foreseeable that in the future, organizations will adopt hybrid clouds – combining public cloud, private cloud, and on-premise environments. In these hybrid cloud environments, there is less visibility on the data outside of the corporate network which heightens the need to secure access to data and applications.
With the goal being to access data and applications when accessing the network, it creates a natural extension in the need for SASE to protect these resources. Without data-centric security controls, major vulnerabilities can arise due to the lack of structured and unstructured data being protected. This drives the need to extend SASE to safeguard data resources. What is that? Is that SASE 2.0?
Instead of SASE 2.0, should we call it #DASE? Data Access Service Edge.
DASE would extend beyond the concept of SASE by securing data access using zero trust principles. It would provide organizations the ability to strengthen data security by controlling the access to sensitive information through dynamically enforced policies that enable least privileged access. This DASE approach would leverage on attribute-based access controls (#ABAC) and dynamic authorization technologies to assess risks and alleviate threats to data within the network and cloud. In addition, DASE would incorporate fine-grained data-level security controls, such as dynamic data masking and data segregation, to control the access to critical data.
With the increase in virtual and remote workforce, access to critical data are need for more stakeholders who are geographically distributed. This makes it difficult and risky to not apply additional layer of control to secure access to the sensitive data.
How can DASE make it more efficient for users to get access to data? DASE applies zero trust principle to control access dynamically on each data access request. DASE can automate controls to protect data using a dynamic authorization policy engine, therefore simplify and streamline risk assessment process. As the result, organizations will be able to embrace automation to scale, reduce errors, and allow business to handle high volume of data access request while meeting ever-changing business requirements. With this, critical information can be shared, and secure collaboration can be established between employees and external partners, increasing competitive agility.
Ultimately, as organizations pivot to the multi-cloud, SASE would need to extend beyond securing access to network environments to protect applications and data in a hybrid and multi cloud computing environments as well.
This is where I think SASE needs to go, do you agree? If not, what is your definition of SASE 2.0? How do you see SASE evolve to secure access to data? Here is the version 1.0 of the DASE paper, we welcome your contribution and feedback to the version 2.0 of this paper.