Survey Shows Lack of Confidence in Network Security
A survey of 2,045 IT leaders found that, despite technological advances, the majority of respondents still don’t have much confidence in their network security.
The survey was conducted by Cato Networks, a provider of a secure access service edge (SASE) offering delivered via the cloud. The results revealed that, on a scale of one to 10, organizations that have not adopted SASE rated their ability to detect and respond to malware as a three. Unfortunately, respondents that have adopted SASE rated themselves as a four.
The Cato Network survey also surfaced additional issues that, in theory, should have been addressed by a SASE offering that optimizes bandwidth. Nevertheless, a full 67% of the survey respondents that have a SASE platform in place said they would add bandwidth to address cloud application performance issues. That compares to 61% of non-SASE platforms that responded similarly. A total of 19% of SASE users and 21% of non-SASE users also noted they purchase WAN optimization appliances.
Dave Greenfield, director of technology evangelism for Cato Networks, said the apparent lack of network security progress is directly attributable to the fact that while every vendor claims to offer a SASE platform or service, there is a wide discrepancy when it comes to security efficacy. In many cases, what is being described as a SASE platform is little more than a bundle of loosely coupled legacy network security technologies.
In contrast, there are comprehensive services through which all the elements of a true SASE platform are integrated within the same cloud-based management console, Greenfield said.
The term was originally coined by Gartner and described a cloud-delivered service that brought together networking and security offerings. Those offerings should include a firewall-as-a-service (FWaaS), secure web gateway (SWG), cloud access security broker (CASB) and zero-trust network access (ZTNA). In effect, it’s a secure software-defined wide-area network (SD-WAN). Gartner originally described SASE as an aspirational technology goal, because no vendor offered a complete portfolio at the time. Since then, vendors have added various elements to their so-called SASE portfolios; the problem is that some components are still missing or, if they are included, are managed by separate consoles.
In the wake of the COVID-19 pandemic, interest in SASE platforms increased sharply as organizations looked for ways to better secure remote and work-from-home IT environments. In most cases, those organizations are looking to SASE as a replacement for virtual private networks (VPNs) that have known vulnerabilities and that are complicated to manage.
The issue that IT organizations immediately face when shifting to a SASE platform is the degree to which they want to build and maintain it themselves rather than consuming a managed service. In the latter case, they also need to decide the degree to which that service will be managed by the provider or if they prefer to c0-manage certain tasks. Not all service providers, however, allow an internal IT department to co-manage a service alongside them.
It’s also not clear how rapidly SASE platforms and services will be consumed heading in 2022. Fundamental change within enterprise IT environments tends to happen slowly. However, given the current level of focus on network security today, this may be the year when remote access concerns spur more widespread adoption of SASE platforms and services.
