Redefining Cloud Security with SASE

Stop for a moment and think: what percentage of your Internet traffic ends up on websites or traditional browsing and what proportion on SaaS services? If we analyse it in detail, more than 85% of the volume of traffic that moves on the Internet ends up in a SaaS service. Having said this, is a proxy or a traditional firewall, whether on-prem or in the cloud, able to understand what is happening to the cloud applications that are being consumed? Be honest with yourself…

Traditional or legacy model-based security solutions are aimed at protecting the user in order to safeguard navigation and prevent the user from accessing malicious sites, downloading malware or clicking on a phishing site. These solutions also follow an “allow/deny” model, authorising the use of certain applications and blocking many others. However, at a time when the web world and SaaS have converged, this pattern no longer makes sense. Proxies and cloud firewalls are not enough to protect our information.

A conventional cloud proxy is effective in crashing or enabling cloud applications and web pages, but it does not work to decode at a low level what is happening in the SaaS application. In other words, it can provide basic information (i.e. a user connecting to OneDrive and uploading X Gb of data) but not provide detailed reports such as: Which specific instance did the user connect to? Which document was uploaded to that instance? Were they protected with IRM? Were the files subsequently shared with a third party? And so on.

The current situation forces us to protect not only the user’s web browsing, but also the data and, above all, to be aware of where the corporate information ends up. Beyond regulated SaaS applications, corporate information can end up on any website, unregulated SaaS service or IaaS instance. This is why the concept of the Next Generation Proxy Cloud, or NextGen Secure Web Gateway start to make their way.

First Step Towards a SASE Strategy

And what is this NextGen Secure Web Gateway about? Basically, it is a web browsing proxy service offered from the cloud, but unlike traditional services, it is capable of protecting browsing and controlling what users do in SaaS applications, in order to be able to read the information being transferred to them and apply controls within a context.

In short, we are talking about providing intelligence to the proxy, combining proxy, CASB, DLP and Threat Protection capabilities in a 100% cloud platform through which we will pass our users’ browsing traffic, when they are in the office, in an SD-WAN connected location or on the move.

In this way, the first thing that will happen when an employee opens his laptop is that he will be transparently connected to a control point on the Internet and, from there – after validation of the team’s security posture – all his SaaS activity will be monitored and his web browsing will be protected. Furthermore, if the user needs to access corporate resources located on the internal network in a safe way, this can be done through a Zero Trust Network Access model, which will provide secure remote access from that interconnected network to the internal resources. This approach of uploading security features to a new 100% cloud perimeter matches with the SASE “Secure Access Service Edge” model that is trend nowadays. But in order to provide cloud security services, it is necessary to have an Edge that supports it.

Nowasays, NewEdge operates with present points in 40 regions (including Madrid, São Paulo, Buenos Aires, Santiago de Chile, Bogotá, among others), and new datacenters are added every month. NewEdge is designed to scale to over two terabits per second at each present point and is capable of handling online traffic of hundreds of millions of users. With extensive peering with cloud services, CDN, Software as a Service (SaaS), as well as Infrastructure as a Service (IaaS) representing over 300 network adjacencies, NewEdge is now the world’s best-connected network for delivering data security with a native cloud platform.