Traditional network security is now obsolete, because the internet is the new network, and it works differently. This concern is especially important today as nearly two-thirds of organisations worldwide have seen an increase in cyberattacks, and about half experienced a breach.
Simply put, corporate users need a newer, more secure way to access cloud applications.
IT security firm Lookout seeks to address this by providing the enterprise with options in the endpoint-to-cloud security variety. The most prominent of these are security service edge (SSE) and secure access service edge (SASE).
To gain more insight on these frameworks, Frontier Enterprise spoke to Jim Dolce, Chief Executive Officer of Lookout. We asked him all about SSE, such as why IT decision makers should implement these concepts, how such technologies will be implemented in the future, and how SSE adoption is faring in Asia-Pacific.
In 2021, Gartner defined the concept of SSE, which aims to build a better security infrastructure amid the increase of cloud threats. How is it different from SASE?
SASE was a concept conceived in 2019 when organisations were struggling with new data security requirements that emerged from greater adoption of cloud technologies.
SASE combines a software-defined wide area network (SD-WAN), a secure web gateway (SWG), firewall as a service (FWaaS), a cloud access security broker (CASB) and zero-trust network access (ZTNA) into a single, unified architecture. It converged security and networking architecture in a world where the use of cloud apps is ubiquitous and fundamental to business. The SASE framework outlines all the essential technologies, as well as how they should be integrated and delivered.
SSE is the idea of consolidating security technologies in the cloud to reduce complexity and enhance data security as employees access the web, cloud services, and private apps from anywhere, a trend that exploded over the last two years. SSE can support hybrid work by replicating the security services that companies once had in their perimeters and transitioning them into the cloud.
Gartner defines SSE as a collection of integrated, cloud-centric security capabilities that facilitates safe access to websites, SaaS apps, and private apps. A comprehensive solution incorporates a complete set of technologies that organisations need to provide employees, partners, and contractors secure remote access to applications, data, tools, and other corporate resources, as well as the ability to monitor and track behaviour once users access the network. SSE provides the security service elements of a comprehensive SASE strategy. SSE capabilities combine access control, threat protection, data security, security monitoring, and acceptable use control functionality into a single strategy.
The gist of it is that SSE is the convergence of security technologies inside the SASE framework, whereas SSE focuses more on security capabilities and less on network connectivity and infrastructure.
Why should CISOs adopt SSE? What are the benefits of doing so? What are the disadvantages?
The expanding digital footprint introduces security gaps and blind spots, which are fertile ground for attackers — and one of the key areas of exploitation for a malicious attack. COVID-19 and the shift to remote working accelerated the move to the cloud by as much as five years, while security capabilities are playing catch-up.
As the head of overall security operations, CISOs need to keep abreast of present and future security threats. With these threats appearing on multiple attack surfaces, cloud networks and devices, SSE has become the necessary framework to tackle the new climate of cyberattacks. It is ultimately the responsibility of the CISO to work with their board of directors to allocate resources to effectively protect corporate data stored across multiple cloud platforms. Deploying a unified SSE service will not only secure sensitive data, but also boost an organisation’s productivity and bottom line.
A complete and unified stack of security services allows organisations to, firstly, provide a secure and productive environment for a hybrid workforce, and secondly, modernise IT with a cloud-delivered unified platform.
A unified, cloud-delivered platform minimises management of security policies and does not require day-to-day maintenance, thus providing time for IT to focus on strategic initiatives, as well as on their professional growth. As all corporate traffic goes through this single proxy solution, it helps identify shadow IT and empowers end users to use sanctioned applications securely. A unified platform will also inspect all incoming and outgoing internet traffic to identify abnormal or malicious behaviour at the endpoint or user level to detect and stop internet-based threats like ransomware.
How do you envision SSE technology will evolve within the next three to five years? How will emerging technologies like 5G, AI, and ML affect its evolution?
I expect to see tighter integrations, or even vendors that directly consolidate or decide to own both SSE technology and WAN edge services layers. This implies a closer coupling between security services and networking services, and aligns with the security vendor consolidation we are observing. That said, buyers are expected to continue to want fewer vendors overall in their ideal security solution. Customers will require out-of-the-box integration between the products from their selected vendors.
Telemetry provided by SSE technologies will continue to improve and this will offer significant value for extended detection and response (XDR) vendors who are looking to ingest signals, which may confirm suspicious behaviour sooner and ultimately help reduce the time to respond in an automated fashion to protect the user’s identity or their access to sensitive data.
As for emerging technologies such as 5G, AI, and ML — our world continues to become more interconnected at even faster speeds. 5G will enable new business use cases in manufacturing, supporting Industry 4.0.
In several years, 5G will enable widespread augmented reality. The Apple and Meta augmented reality devices are still several years away from being released. If they prove successful in meeting technological and social challenges, they could be revolutionary and disruptive. There will be both enterprise and consumer use cases for this technology, and SSE will be needed in these use cases.
We expect security vendor providers to make greater considerations for use of AI and ML in the development lifecycle of their products. AI and ML everywhere will become required, and differentiation for AI and ML features will come down to the simplicity of use and value of outcomes. Customers will require demonstrable improvements in usability and functionality as a result of using AI and ML.
Lastly, attackers are constantly evolving and continue to successfully attack organisations. In many cases, they are still relying on social engineering to perform a phishing attack of some form to get initial access to the organisation. Well-trained ML models based on user behaviour changes and pattern analysis can help in this area.
How do you think the adoption of SSE is faring in APAC, especially when compared with the other regions of the globe?
Traditionally, SSE adoption in APAC organisations has been lagging behind compared to their Western counterparts. According to EY, about two-fifths of businesses in Asia-Pacific expect to suffer a major breach that could have been avoided through better investment, higher than in the Americas, which comes in at 29%. The adoption of SSE is gaining traction in other regions faster, whereas in APAC, the unified approach to solve cybersecurity challenges for working from anywhere is still relatively new.
However, the situation is changing, and rapidly. According to Gartner, by 2025, 80% of enterprises in APAC will adopt a strategy to unify web, cloud services, and private application access from a single vendor’s SSE platform. We do predict that there will be more demand for SSE in Asia, as with the rest of the world.
What are Lookout’s top technology challenges in this age of distributed workplaces? What are its technology goals for 2022?
Looking to the future, we see cloud security as the emerging trend in cybersecurity. According to the International Information System Security Certification Consortium (ISC²) Cybersecurity Workforce Study 2021, cloud security remains the top desired skill for professional development amongst cybersecurity professionals. This is because when asked to name the areas their organisations needed to address to improve security, it was highlighted that cloud infrastructure was the number one priority, at 45%.
When the world first went into lockdown, IT professionals scrambled to move as much data as possible onto the cloud as fast as they could; this was necessary for business continuity as employees were forced to work from home. It’s important to remember that the work-from-home revolution was supported almost entirely by the cloud. Now that the dust has settled, we believe it’s essential that organisations continue to sharpen the security tools at their disposal.
As organisations take advantage of the cloud’s agility and ease of use for human resource applications, for example, they are unaware of the threats they are taking on as well – namely exposing sensitive employee data to breaches, and neglecting regulatory and compliance obligations in the process.
A data-centric cloud security strategy is designed to put the safeguards in place that fully protect an organisation’s data – wherever it flows, however it flows, across networks, clouds, applications, users and devices – but does not limit an organisation’s freedom to grow and thrive.
Our technology goals are for more organisations to recognise and take action to address the security risks that come with cloud adoption and digital transformation that gives their C-suite the confidence to accelerate digital transformation and meet the needs of a modern workforce without sacrificing the control of their most important asset — data.
What are some of the most exciting developments in Lookout’s labs, specifically in the emerging technologies you’re planning to adopt in your cybersecurity solutions?
Identity management is a key facet of Lookout’s future. Just last month, we acquired SaferPass, a password management company, with the intent of providing both endpoint and cloud security alongside identity management as a holistic package, particularly for midsize businesses.
The company also continued to enhance its mobile threat defence solution (called Lookout Mobile Endpoint Security) with the release of two features: Mobile Endpoint Detection and Response (mEDR), as well as Protective DNS for iOS and Android platforms.
Mobile EDR is used to detect and investigate threats on mobile endpoints through real-time continuous monitoring and endpoint data analytics. Protective DNS encrypts DNS queries and implements safeguards to prevent users from accessing domains associated with phishing, malware, botnets, and other high-risk categories before a connection to the endpoint can be established.
In addition to advancing our technology offerings, Lookout’s Threat Intelligence teams are ardently searching and uncovering new forms of malware, phishing links, and vulnerabilities that can adversely affect enterprise organisations. Just recently, our teams uncovered spyware and surveillanceware within government organisations that could target an employee, exploit their device, and steal corporate data.
While hackers claimed they targeted governments with poor human rights records, the spyware was found to be used on innocent journalists, activists, and business executives. With proper endpoint detection and response, an organisation can build proactive protection policies, improve threat-hunting workflows, and quickly identify how attackers leverage sophisticated campaigns to target an organisation.