The digital landscape has drastically changed as the hybrid workforce becomes the new norm. This shift has brought about unique challenges in ensuring secure remote access while maintaining efficiency. Recently, SANS held a webinar to discuss these challenges and the role of Zero Trust and secure access service edge (SASE) in addressing them. The session featured John Spiegel, Director of Strategy and Field CTO for the Emerging Security Business Unit at Hewlett Packard Enterprise (HPE), and Darren Tidwell, Senior Solutions Engineer for HPE Aruba Networking’s SASE team. The webinar provided valuable insights into the evolving world of network security and the innovative solutions being implemented to tackle modern threats.
Speakers’ Backgrounds
Both John Spiegel and Darren Tidwell have extensive experience in the industry, transitioning from practitioners to key roles in leading companies. John has a rich history in enterprise leadership, network engineering, and infrastructure management. Currently, he hosts a podcast called “The Edge,” which covers SASE, security service edge (SSE), Zero Trust, and the role of the Chief Information Security Officer (CISO).
Darren Tidwell has a diverse background, having worked for Sun Microsystems, Oracle, A10 Networks, and Axis Security (now part of Aruba Networking). His role as a Senior Solutions Engineer involves demonstrating the capabilities of the HPE Aruba Networking SSE platform.
The Shift to Hybrid Work and Its Implications
John highlighted the challenges of working from home in a hybrid environment, emphasizing the need to balance work and personal life. “I’m what you might call a digital citizen,” John stated. “I have responsibilities to do my best to make sure that my public and private life don’t intersect in a negative manner. As we all know, this can be challenging.” With multiple devices connected to his home network, each potentially carrying a risk, the security dynamics are vastly different from the controlled environment of a traditional office setup. In the past, remote access involved a complex journey through various security systems, often managed by different teams, leading to inefficiencies and vulnerabilities.
The hybrid workforce has become a prime target for cyber-attackers. Statistics show a significant increase in social engineering threats and attacks on VPNs. “Social engineering threats are up by a whopping 270% in 2021, and they’ve increased ever since then,” John shared. The legacy IPsec protocol, in particular, has become a vulnerability due to its extensive code base and frequent bugs. These challenges have necessitated a shift towards more robust security strategies like Zero Trust.
The Rise of Zero Trust
Zero Trust, a concept introduced by John Kindervag in 2010, is based on the principle of “never trust, always verify.” This approach is crucial for remote access users, as it requires continuous validation of trust relationships. John outlined the critical elements of building these trust relationships, which include identity verification, device posture assessment, application request evaluation, and data sensitivity.
Introducing Secure Access Service Edge (SASE)
SASE, a term coined by Gartner in 2019, addresses the dilemma of choosing between speed and security in network deployments. By integrating networking and security functions into a unified cloud service, SASE provides both high performance and robust security. The framework consists of two main components: WAN Edge for performance and speed, and SSE for security.
John discussed the growing adoption of SASE solutions, particularly SSE, driven by the increasing hybrid workforce. SSE is seen as a strategic initiative to enable and secure remote workforces, with Zero Trust network access (ZTNA) leading the way. According to a report commissioned by Axis Security, a significant percentage of organizations plan to start their SASE strategy with SSE.
The HPE Aruba Networking SSE Solution
The HPE Aruba Networking SSE solution, formerly known as Axis Security’s Atmos, embodies the principle of “simplicity is the ultimate sophistication.” The platform integrates cloud-delivered networking and security functions, simplifying the management of multiple point products. John emphasized the importance of adaptive trust, which involves continuously verifying user and device trustworthiness before granting access.
Demonstrating the SSE Platform
Darren provided a detailed demonstration of the HPE Aruba Networking SSE platform, highlighting its user-friendly design and comprehensive security features. The platform supports both agent and agentless approaches, ensuring seamless user experiences. One notable feature is the use of synthetic IP spaces, which enhance security by preventing lateral movement of malware.
Darren also showcased the platform’s ability to enforce data loss prevention (DLP) policies based on device posture. “We can connect device posture to DLP functionality,” Darren explained. “You can actually take the device information or knowledge about what's happening on a device and make decisions about what data is and is not allowed.” This ensures that data access is tightly controlled, reducing the risk of data breaches. The platform’s management interface offers a unified view of security policies, simplifying the administration of various security functions like secure web gateway (SWG), cloud access security broker (CASB), and ZTNA.
The Journey to Modernizing Network Security
John concluded the session by discussing the journey towards modernizing network and security solutions. He emphasized the importance of aligning SASE and SSE implementations with critical business challenges. Whether it’s improving connectivity for branch locations or securing remote workforces, the journey should be tailored to specific organizational needs.
John shared a success story from Wynn Las Vegas, which transitioned to the Axis Security platform after struggling with traditional VPN and RDP solutions. The move resulted in lower costs, higher security, and simpler management, highlighting the benefits of a cloud-delivered, unified security solution. “The result? Lower costs, higher security, simpler to use, and best of all, incredible feedback from both the employees and the administrators,” John said.
The webinar provided valuable insights into the evolving landscape of network security in the hybrid workforce era. Zero Trust and SASE, particularly SSE, are pivotal in addressing modern security challenges. The HPE Aruba Networking SSE platform exemplifies the principles of simplicity and adaptive trust, offering a robust solution for securing remote access. As organizations continue to navigate the complexities of hybrid work, these insights and solutions will be crucial in ensuring a secure and efficient digital environment.
IMPLEMENTING A ZERO TRUST ARCHITECTURE is not a one-size-fits-all solution; it requires careful planning, implementation, and ongoing management. For those interested in delving deeper into the subject, SANS has recently released a Zero Trust strategy guide. This document is an excellent resource for anyone looking to learn more about the principles, implementation strategies, and benefits of adopting a Zero Trust Architecture in their organization.
