In this case, data centricity involves end-to-end consolidation and integration, as one proponent of the paradigm explains

It has been said that cybersecurity personnel are trapped in a vicious hamster wheel.

A breach is discovered, a fix is developed, and the cycle repeats itself. Is there an end to the continual tussle for power between the malicious and the benign?

In a chat with, Manny Rivelo, Chief Executive Officer, Forcepoint, shares his views on how the world’s unstoppable total conversion to digital also requires addressing the hamster wheel of cyber threats …

CybersecAsia: What in your view are the cyber risks of the world going all digital?

Manny Rivelo (MR): Against this backdrop of economies becoming all-digital, data will hold even greater value and competitive advantages. Digital-native organizations will view data as a precious commodity, like gold ingots and oil preserves of yesteryear.  

Yet, if left unknown, unanalyzed, and floating around multiple clouds, data centers, and devices, data can be a source of business risk and liability.

Savvy cybercriminals and nation-states know that remote workers are constantly shifting between devices, locations, and apps. The expanding attack surfaces make it nearly impossible for CXOs to prevent sophisticated actors from using automation, scale, and customization in their tactics to break into hybrid IT infrastructures to steal that digital gold.  

CybersecAsia: With a future of endless cyber battles between state-sponsored threat actors and cyber defenders, how can the good guys even the odds?

MR: In my opinion,converging security and networking capabilities in a Zero Trust architecture is one way that can even the odds for defenders.

The promise of the Secure Access Service Edge (SASE) and its security component the Security Service Edge (SSE) is that everything works together to simplify how you implement Zero Trust for all of your users and business data.

Integrating SSE with inline data loss prevention (DLP) with advanced threat protection and other Zero Trust capabilities gives teams far greater control over how employees access and use that data. By following the credo of ‘trust nothing, verify everything’ no intellectual property or regulated data can be shared or downloaded against policy and all content is sanitized from threats automatically, even on unmanaged devices or BYOD. 

SSE integrates web access through a Secure Web Gateway, cloud access through a Cloud Access Security Broker (CASB), and access to private apps via ZTNA, all managed as one.

However, though vital and substantial, convergence and a single-vendor approach are not enough. What is needed at the center of SASE is data security. That is because your data can leave in so many ways, especially through uploads and downloads to websites, cloud apps, and corporate (private) apps and personal devices such as USB  devices, printers, Bluetooth, etc.

CybersecAsia: Tell us more about how SASE can create a perimeter-less Zero Trust environment.

MR: The biggest challenge in data security is the effort and time required to set up and dial in the SASE/SSE policies — and to maintain that policy across multiple environments and devices.

You cannot just turn everyone loose because it is too risky. Neither can you clamp the irons on personal devices as doing so would effectively reduce productivity, or worse — pushing folks to seek risky workarounds.

On the other hand, maintaining various policies for thousands of users and their devices, while accounting for the type of application or website being accessed, the location, network access, and BYOD requirements, is a nightmare.

Adopting data-first SASE, even if it is done gradually, allows you to streamline processes and reduce spending on several individual point products. You can distribute enforcement by putting controls closer to the user using a combination of on-device agents for managed devices and agentless, reverse proxies for unmanaged devices. The system is smart enough to make decisions wherever the user is located, without having to route security traffic to a centralized data center, which increases wait time for the employee and infrastructure costs for IT security.

You can authorize access and define enforcement policies just once. This level of control over data usage extends to employees, contractors and partners using Bring Your Own Device arrangements. By putting management in the cloud, the same set of SASE security policies can continuously protect your people and stakeholders whether they work at home, in a branch office, or at a customer or partner site.   

In the end, it is about greater efficacy, ease of use, reduced cost and accelerated competitive advantages. If you focus too much on authentication and detection, you may be successful at knowing who a person is on the network and what they are allowed to access. But you may not know what they are accessing and why.

Shifting to data-first SASE embraces a strategy of 100% prevention to secure data wherever it is used. It is the fastest way to simplify security and make a perimeter-less Zero Trust universe a reality.  

CybersecAsia thanks Manny for sharing his SASE views with readers.