Mobile SASE and zero trust, when used in combination, can provide a comprehensive cyber protection for business continuity and resilience.

Enterprises are rapidly adopting API-based applications that rely on public or mobile internet as the primary data transport. This creates a potential for a significant increase in cyberattacks on vulnerable IoT end points and API clients, and the threats permeate beyond the enterprise perimeter control.

To address this issue, CIOs can consider network edge-based security solutions that follow zero-trust principles, are agentless, and network-enforced.

Two key security techniques that can be used in combination to protect enterprise end points are:

    1. Mobile Secure Access Service Edge (SASE): This technique applies SASE security principles to the mobile environment.
    2. Zero Trust: This concept considers all access attempts as potential threats; when combined with Mobile SASE, it helps to protect enterprise end points from cyberattacks.

With the arrival of 5G, the trend towards cellular-based IoT projects shifts beyond low-bandwidth massive IoT applications towards more advanced broadband IoT use cases that require higher throughput, lower latency and larger data volumes.

The integration of IoT devices into business processes and production systems represents a vast virtual expansion of the enterprise network perimeter, exposing a broader attack surface to hackers and criminals. Furthermore, IoT devices often have limited processing power and storage, and may run on proprietary operating systems, making them unable to support a client-based security software model. They are also transient and may cross multiple network boundaries, making traditional IT security controls inadequate.

For off-network/beyond the perimeter devices, enterprise IT organizations have limited options for enforcing security controls, and little to no visibility on device performance and behavior. To overcome these obstacles, consider embedding secure networking into the control app itself or employing subscriber identity module (SIM)-based approaches.

Security threats from the edge

As businesses adopt hyper-connected transport, healthcare, logistics, retail and industrial value chains, and as mobile networks become more open, widespread and built using APIs to support cloud-based operations, the threat from cyberattacks and attack surface widens. 

Relying on public or mobile internet as the main data transport further creates the potential for a manifold increase in cyberattacks on vulnerable IoT end points and API clients.

To counter these risks, organizations can consider enabling developers to embed private, zero trust capabilities in API client and publisher end points. This then enables the API publisher to stop exposing end points to the internet: each API session instead leverages a private network, zero trust overlay. 

For remote and mobile IoT devices, organizations have limited options for enforcing security controls and have almost zero visibility on the performance and behavior of the devices. CIOs need to adopt a comprehensive security strategy to protect their end-point assets. End-point-enforced security, which requires an agent to be installed on each device, may not be viable due to device support and the associated management costs. 

Meanwhile, backhauling all the traffic to cloud may have a latency impact on application performance and result in high cloud egress costs. These are key reasons why some organizations are now embedding the zero trust networking functions into the app itself and using SIM-based approaches.

Tri Pham, Chief Strategy Officer, Tata Communications

The need for network edge security 

Note that end-point-enforced security would create high operational complexity and cost, especially at scale. Proxying the traffic to cloud can mean too much added latency and high cloud egress costs. 

With a network edge security approach orchestrated from the core network, the need for security agents on each device is eliminated, and traffic is not required to be backhauled towards a specific cloud environment. 

This approach offers several key benefits over traditional cloud or end point security solutions, by eliminating latency impacts on application performance and reducing the operational pain of managing agents across distributed devices. It also provides improved visibility and control, robust security for data in transit and at rest, while also doing away with the need for integration with mobile device management solutions. 

In a rapidly-changing technological landscape, mobile SASE and zero trust, when used in combination, can provide a comprehensive solution to protect against cyberattacks, ensuring business continuity and resilience.