Improving National Cybersecurity with SASE

As hostile nation-states and associated criminal organizations ramp up efforts to disrupt the US Government and threaten the American way of life, Federal IT Leaders are taking decisive action to modernize cybersecurity.

back view of the cyber security officer working on personal computer picture id1175197210

By: Dolan Sullivan, Vice President of Federal at Aruba, a Hewlett Packard Enterprise company.

With sophisticated cyberattacks, such as ransomware and denial of service (DOS) persistently aimed at the public and private sectors being perpetrated by nation-state and rogue criminal actors, Federal IT teams are consistently dealing with a growing cybersecurity challenge: They must combat many forms of fraud and impersonation while protecting a vast amount of connected assets and sensitive data.

Federal government agencies are increasingly impacted by contemporary digital trends, namely mobility and the decentralization of assets. This includes adopting multi-cloud services to support and secure business applications while using an appropriate mix of traditional on-premises compute and communication resources.

CIOs must also deal with hybrid and remote work scenarios as both an ongoing necessity for staffing through the pandemic, and from the perspective of providing emerging agency staff preferences when situations are critical. Meanwhile, mobile devices have become indispensable to workers and operations alike. Finally, the operational technology (OT) world is dynamic as digitalization projects now support an increasing array of sensors and other IoT devices.

Against this backdrop, as hostile nation-states and associated criminal organizations step up efforts to disrupt the government and threaten the American way of life, and by extension the entire democratic world in light of recent events in eastern Europe, Federal IT leaders are taking decisive action to modernize cybersecurity.

The Biden Administration’s 2021 Executive Order on Improving the Nation’s Cybersecurity calls for bold changes as the Federal government improves efforts to identify, deter, protect against, and respond to malicious actors amid a continuously changing threat environment. The Executive Order calls out specific cyber strategies, including a Zero Trust framework, to defend American institutions and people. A Zero Trust framework trusts no one and nothing, whether inside or outside an organization’s network. All users, devices, servers, and network segments are assumed to be inherently insecure and a potential threat.

Modernizing Zero Trust with Secure Access Service Edge (SASE)

SASE is increasingly considered a vital piece of the Zero Trust approach, especially as cloud services gain traction with Federal IT. This framework can ensure complete visibility from client to cloud, with policy-based access authorization and continuous validation of all users and devices, in addition to attack detection and response paradigms. As an architecture, SASE combines branch WAN edge functions, including SD-WAN, network segmentation, zone-based firewalls, and WAN optimization capabilities with comprehensive cloud-delivered security services.

Zero Trust Strategy: 6 reasons to incorporate SASE

  1. Improving client-to-cloud networking security. SASE empowers Federal IT leaders to improve network security from offices, homes, and other locations through to government cloud and private data center resources. In a traditional WAN, application traffic destined for the internet or cloud must first route through the remote site to the data center for security inspection or other network functions. In today’s hybrid, multi-cloud world, this approach is inefficient. This typical legacy architecture places a significant burden on data center firewalls to inspect all traffic. This can cause latency issues that can also negatively affect user experience, let alone making scaling more difficult.

    In this way, SASE can also improve the user experience. With SASE, SD-WAN edge functions enable IT to provide agency staff with direct, secure access to applications and services, regardless of where those resources are hosted and where users and related devices are located.

  2. IT and OT 24-hour security control enforcement. When SASE is integrated into a Zero Trust approach, IT has clear visibility into what devices are connected to its networks ranging from personal devices to IoT sensors. Access to the network can be controlled based on a variety of factors such as user identity, device identity, role, application, time of day, and location. Through SASE, IT can automate access privileges via continuous validation against prevailing security policies, and then dynamically change those policies based on real-time threat data. By protecting and securing mobile devices, servers, and other IT systems dynamically, IT can respond rapidly and more effectively to cyberthreats.

  3. Improve connectivity. SASE capabilities within SD-WAN give agencies greater flexibility to connect administrative offices, faraway sites, and agency staff home offices. IT can choose the ideal combination of connectivity types, including MPLS, 4G/5G/mobile, satellite, and broadband internet, based on mission requirements, service availability, and cost. With built-in intelligent traffic management, an SD-WAN can monitor for service interruptions from end to end and automatically reroute traffic to ensure that mission operations are uninterrupted.

  4. Reducing complexity of network segmentation. With an advanced SD-WAN that supports granular segmentation, different departments or agencies can securely share the same network infrastructure, with logical separation to maintain privacy and service levels. Thus, IT can leverage the SASE framework to evolve away from complex and cumbersome VLAN traffic segmentation, ensuring the same controls applied to campus and branch networks are applied to remote workers and other micro-branch locations. In essence, stringent identity and role-based access controls are enforced from the edge to the cloud. 

  5. Evolve security controls at the pace of cyberthreats. In the endless fight to protect cyberspace in a dynamic threat environment, Federal IT leaders can also apply new security controls within the existing environment leveraging a best-of-breed cloud security strategy. IT can choose the network and security services that best fit each mission objective and meet the challenges of an expanding threat landscape.

  6. Flexible deployment on-premises or in the cloud. Flexible deployment options for Zero Trust and SASE services are critical for Federal IT, permitting agencies to choose the best approach for deploying network and security services on-premises, at the edge, or in the cloud, or any combination. There remain numerous instances where data must be maintained on-premises, despite the Federal cloud-first objective.

Creating secure Federal IT networks

Biden’s Executive Order calls on the Federal government to lead by example by modernizing cybersecurity, removing barriers to sharing threat information, and enhancing software supply chain security. In response, Aruba is paving the way by developing secure networking protocols and practices across Federal, military, and civilian landscapes. That commitment manifests through Aruba ESP (Edge Services Platform).

Aruba ESP enables both Zero Trust and SASE security frameworks, increasing protection levels while simplifying operations. It enables Federal IT to extend network security from the edge to the cloud, with full visibility, control, and enforcement capabilities. What’s more, it can simultaneously improve the application experience for users and devices.

For cloud security, Aruba maintains a broad ecosystem of network and security partners, empowering IT to pair Aruba’s SD-WAN and identity-based network access control solutions with leading providers including Zscaler, Netskope, Check Point, and Palo Alto Networks, a best-of-breed approach that will enable Federal agencies to stay ahead of emerging cybersecurity threats.

Visit the Aruba SD-WAN Edge page for more about architecting a secure edge-to-cloud infrastructure.


Copyright © 2022 IDG Communications, Inc.