Virtualization Technology News and Information
Mapping Common Controls to SASE

By John Spiegel, Director of Strategy, Field CTO, HPE

It's true that all of us in cybersecurity enjoy a good framework.  Why?  We must oversee, protect, and understand an area that is complex and difficult to process.  As security extends across the enterprise from basic physical elements like a building to the complexity of interactions of a container-based application, having a framework provides a map to understand the multi-layered mosaic that covers all aspects of the business. Using structures such as NIST, ISO 27001, or CIS brings clarity and understanding to new and old technologies and operating models. The difficulty becomes understood. It allows us to speak a common language or, even better, use a topographical map to understand the landscape. 

New technologies present new challenges. How do they map into various frameworks?  For instance, if I am deploying a platform such as Service Access Security Edge (SASE), how does it fit into a standard like CIS?  First of all, SASE is a framework in itself. It covers network elements and a security stack to deliver applications to an edge device in a branch office or a remote worker.  It supports both legacy applications in the private data center as well as next-generation cloud-based applications such as SaaS (for example Workday or O365).  Given the breadth of SASE, what does the map look like? 

For CIS, let's use version 8, which came out in 2021. Enhancements include cloud-based computing and virtualization, which critically account for the rise in work-from-home. Changing attack patterns prompted the update. Each area is called out as a "Safeguard." 

How does SASE map out?

mapping sase chart 

As SASE brings to the table security tools such as ZTNA, CASB, SWG, FWaaS, DLP and leverages identity, the results are positive. 35 controls are covered!!  In addition to covering these controls, the SASE framework also provides security tool consolidation, integration between solutions, lower KTLO, and if done right, a strong ROI for the company. 

If you are not considering a transition to SASE, you should. Making the migration will provide faster application performance and security improvement and make that conversation with the outside auditor easier. Plus it will help you understand the complexities of edge networking and security!!



 John Spiegel

John Spiegel has 25 years of experience running global networks and managing infrastructure. He is an industry pioneer in software-defined networking (SDN) and software-defined WANs (SD-WAN). John has spoken on the topic of network transformation at industry conferences such as Gartner, InterOp, VMWorld, Palo Alto Networks Ignite, Evanta, and Dataconnectors, as well as executive roundtable discussions. He has also been a customer advisor to companies like VMware, Palo Alto Networks and Cisco Systems. Disruptive startups have also leveraged John's knowledge to bring products to market, resulting in successful exits. He is currently the Director of Strategy/Field CTO, HPE Aruba Networking SSE.  John is also the co-host of the SSE Forum's podcast called "The Edge."  When not helping companies on their journey to modernize and secure their networks, John can be found cycling on the backroads of Oregon.

Published Wednesday, May 15, 2024 7:31 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<May 2024>