You needn’t look further for evidence 2024 is going to be a big year for cyber than the discovery in late January of the biggest data leak of all time, containing an eye-watering 26 billion records stolen from users of Twitter, Adobe, LinkedIn. Australian organisations appearing in the list are Western Sydney University (WSU) and popular bookseller Dymocks.
Meanwhile, the recent sanctions on Alexander Ermakov, the Russian hacker now facing charges for the massive 2022 data breach at Medibank signals that it’s game on in the battle to identify and apprehend the worst cyber criminals.
So with such an exciting start to the year, what can organisations, their CISOs and teams expect in 2024?
By now you’ve probably read several 2024 trends and / or predictions pieces, foreshadowing a sharp increase in ransomware attacks this year, increased regulatory scrutiny and executive accountability. And you’ve also heard analysts talking about the dangers – and opportunities – emerging around Artificial Intelligence. Both the bad and the good guys are getting smarter, while broader adoption of AI amongst general workers is something CISOs and their teams need to manage, yet without a manual helping them to do so.
Arguably the most important trend to watch this year is the accelerated deployment of solutions for SASE (Secure Access Service Edge).
Gartner predicts that this year we will see over 40 percent of enterprises putting explicit strategies in place for SASE, compared with only 1 percent in 2018.
If you’re already using SASE or are on the path to deployment, you may already know why this is happening. But given SASE is among the most important digital trends in cyber security today, it’s worth looking at its drivers in more detail below:
1. More cloud equals more SASE
Today more and more organisations are operating within multi-cloud environments spanning SaaS, IaaS and PaaS solutions, while IDC predicts over 90% of enterprises will be relying on a mix of on-prem and cloud infrastructure.
As the network edge extends into the cloud, security must surely follow.
However, as Gartner and others note, traditional network security approaches like VPNs, firewalls, and data centres often struggle to provide consistent security across cloud environments.
SASE, on the other hand is purpose-built for cloud-centric networks and delivers integrated network security services seamlessly.
As cloud adoption continues its upward growth trajectory, enterprises will have to embrace SASE architectures.
2. The ‘edge’ will drive remote SASE deployments
Edge computing is pushing applications and processing power closer to users and devices beyond the traditional data centre perimeter. This helps support lower latency use cases like IoT, VR, and smart vehicles. But as edge deployments grow, securing them becomes a top priority.
SASE allows for the provision of cloud-native security services that can be deployed out at the edge, nearer users and devices. And its identity and context-based policies follow users regardless of where they’re accessing cloud apps. Enterprises will increasingly utilise SASE to secure distributed edge networks and users.
3. Zero Trust and SASE will converge further
SASE and Zero Trust Network Access (ZTNA) converge around a shared cloud-first architecture which has identity-based access control at its core. As zero trust networking becomes accepted best practice, integrating with SASE is then the logical next step for enterprises. According to Gartner, at least 70 percent of new remote access decisions will be delivered via ZTNA or SASE by 2025, up from less than 10 percent in 2021.
Organisations will shift towards converged SASE and ZTNA frameworks for consistent security across all access scenarios, whether on-prem or cloud.
4. ‘Advanced Threat Protection’ is becoming integral
The first SASE solutions focused predominantly on networking and VPN capabilities. But as architectures mature, native threat prevention should be a given.
The best SASE solutions now integrate Cloud access Security Brokers (CASBs) , Intrusion Prevention Systems (IPS), malware sandboxes, and other threat detection tools as core components.
This year, analysts predict that advanced threat prevention such as antivirus, anti-malware, URL filtering, and file sandboxing will be standard in SASE platforms. Some will also utilise AI and machine learning to uncover zero-day threats based on behavior analytics. Real-time threat intelligence sharing will help stop attacks across ecosystems.
5. Vendors SASE solutions are expanding
In the earlier days of SASE, most vendors’ offerings comprised partnerships integrating SD-WAN, firewalls, and cloud security. But as competition intensifies, more standalone and end-to-end solutions are coming to market. This means simpler, unified SASE management for enterprises.
Market leaders offer SASE suites encompassing SD-WAN, SWG, CASB, ZTNA, and other components. Converged stacks also simplify procurement and deployment. They also enable tighter integration between networking and security.
6. New Pricing and delivery models emerge
As with many emerging technologies, SASE started out with complex a la carte pricing models.
Now, as services standardise we’re seeing subscriptions based on seats or network bandwidth usage will become more common.
Moving forward, consumption-based billing aligned to business needs will drive faster SASE adoption. Managed Service Providers will also offer new SASE platforms and bundles tailored to the individual needs of SMBs.
For those companies without inhouse security specialists, unified SASE delivery via a single dashboard will likely be very appealing.
This year expect to see even great acceleration of SASE deployments in line with the rapid growth of remote work, cloud migrations and edge computing.
Moreover, as Zero Trust principles and threat prevention capabilities converge into SASE, it will emerge as the de facto security framework for managing – and optimising - the future enterprise network edge.