Kappa Data Unplugged

Question of the Month: SASE — Securely connecting users to applications everywhere

Marketing Kappa Data

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 13:23

In this episode of Question of the Month, our podcast series where we tackle one pressing question at a time. Today, Frédéric Van Walle explains the shift in network security: what exactly is SASE, and how can organizations securely connect users to applications everywhere without adding complexity to their network?


🔗 Meer weten? Bezoek onze website: www.kappadata.be

🎧 Zin om zelf eens aan onze microfoon te schuiven? Laat van je horen!

SPEAKER_00

Every month we take one topic from our Capital IT Compass and ask one simple question. Today it's not just about your network, it's about how your users securely connect to applications from anywhere. Because the reality is users are no longer sitting inside the office. Today they are working remotely, accessing cloud applications and connecting from different devices and locations. And that shift has made a traditional network security model increasingly complex and more and often more ineffective. So the real question here becomes: how can organizations securely connect users to applications everywhere without adding complexity to their network? That sounds already like a very complex question. Today I'm speaking to Frederick van Walle, vendor manager of the Kappa Data Group. Hi, welcome, Frederick.

SPEAKER_01

Thank you, Yulin.

SPEAKER_00

Well, let's make it a little bit more easy, right? We're talking about secure access service action, in short, SASI. For those who not might be familiar with it yet, what exactly is SASI and how would you explain it?

SPEAKER_01

Well, you almost explained it in your introduction, but I could understand that if you don't know what it is, that was quite a heavy sentence. So yeah, let's not make it too easy. We are indeed working from everywhere, not only from home, not only from customers on the train, maybe with some Spotify in your ears, but we can work from the office too. So we we we need to connect to our applications. In the old days, we connected to the company side, headquarters via a VPN on the firewall. So what we started with the Z DNA part, the zero touch network access, zero trust, sorry, network access. Zero touch. That's also something that exists too. But in this case, is it it is um zero trust that you don't trust the device, you don't trust the user, you don't trust anything, not at the location. Um, and you connect the user with the application, and that's the only thing that can happen. So the user you must see that is the authenticated user within the client application connecting to the back-end application, which is already a lot better, and you connect the user with the application, and that's the only thing that can happen. So the user you must see that is the authenticated user within the client application connecting to the back-end application, which is already a lot better. But what if you are then in the office and connecting another office, for example, that is not really Z DNA anymore, that's more like SD1, you know, where you can you have different VPN channels connecting different uh sites, etc. That's another story. But we can combine these two so that a user can work from everywhere without noticing it. And then we have the way of selling it, I'd say. If we don't uh sell a firewall, but we make it available for rent on a monthly or yearly uh basis, then we can combine this licensing model of users. And if you want to investigate what users are doing, you have uh Casby, you have web filtering, etc., uh also security you add. So you combine all these products together in one centralized platform, preferably, and you put it in a licensing model that you can easily add users and add sites at all ease. Centralized management, one rule that says you can work as a user, as part of that group mostly, to that application, then it doesn't matter where the user is. That's what SASE does. It combines all these things and simplifies the management.

SPEAKER_00

So with SASE, you can work from anywhere around the world.

SPEAKER_01

You can always work from anywhere around the world, but that doesn't mean that it's secure and easy to manage.

SPEAKER_00

So with SASE, you can work from anywhere around the world where your organization is able to check that you're doing it the right way, the secure way, and make sure that there are no risks.

unknown

Yeah.

SPEAKER_01

And optimized.

SPEAKER_00

And optimized, a very important thing. I didn't say that, I just added it. Of course. Why? So, of course, we already discussed like why this is relevant, but is this also the main reason why people, organizations are implementing SASI these days?

SPEAKER_01

What I see is different reasons why they choose for uh SASI. A lot of times it's because too much portals to configure. You have a portal for the firewall, you have a portal, a portal for the ZTNA, you have a portal for this and for that. Easily three or four portals where you could put it all into one. And that what goes together with that is you have different rules that you have to implement and all these portals while you are actually saying the same thing as I said user application. So why do it in 10 ways? If you add a branch office, you don't need to reconfigure anything because it's the same rule. If the user, the same user, goes to that branch office, it has the same rules. So you just add a branch office, but you don't need to configure something particular.

SPEAKER_00

So it's also a little bit of simplifying your work.

SPEAKER_01

A lot, a lot, and then you get that yeah, I hate the term, but it's true, the return on investment. So you need to invest money. Yes, it costs, at least it appears to have a cost, but your lack of resources on IT. Who is going to manage all this? You know, you open a support ticket and it takes sometimes days. So, in some companies, if you are lucky, it only takes days before you even get an answer, unless we received your ticket, thank you. So, if you could have first of all, if you have less tickets, that will be already an advantage. And secondly, if less people are needed to reply on that tickets because the configuration is much more easy, you have more visibility, we didn't even talk about that, and you can more easily have the simpite environment, so more easily troubleshoot and find the root cause of your problem. So people are working from everywhere. We can work from home, we are responsible people, but not all employees. I'm not talking about anybody in particular, and just in general, not every employee is to be trusted if he or she works from home. Maybe if somebody worked from home, next day you see that all the clothes are uh are neat, uh or maybe new clothes, whatever, just inventing stuff. I just mean you don't know even know if people are working. And if you have a way of having visibility to see what they are doing, therefore not in detail, but you see that they are working and they are doing this, they are doing that, that can help you sometimes.

SPEAKER_00

So, in the past podcast, because we we already recorded a couple uh together, we talked about MDM, UEM, um, we talked about shadow IT, and we now are now talking about SASI. Perhaps the last question, um, because it's of course definitely something that will pop onto mind, is then how quickly can companies adopt SASI? Because if they want to start right now, is that possible, like in in one finger clip?

SPEAKER_01

Well, literally it will take you a few minutes longer. No, you to be honest, you need to prepare. Whatever you do, you need to prepare. Installing SASI can be can go very fast, but if you want to do it in a good way, you have to think about it. Because the first thing an engineer needs to do is forget all he learned about firewalling. You have to do the new way of thinking. As I said, user to the application, not opening a port, not doing port forwarding, all that kind of stuff. That I'm not going to say that it doesn't exist anymore, but the way of thinking has changed. You have you have to think more broadly. You have to think as an overview of over everything. And once you know this, everything's getting more simple. And then you implement the simple story. So, yes, you can implement it very fast, but you of course have to be careful because each company is different. And in some companies, you really have to be careful not to interrupt. You can do that, but you have to be prepared. The the biggest advantage is not in the installation. Yes, it will be faster, but that's not the biggest advantage. The biggest advantage is in the flexibility afterwards. You can add a site like that, and that will go very fast. You can add a temporary site, you're on a fair, you can easily put a like a box, socket, or something on there, for 5G antenna next to it, and voila, it's like you are in the office. You can do exactly the same thing, and the right user does the same thing as he if he or she was in the company. So that flexibility that you have, you can move people around, you have different rights. Well, you probably are going to do that in your identity management solution, changing the responsibility, and immediately it will have effect into the whole SASI platform to have your new rights that what you can use, what you cannot use. Do you know what the biggest challenges we have today in IT? And now you're thinking, yeah, we have a lot. Maybe you should think we haven't been talking about AI yet.

SPEAKER_00

Yeah, that was actually gonna be my answer uh on the question what are the challenges? AI.

SPEAKER_01

Yeah, and everybody thinks, oh, if we talk about AI, it's like, oh, you can use AI for this and you can use AI for that. I even used AI to prepare myself on this conversation.

SPEAKER_00

Can you actually say that out loud?

SPEAKER_01

But there's nothing wrong with AI unless you are putting things into the AI that are spread, and you have the DLP story, you know, and data loss. Um, and that could be quite dangerous because you never know where it heads to. You can ask things to a language model that gives you privacy sensitive information that comes from somewhere else.

SPEAKER_00

Perhaps before you dive deeper into that, a language model is um a kind of AI tool that you use, such as ChatGPT, Gemini, Cloud Pilot, something like that.

SPEAKER_01

And all the free ones are untrustable. The ones you pay for, you have to read the small letters to know what I can put in there and what can't I? And then um, well, you should listen to the other podcast, maybe uh where we talked about shadow IT, um, uh, because it there is like some overlap in this story. But um, if you're using these language, large language models, then you could upload files and ask, can you summarize me this text? And very easy. You have a large email, copy paste, uh, summarize me this text. You can even do that in your car. You can use um Gemini, put it in there. You can talk with Gemma. What's in the mail? Oh, yes, you can talk with it. Oh, so easy. But you just copied a full email into that uh Gemini tool. So Google can use that, and maybe just something in it shouldn't be. Anyway, what can we do with well now? I have to to call a particular name because it's probably not with all SASE tools, but with Kato, you can um analyze what people do in which large language model. So you could say, Well, we have suppose we have a license for Microsoft Copilot, and we know that what you put in there is okay, stays within the environment. So you can restrict people to say you can use all tools, but you cannot upload files into others than the Microsoft tools, unless that group of people, because they don't have a license, so you can have different rules depending on the users, on different kinds of conversation platforms, language platforms, and you can even analyze what they do. You could say, Yes, you can upload a file, unless there are emails in there to say something, so it's very flexible, and that's something these are additions that we see on the SASI platforms that um uh are future ready. Sorry, future proven it's not even future.

SPEAKER_00

No, you're 100% right. Since again, there is 100% again. What is important is indeed made my day. Yeah, what is important is that we keep in mind that people everywhere are using AI, that we just have to be responsible with it and making sure where we are uploading our stuff, perhaps like sensitive data, but even just like small things uh that shouldn't be out there for everybody just to steal and pick around. So SASI can also help you with that.

SPEAKER_01

Indirectly, completely. And um, I think you can even use a tool without having the whole complete SASI, but that's something for the salespeople to talk about.

SPEAKER_00

Yes, let's leave that to them. Thank you, Frederick, for all the information uh and sharing these insights on SASI in this month's Question of the Month podcast. The way we connect users to application has fundamentally changed. And with that, security needs to evolve as well, such as SASI is doing with AI. Because the real challenge isn't just enabling access, it's making sure that the access is secure, scalable, and simple. I think that's the main one.

SPEAKER_01

Thank you, and thank you for having me.

SPEAKER_00

See you soon, Frederick.

SPEAKER_01

See you.