Gartner’s 2021 Strategic Roadmap for SASE Convergence & Zero Trust

Since the Secure Access Service Edge (SASE) market category was defined by Gartner in July 2019, interest has ‘exploded’. Digital transformation, COVID-19, and cloud computing have broken the traditional security and access model, creating gaps that can’t be sticky-taped with incumbent solutions.

Security and access controls need to be delivered via the cloud and consistently enforced across users, devices, and services in a way that is simple to manage and modernizes end-user experience.

Gartner’s 2021 Strategic Roadmap for SASE Convergence details what SASE actually is and outlines short and long-term priorities for businesses. Ultimately, SASE is a long-term initiative, right now vendors don’t have the breadth of product maturity to provide end-to-end SASE solutions while prospective customers are having to phase out legacy technologies as well as address a skills gap.

Gartner recommends deploying Zero Trust Network Access (ZTNA) to augment or replace legacy VPN services as the first phase of SASE preparedness. Zero Trust is an integral component of SASE, helping companies move away from the implicit trust assumptions associated with traditional networking models to one that utilizes adaptive and continuous risk assessments.

Verizon’s Mobile Security Index 2021

The Verizon Business Mobile Security Index (MSI) 2021 revealed that many businesses may have left themselves vulnerable and open to cybercriminals in the rush to ensure their workforce could operate remotely. The report reveals that 49% of businesses are stressed that changes made to remote working practices during lockdown adversely affected their company’s cybersecurity.

Interestingly, even though 40% of businesses surveyed by Verizon recognized that mobile devices are their company’s biggest IT security threat, 45% of them knowingly sacrificed the security of mobile devices to “get the job done” and 24% sacrificed the security of mobile devices to facilitate their response to restrictions put in place due to the pandemic.

Some of the other key findings from the report include:

  • 78% expected home working to remain higher even when COVID-19 is no longer an issue
  • 79% had seen remote working increase as a result of COVID-19. 70% expected remote working to fall again, but over three-quarters said that it would remain higher than before lockdown
  • 46% of IT workloads were run in the cloud. Three-quarters said their reliance on cloud-based apps is growing
  • 76% said that they’d come under pressure to sacrifice the security of mobile devices for expediency

You can read the full report here.

Zero Trust Digest 2021

The inevitable shift to hybrid working

Unsurprisingly, over the course of the past year, remote working has been a top discussion and research topic for businesses. One clear theme from all the research reports that have surfaced recently is that employees want flexibility, not remote-only nor office-centricity – the choice to work on their terms. Here’s some stats from just the last month:

  • 72% of employees want to continue working from home after the pandemic – Flex Appeal
  • 80% would prefer if their organization offered some elements of remote working, while nearly 75% would like a “work from anywhere” approach – AppNeta
  • 86% of technology professionals in the UK and Europe don’t want to return to the office full-time at all – hackajob
  • Only 18% want to return to the office full-time – Fujitsu
  • 73% of employees saying they want to continue with flexible work options, and remote work listings increasing by five times during the pandemic – Microsoft

Fortunately, companies are being proactive with 63% of employers surveyed have plans to introduce or expand the use of hybrid working.

  • PWC recently came out and announced their flexible working deal for employees, giving them an ‘empowered’ day to decide their most effective working pattern.
  • Bank of Ireland launched working hubs to pivot to a flexible working program
  • HSBC scrapped their executive floor in Canary Wharf to promote flexible working
  • GM revealed their ‘Work Appropriately’ flexible working model.

Hybrid working will be a radical change for many businesses and IT departments will ultimately be accountable for ensuring that employees are able to work securely and productively wherever they are.

Are passwords a bad user experience?

Passwords continue to be a problem for security. No matter best efforts, people revert to what they know and what’s memorable. Bad password practice persists, something that is clear from a number of research reports that surfaced last month. The National Cyber Security Centre (NCSC) found that 15% of the UK population use pets’ names, 14% use a family member’s name and 13% a noteworthy date; 6% still use “password” as the entirety or part of their password.

Another research report found that 57% of American employees write down work-related passwords on sticky notes, while 66%% have lost these sticky notes. The report also found that 62% have a notebook or journal to jot down their logins and passwords.

These trends are symptomatic of a poor user experience. People don’t want passwords that are difficult to remember, it creates unnecessary friction, which in turn, weakens security. Login credentials alone do not verify a user’s identity, nor adequately assess the risk associated with an access request. For instance, what if a user’s device has malware installed. This is why adoption for Zero Trust Network Access (ZTNA) is growing, enabling access decisions to consider the wider context (e.g. device posture) of an access request and reduce reliance on rudimentary factors.

Previous Zero Trust Digest’s