The concept of Digital Transformation goes far beyond technology, as it involves profound changes in companies’ strategies and organization. And of course, it also involves technological needs and challenges.

◢ Dissolution of the perimeter

The dissolution of the traditional perimeter forces organizations to apply a consistent level of security from the cloud and secure access to distributed applications across multiple clouds (IaaS), data centers and software-as-a-service (SaaS) applications.

◢ Adoption of clouds

Hybrid work environments

100% cloud environments

◢ Advantages

Flexibility

Scalability

Global access to applications and services

With the emergence of hybrid work environments, users now connect from anywhere, utilize a variety of devices and access business applications and sensitive data that may be on-premise or in the cloud.

TRADITIONAL JOB

Corporate equipment within the network

All traffic crosses the Perimeter FW

NEW JOB

Both corporate and non-corporate equipment (BYOD)

Access to applications and information from inside and outside the network

The Shared Cybersecurity Model that governs the cloud teaches us that, whether PaaS (Platform as a Service), IaaS (Infrastructure as a Service) or SaaS (Software as a Service) services have been contracted, the cloud provider is never exclusively responsible for cybersecurity. At minimum, access and data security will always be the responsibility of the customer.

Therefore, it will be necessary to stress the need for adequate visibility in these environments as well, in order to detect configuration problems or other security flaws that are under one’s own responsibility.

Once the traditional security perimeter has been dissolved, security functions must also be moved to the cloud, because new vectors appear to be protected for which legacy protections are not sufficient.

In order to cover all these new vectors, there are solutions such as:

• • • • • • Cloud Access Security Broker (CASB)

          • Data Loss Prevention (DLP)

          • CSPM (Cloud Security Posture Management)

          • Zero Trust Network Access (ZTNA)

          • Firewall as a Service (FWaaS)

          • Endpoint Protection (AV, EDR & MDR)

The implementation of SASE architectures that combine SD-WAN capabilities and cloud-native security features (SSE), such as:

SWG

Secure Web Gateways

It is a cloud native solution that allows organizations to protect both web traffic and cloud traffic, allowing them to differentiate and apply different security measures, depending on whether the instance to which the user connects is personal or corporate within a managed application.

FWAAS

Firewall as a Service

FWaaS provides cloud firewall services to users and offices for outbound traffic review.

DLP

Data Loss Prevention

DLP or Data Loss Prevention encompasses a set of practices and tools that enable companies to detect data loss, as well as prevent the illicit transfer of data outside the organization and the unwanted destruction of confidential or personally identifiable data. It is also used to help organizations with data security and ensure that they comply with regulations, such as CCPA, GDPR, HIPAA or PCI-DSS.

CASB

Cloud Access Security Brokers

CASB is a service or application that allows organizations to set corporate security policies when accessing the organization’s cloud services. In this way, the application forces users to comply with the policies established by the service administrators.

ZTNA

Zero Trust Network Access

ZTNA or Zero Trust Network Access is a set of products and services that enable access conditions to an application or set of applications based on identity and context. ZTNA eliminates the excessive implicit trust that often accompanies other forms of application access, such as classic VPNs.

RBI

Remote Browser Isolation

Remote Browser Isolation is a security measure that opens websites identified as untrusted in isolation in a remote cloud container, in order to avoid executing its code on endpoints.

◤

In the new models these network and security functions are offered “as a Service” from the Cloud.

The concept of Digital Transformation goes far beyond technology, as it involves profound changes in companies’ strategies and organization. And of course, it also involves technological needs and challenges.

Dissolution of the perimeter

The dissolution of the traditional perimeter forces organizations to apply a consistent level of security from the cloud and secure access to distributed applications across multiple clouds (IaaS), data centers and software-as-a-service (SaaS) applications.

Adoption of clouds

Hybrid work environments

100% cloud environments

Advantages

Flexibility

Scalability

Global access to applications and services

With the emergence of hybrid work environments, users now connect from anywhere, utilize a variety of devices and access business applications and sensitive data that may be on-premise or in the cloud.

TRADITIONAL JOB

Corporate equipment within the network

All traffic crosses the Perimeter FW

NEW JOB

Both corporate and non-corporate equipment (BYOD)

Access to applications and information from inside and outside the network

The Shared Cybersecurity Model that governs the cloud teaches us that, whether PaaS (Platform as a Service), IaaS (Infrastructure as a Service) or SaaS (Software as a Service) services have been contracted, the cloud provider is never exclusively responsible for cybersecurity. At minimum, access and data security will always be the responsibility of the customer.

Therefore, it will be necessary to stress the need for adequate visibility in these environments as well, in order to detect configuration problems or other security flaws that are under one’s own responsibility.

Once the traditional security perimeter has been dissolved, security functions must also be moved to the cloud, because new vectors appear to be protected for which legacy protections are not sufficient.

In order to cover all these new vectors, there are solutions such as:

• Cloud Access Security Broker (CASB)

• Data Loss Prevention (DLP)

• CSPM (Cloud Security Posture Management)

• Zero Trust Network Access (ZTNA)

• Firewall as a Service (FWaaS)

• Endpoint Protection (AV, EDR & MDR)

The implementation of SASE architectures that combine SD-WAN capabilities and cloud-native security features (SSE), such as:

SWG

Secure Web Gateways

It is a cloud native solution that allows organizations to protect both web traffic and cloud traffic, allowing them to differentiate and apply different security measures, depending on whether the instance to which the user connects is personal or corporate within a managed application.

FWAAS

Firewall as a Service

FWaaS provides cloud firewall services to users and offices for outbound traffic review.

DLP

Data Loss Prevention

DLP or Data Loss Prevention encompasses a set of practices and tools that enable companies to detect data loss, as well as prevent the illicit transfer of data outside the organization and the unwanted destruction of confidential or personally identifiable data. It is also used to help organizations with data security and ensure that they comply with regulations, such as CCPA, GDPR, HIPAA or PCI-DSS.

CASB

Cloud Access Security Brokers

CASB is a service or application that allows organizations to set corporate security policies when accessing the organization’s cloud services. In this way, the application forces users to comply with the policies established by the service administrators.

ZTNA

Zero Trust Network Access

ZTNA or Zero Trust Network Access is a set of products and services that enable access conditions to an application or set of applications based on identity and context. ZTNA eliminates the excessive implicit trust that often accompanies other forms of application access, such as classic VPNs.

RBI

Remote Browser Isolation

Remote Browser Isolation is a security measure that opens websites identified as untrusted in isolation in a remote cloud container, in order to avoid executing its code on endpoints.

◤

In the new models these network and security functions are offered “as a Service” from the Cloud.