How can enterprises accelerate the adoption of cloud-first, zero-trust security models to protect against evolving cyber threats?
The first thing enterprises can do is conduct a comprehensive risk assessment of their environment to identify critical assets that require remediation against evolving threats. Once that’s done, they can set clear imperatives among leadership and security teams based on how adopting cloud-first, zero-trust models can reduce risk. From there, they can develop a detailed blueprint for execution.
Establishing a governance framework is another way to accelerate the adoption. By prioritising Zero Trust use cases and their associated risk-reduction outcomes, the framework can help executives and teams better understand the core principles of the models. This kind of clarity makes it easier to secure resources from the top and gain buy-in from the rest of the organisation.
What are the operational efficiency benefits of adopting a managed SASE service instead of maintaining an in-house security infrastructure?
Managed SASE services can significantly reduce overhead costs related to hardware, software, and staffing. Enterprises won’t need to invest in expensive equipment or hire specialised personnel, as services like Palo Alto Networks Prisma SASE typically include everything required for faster deployment and issue resolution.
It can also streamline cloud, network and security operations through automation and enhanced visibility into compliance. This advancement can not only enable enterprises to reduce repetitive and manual tasks, but also adhere to regulatory standards at all times.
What’s more, these services offer scalability and agility, allowing distributed enterprises to connect users and applications globally across any combination of terrestrial, wireless, or satellite access networks. As businesses grow or change, enterprises can quickly adjust their network security without the hassle of upgrading in-house systems.
What are the key challenges organisations face when transitioning from on-premises network architectures to SASE-based security frameworks?
The biggest concern for organisations is integrating SASE into their existing infrastructure lifecycle. It can get challenging if the current systems have varying end-of-life or contract expiry times. Furthermore, as with every transition, there are associated security and disruption risks. That’s why it’s important to make sure extensive planning, resiliency testing and consistent security policy enforcement are in place to keep the systems protected and available throughout the process.
Another challenge is merging cloud, networking and security teams into a target operating model. These teams usually work in silos, but now they’ll need to figure out how to collaborate effectively to create a unified security strategy. This trend of non-cohesiveness is especially evident when Service Integration and Management (SIAM) adopts DevOps practices.
What best practices should enterprises follow to maximise the benefits of an AI-powered SASE solution while maintaining compliance with regulatory standards?
The good thing about managed SASE platforms is that they assist in the governance of most of the compliance workload for enterprises. They provide a unified framework for AI-powered automation and orchestrating security policies across the board, which helps maintain visibility and consistency. Think of it as having a single dashboard where enterprises can manage device posture assessments, user identity authentication, and network micro-segmentation all in one place. It really makes compliance a lot easier to handle.
On top of that, these cloud-based platforms come packed with advanced security features like Secure Web Gateway (SWG), Firewall-as-a-Service (FWaaS), and Zero Trust Network Access (ZTNA). With these holistic protections, enterprises can rest easy knowing their security controls are effective no matter where users are or where applications are hosted.
Another way for enterprises to step up their game is by partnering with a managed service provider (MSP). This gives them access to specialised expertise and industry best practices. Take Kyndryl as an example, we offer end-to-end, 24/7 management of the customer’s platform with Prisma SASE. This means we handle upgrades, health checks, continual optimisation, advice on your compliance obligations and more. With that support, businesses can truly improve their security posture and ensure everything runs smoothly.
What are the long-term strategic advantages of implementing an end-to-end SASE service for future-proofing enterprise network security?
The shift to an “as-a-service” cost model means enterprises no longer have to spend a ton of money upfront on hardware and infrastructure. Instead, they can adopt a predictable operational expense (OPEX) model, which makes budgeting a lot easier and flexible in the long run – especially during challenging business conditions and rising costs.
Because SASE is cloud-based, businesses can easily scale their network and security services up or down, which means, in the future, they can grow without the need to constantly upgrade their infrastructure. This can surely lighten the workload for IT teams and free up their time to focus on bigger, strategic projects.
We also notice how SASE boosts business agility on different occasions. For mergers and acquisitions, it can seamlessly integrate different IT systems by applying consistent security policies and identity-based access controls. When it comes to divestments, it helps in securely segmenting data and applications to ensure only the right people have access.
Last but not least, as hybrid work continues to be a norm for most highly distributed businesses, SASE offers a unified security approach that ensures secure and reliable access to corporate resources from anywhere. This supports a flexible and dynamic workforce while maintaining robust security standards – which is exactly what is needed to become a future-proofing enterprise nowadays.
- About E-Yang Tang
- About Kyndryl
E-Yang Tang is the Security, Resiliency, and Network Lead at Kyndryl A/NZ. In his role, E-Yang helps customers across the region identify, detect, prevent and respond to cybersecurity events, while minimising the impact on organisations and individuals.
E-Yang has more than 25 years of cybersecurity experience, working across notable organisations including RSA, EMC, Verizon, Hewlett Packard Enterprise, Ernst & Young, CGI and Tesserent. He is also an Open Group TOGAF Certified Enterprise Architect and ISC2 CISSP professional, who specialises in critical infrastructure security and cybersecurity strategy. He is passionate about contributing to the field, speaking regularly at industry conferences and guiding the next generation of cybersecurity professionals.
Before moving into cybersecurity, E-Yang served as a Police Officer with the Singapore Police Coast Guard Division, where he was involved in operations against traffickers and smugglers. He later earned a first-class honours degree in Computer Engineering from Monash University, majoring in Public Key Cryptography.
Kyndryl is the world’s largest IT infrastructure services provider, serving thousands of enterprise customers in more than 60 countries. The Company designs, builds, manages and modernizes the complex, mission-critical information systems that the world depends on every day. For more information, visit www.kyndryl.com.
Techedge AI is a niche publication dedicated to keeping its audience at the forefront of the rapidly evolving AI technology landscape. With a sharp focus on emerging trends, groundbreaking innovations, and expert insights, we cover everything from C-suite interviews and industry news to in-depth articles, podcasts, press releases, and guest posts. Join us as we explore the AI technologies shaping tomorrow’s world.
