Amid the escalating quantity and sophistication of cyber threats, especially targeting cloud services, enterprises are seeking robust, but cost effective measures to safeguard their networks and data from malicious attacks. Secure Access Service Edge (SASE) solutions have gained significant traction as one of the most favoured solutions in recent times, unifying several once-disparate controls into a unified global cloud platform. With recent outages and common dependency on controlling the endpoints, the insufficiencies of relying entirely on SASE solutions have become more noticeable as adoption expands.
According to the State of Security 2023 Report, 62% of organizations report experiencing unplanned downtime due to cybersecurity incidents on at least a monthly basis, and the number of outages faced by an organization is around 22 per year. The cost of this downtime consumes roughly 2.7% of annual revenue. This downtime can cost organizations a lot of money.
These findings also suggest that relying solely on SASE solutions may not be enough to protect against modern cyber threats -- phishing and ransomware remain top concerns -- or deliver the use cases that enable modern business agility. For example, SASE cannot fully support unmanaged or BYOD devices. More importantly, SASE platforms struggle to fully support 3rd party access and support critical business initiatives like:
Mergers & Acquisitions Collaboration
Remote Call Center productivity including VoiP support
Remote 3rd party access for administration and troubleshooting
While client-less Zero Trust Network Access (ZTNA) and reverse proxy approaches can help, they can also encounter obstacles related to application support, latency and overall user experience.
With the SURF Zero Trust Browser approach, customers can integrate flexibly with their SASE platform and gain the best of both worlds: Deliver on Business enabling Use Cases and Provide a User Experience with assured continuity of operations.
The SURF Zero Trust Browser approach delivers on the promises of a user focused Zero Trust security model without disrupting existing security operations related to SASE, IDP, EDR or other controls, but still covers every pillar of a NIST-referenced Zero Trust strategy.
While SASE solutions have expanded support for unmanaged devices with client-less ZTNA, many organizations are still relying on expensive, complex Virtual Desktop Infrastructure (VDI) that adversely impacts user experience.
In contrast, SURF Browser's Zero-Trust Browser provides a complementary and much more cost effective approach that extends seamless access to both internal private and public (SaaS) applications with strong data protections. For BYOD and 3rd party users, businesses can route select traffic to their preferred SASE for native integration into existing security visibility and operations.
Since some SASE solutions have little true visibility or control of encrypted, encoded cloud application traffic, SURF can control how users use those applications with strong data controls. As SASE providers encounter outages, SURF controls and protections remain "always on", providing valuable continuity of operation for protections, data controls and user experience.
Disaster Recovery: SURF Browser, thereby, implicitly serves as a Disaster Recovery (DR) solution. When SASE solutions face outages, businesses are often left exposed or without any network access. Businesses can redirect users to access applications and surf the web through their "always on" SURF browser, maintaining essential protections and user productivity even during SASE outages.
Hosting Facilities: For SASE users the experience can vary greatly depending on how far away they are from the nearest Data Center. As an edge compute based model, SURF has no reliance on "the cloud" except for policy updates, improving continuity and user productivity.
SSL Inspection: Since SASE solutions perform most or all of their work in the cloud, they often rely on the use of SSL inspection to identify and protect against malicious content. There are data paths where SSL inspection is not allowed due to privacy and regulations and SSL Pinning. SURF Browser can monitor traffic on these paths, provide the required protection and isolation, and forward file downloads to the SASE sandbox for scanning if desired.
SASE solutions are a popular, albeit an expensive option for businesses seeking to protect their networks and data. For the cost of one of the SASE vendor's "add on" licenses like RBI, SURF Zero-Trust Browser provides always on and unlimited browser isolation, while also delivering several business relevant use cases for which SASE is not yet well equipped. By integrating SASE and SURF together, businesses can assure continuity of operations, allow BYOD and third party access, better protect their environment and data, and largely finish collapsing their users' risk exposure.