Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

There’s a new acronym in town: SSE, which stands for Security Service Edge. If this looks mighty similar to Secure Access Service Edge (SASE), it’s because they are closely related.

Regardless of the industry or organization, corporate email is the main cause of unauthorized and accidental data leaks. Employees are constantly sending emails to external parties that may contain sensitive company data, personally identifiable information (PII), trade secrets and other intellectual property.

In some ways, IT teams had a great life in the early 2000s. Data was stored inside data centers and accessed through known ingress and egress points like a castle with a limited number of gates. As a result, organizations had control over exactly whom and what devices could access company data. This is no longer the case. With users accessing cloud applications with whatever networks and devices are at their disposal, those defense mechanisms have become inadequate.

As a major financial hub in Asia and globally, Singapore is very aware of the challenges facing the financial industry, especially the accelerated digital transformation that stemmed from the COVID-19 pandemic. In response to the sector’s increased exposure to cloud technology, the Monetary Authority of Singapore (MAS) has released a guideline to address cybersecurity risks associated with the adoption of public clouds.

With just about everything delivered from the cloud these days, employees can now collaborate and access what they need from anywhere and on any device. While this newfound flexibility has changed the way we think about productivity, it has also created new cybersecurity challenges for organizations. Historically, enterprise data was stored inside data centers and guarded by perimeter-based security tools.

The pharmaceutical company Pfizer recently acknowledged that thousands of internal documents were leaked, including trade secrets related to its COVID-19 vaccine. In a California lawsuit, Pfizer stated that a former employee had exfiltrated sensitive data to their personal cloud accounts and devices while they were still working there.

In quick succession in December, The Apache Software Foundation released information on two critical vulnerabilities in its Log4j Java-based library. The first vulnerability CVE-2021-44228, also known as Log4Shell or LogJam, was reported as an unauthenticated remote code execution (RCE) vulnerability. By exploiting how the library logs error messages, it could lead to a complete system takeover.

Here’s the reality: hybrid and remote work are here to stay. This means access to your corporate data can now come from anywhere, on any device and any network. In order to tackle this new norm, Gartner has defined a new cybersecurity framework called Secure Access Service Edge (SASE).

In Q1 of 2021, 4 in 10 people encountered an unsafe link while using their mobile devices – less than a year later, 5 in 10 people encountered threats in Q3 2021. This trend will only continue as text message, email and social media phishing scams surge.

A decade ago, many were reluctant to move to the cloud. Many felt like they would have to relinquish controls they had within their perimeters. That sentiment has since reversed, where organizations have become more comfortable with cloud technology. The newest concern is about corporate data leaving the cloud, especially as employees expect to work from anywhere. Software-as-a-service (SaaS) applications have enabled people to stay productive from anywhere, but have also amplified security gaps.