Menace-Free IT Audits: How SASE takes the Fear out of Inspections

This post also appeared on LinkedIn.

Enterprise IT teams spend a great deal of their time aligning infrastructure with business objectives and goals. They enable product development teams to bring new products and services to market, facilitate customer/partner communication, and reduce costs in order to do more with less. They work 24/7 to make sure connectivity remains available, responsive, fast, and agile. 

Routine offers comfort. But IT work interruptions throw normal operations off-axis, especially in environments that employ complex legacy hub-and-spoke network architectures. For those enterprise IT teams, few disruptions seem more menacing than the dreaded IT audit.

IT auditors must examine the inner workings of enterprise IT to ensure regulatory compliance, assess risk, even triage network incursions. Auditors may peer into every corner of the network, inspect devices, review policies, check user interactions, and examine all IT assets. Such inspections can distract, and even pull resources away from critical-path work to support core business goals. 
 

Complexity: the devil in the details

IT audits—particularly “surprise” ones—can be menacing. But they’re even more daunting in a legacy environment. 

In an expanding digital world, enterprises increasingly integrate internal enterprise systems with external applications and data resources. Employees, customers, and partners accessing these applications must be able to access resources from anywhere, using any device. Large enterprises can have hundreds of applications hosted in multiple data centers on both internal and public clouds. Increasingly, internal applications connect to a wider ecosystem of applications and data resources from external entities via APIs. In legacy environments, data is all over the place, untrustworthy, difficult to collect, and hard to share. Network application access and security data are rarely centralized or easily available.  

This complexity makes IT audits (or any network data reporting in general) messy and time-consuming:

• An audit plan requires a detailed explanation of the IT applications and security landscape as a baseline reference for inspecting auditors.
• Application teams are responsible for providing context, and typically must coach auditors with demonstrations and discussions.
• Teams must curate hard-to-obtain reporting data like, say, who accessed an application at a specific time on a specific date, and whether that employee employed role-based access controls (RBAC).
• Meetings! Audit findings typically trigger multiple rounds of discussions to resolve open issues like missing data samples, audit extensions due to lack of certainty, or even disagreements. 

Audits expose how legacy architectures breakdown as they try to encompass cloud-based infrastructure and user access outside the security perimeter. Audits and inspections can find policy and structural issues, such as:

• Unauthorized applications access (through mismanaged credentials or poorly enforced IT access policies)
• Segregation of duties (SOD) control violations (where a user is both creates and checks transactions as part of compliance regulations such as Sarbanes-Oxley), 
• Mismatches between recorded IT assets in central configuration management databases (CMDB) and actual physical assets (such as servers, desktop and laptop computers, or mobile devices).

The one-stop audit: SASE architectures provide data in a centralized “single-pane-of-glass”

Legacy hub-and-spoke networks and castle-and-moat security architectures come with large stacks of disparate devices scattered across multiple sites. Some stacks are physical (perhaps housed in the HQ IT room down the hall), some may be virtual or remote (hosted in the cloud or even a data center. Collecting consolidated audit data can be a daunting task given the distributed nature of relevant data-generating IT applications, networks, and security technologies both inside and outside the enterprise boundary. All these network pieces have a part in user experience, system access, and security. 

At a minimum, the following data points should be readily available to show to auditors:

• Access-tracking data on user access to applications that shows time of access, duration, location, and access-device type
• Security incident data on malware, phishing, APT, and other malicious attempts to attack IT assets
• Data protection information on security controls that prevent data leakage from endpoints, data in transit, or from external cloud storage systems and applications
• Maintenance data that shows IT asset inventory and maintenance logs (including patches, updates, upgrades, etc.)
• Incident-response data documenting measures taken in response to network security breaches and infiltrations 

In response to an audit, enterprise IT must centralize data elements into readily available reports and dashboards. Collecting it from disparate systems is hard. Viewing it via a centralized “single-pane-of-glass” is easy.   

This is where Secure Access Service Edge (SASE) platforms (such as Zscaler) help. SASE architectures offer cloud-distributed edge-computing security-processing and establish a direct connection between the user and what the user accesses, rather than forcing the user to follow an indirect path to a cloud resource via a distant security stack. SASE provides integrated Cloud Access Security Brokering (CASB) and Cloud Security Posture Management (CSPM) to monitor and report on cloud-based infrastructure transactions and compliance.

All enterprise traffic crosses through the platform, and the platform provides comprehensive, detailed logs from web proxies, cloud firewalls, and sandbox services. SASE consolidates reporting instances to a single platform. Logs are available in real-time using a dashboard portal—in a central, searchable, single-pane-of-glass. Audits become painless: There’s no time-consuming data-collection effort since data is automatically-prepared, accurate, comprehensive, and transparent. IT teams can quickly and simply address audit requests (and other network reporting needs) based on SASE platform queries—rather than having to search through an entire network of logs and appliances.

In a SASE environment, IT audits are easy, collaborative, informative, and routine because the data is easily accessible. With SASE, network inspections may be a mild inconvenience. But the menace (of disruption, time, data integrity) is gone.
 

Face the audit menace with SASE

SASE directly connects user to resource, whether that resource is internal or external. These connections can be from anywhere and to anywhere, and not limited to resources inside the corporate perimeter. 

SASE architectures make audit inquiries less frightening. SASE provides IT teams the dynamic data they need, instantly. With SASE, that next IT audit or inspection can be a collaboration between IT teams and auditors. Both can have data information readily available at their fingertips!