This post also appeared on LinkedIn.
Enterprise IT teams spend a great deal of their time aligning infrastructure with business objectives and goals. They enable product development teams to bring new products and services to market, facilitate customer/partner communication, and reduce costs in order to do more with less. They work 24/7 to make sure connectivity remains available, responsive, fast, and agile.
Routine offers comfort. But IT work interruptions throw normal operations off-axis, especially in environments that employ complex legacy hub-and-spoke network architectures. For those enterprise IT teams, few disruptions seem more menacing than the dreaded IT audit.
IT auditors must examine the inner workings of enterprise IT to ensure regulatory compliance, assess risk, even triage network incursions. Auditors may peer into every corner of the network, inspect devices, review policies, check user interactions, and examine all IT assets. Such inspections can distract, and even pull resources away from critical-path work to support core business goals.
IT audits—particularly “surprise” ones—can be menacing. But they’re even more daunting in a legacy environment.
In an expanding digital world, enterprises increasingly integrate internal enterprise systems with external applications and data resources. Employees, customers, and partners accessing these applications must be able to access resources from anywhere, using any device. Large enterprises can have hundreds of applications hosted in multiple data centers on both internal and public clouds. Increasingly, internal applications connect to a wider ecosystem of applications and data resources from external entities via APIs. In legacy environments, data is all over the place, untrustworthy, difficult to collect, and hard to share. Network application access and security data are rarely centralized or easily available.
This complexity makes IT audits (or any network data reporting in general) messy and time-consuming:
Audits expose how legacy architectures breakdown as they try to encompass cloud-based infrastructure and user access outside the security perimeter. Audits and inspections can find policy and structural issues, such as:
Legacy hub-and-spoke networks and castle-and-moat security architectures come with large stacks of disparate devices scattered across multiple sites. Some stacks are physical (perhaps housed in the HQ IT room down the hall), some may be virtual or remote (hosted in the cloud or even a data center. Collecting consolidated audit data can be a daunting task given the distributed nature of relevant data-generating IT applications, networks, and security technologies both inside and outside the enterprise boundary. All these network pieces have a part in user experience, system access, and security.
At a minimum, the following data points should be readily available to show to auditors:
In response to an audit, enterprise IT must centralize data elements into readily available reports and dashboards. Collecting it from disparate systems is hard. Viewing it via a centralized “single-pane-of-glass” is easy.
This is where Secure Access Service Edge (SASE) platforms (such as Zscaler) help. SASE architectures offer cloud-distributed edge-computing security-processing and establish a direct connection between the user and what the user accesses, rather than forcing the user to follow an indirect path to a cloud resource via a distant security stack. SASE provides integrated Cloud Access Security Brokering (CASB) and Cloud Security Posture Management (CSPM) to monitor and report on cloud-based infrastructure transactions and compliance.
All enterprise traffic crosses through the platform, and the platform provides comprehensive, detailed logs from web proxies, cloud firewalls, and sandbox services. SASE consolidates reporting instances to a single platform. Logs are available in real-time using a dashboard portal—in a central, searchable, single-pane-of-glass. Audits become painless: There’s no time-consuming data-collection effort since data is automatically-prepared, accurate, comprehensive, and transparent. IT teams can quickly and simply address audit requests (and other network reporting needs) based on SASE platform queries—rather than having to search through an entire network of logs and appliances.
In a SASE environment, IT audits are easy, collaborative, informative, and routine because the data is easily accessible. With SASE, network inspections may be a mild inconvenience. But the menace (of disruption, time, data integrity) is gone.
SASE directly connects user to resource, whether that resource is internal or external. These connections can be from anywhere and to anywhere, and not limited to resources inside the corporate perimeter.
SASE architectures make audit inquiries less frightening. SASE provides IT teams the dynamic data they need, instantly. With SASE, that next IT audit or inspection can be a collaboration between IT teams and auditors. Both can have data information readily available at their fingertips!