SASE: Rethinking Network Security in the Age of the Globally Distributed Cloud
Today’s network security solutions are proving inadequate, based on a major shift in the spotlight on where data and resources are located and work is performed in the enterprise network.
With the increase in remote-based users, Software-as-a-Service (SaaS), and globally distributed cloud services, the focus of identification has changed from the data center to the user or device. This isn’t your father’s network security problem, and it requires a completely new solution. Enter Secure Access Service Edge, or SASE (pronounced “Sassy”).
The movement away from “data center-centricity” to globally distributed cloud services requires a single, overarching networking solution that can offer simplification, decryption, and inspection of data regardless of its source, while providing uninterrupted access for users.
In order to meet this continually morphing challenge, the SASE emerging platform integrates technologies such as CASB, FWaaS, SWG, and ZTNA, all within an SD-WAN providing seamlessly unified networking architectures and network security functions.
The major concept to grasp in the evolving networking landscape is the necessity of leaving behind the idea of securing an environment made up of a group of on-premises network and security platforms. Instead, the modern business is finding it increasingly necessary to immerse their network and security solutions natively into the cloud, requiring the convergence of all network edges and network security domains.
SASE is still in the early stages of development, but gaining traction in the industry, according to Gartner. The current demand has been created by an ever-expanding drive toward remote and mobile personnel accessing their digital workspace someplace other than the traditional data center. Instead of employees occupying their usual cubicles in a large headquarters or in branch offices, many businesses are partially to completely virtual, with some or all of the workforce physically located anywhere in the world that has internet access.
This has created an enormous security problem for the “old school” static network. Prior to the ubiquitous presence of “the cloud” and workplace virtualization, a secure edge access network security solution was unnecessary. The majority of business was done on-site, employing only a handful of mobile users, such a sales reps, across a VPN. Edge SD-WANs were used to manage security, access, and flow.
However, such an unyielding structure scales very poorly when you redistribute where and how work is done from “the office” to the globally distributed cloud. In order to adapt, these legacy solutions require multiple platforms and consoles that are incompatible with maintaining consistency of service. This results in inhibiting team collaboration, increasing administrative effort in managing multiple on-premises solutions, and escalating the level of complexity in managing the network and network security.
The time has come for a new approach that leverages this shift in focus. The required solution must offer networking and security from a distributed platform, and provide resources and services quickly and simply regardless of a user’s location. This would be exceedingly difficult if a population of remote users had to access their resources from a data center located on the home company’s premises.
Since SASE solutions use a single, converged software platform, it’s far easier for IT teams to collaborate to enforce policies across the enterprise. With the reduction of administrative effort in network security maintenance, IT departments can better track system updates and optimization, becoming more agile and flexible.
But why is the enterprise so slow to adopt SASE? After all, technology is an ever-changing panorama, with new hardware, applications, and procedures coming out daily. One answer could be the human resistance to change, but another response is more likely. SASE integration is not simply upgrading pre-existing resources in the network—it’s a fundamental redesign of how networking and security is conceived of and performed. It represents not only a basic shift in thinking, but of cost.
Compare this to worldwide adoption of the IPv6 protocol, designed to replace IPv4 and to provide an almost inexhaustible supply of IP addresses, as well as vastly improve overall networking security. According to Google, only 20% to 22% of the world has adopted IPv6, in spite of knowing that IPv4 addresses were running out more than two decades ago.
Patches and upgrades are a way of life in IT on a day-to-day basis. Revolutionary change takes a little bit longer.
What Does SASE Do?
SASE treats both networking and security as a cloud-based service, integrating the major components of each into a single deliverable, rather than treating those components as discrete elements or hardware/software solutions requiring integration. The traditional methods of enterprise networking and network security have been turned inside out, much like a pair of socks coming out of the dryer.
The results, from a technical perspective, include:
- Establishing data protection policies within the SASE, preventing unauthorized access to, and theft of, data.
- Content protection, allowing full inspection of content within the integrated SASE environment. Also preventing threats, and providing for better visibility and security in the network.
- Addressing the cloud with a zero-trust assumption when users, devices, and applications connect, establishing session protection regardless of the user’s location.
- Connecting to resources, regardless of location, across the globe increases performance and enhances productivity.
- Consolidating security, which allows greater simplicity in the network infrastructure, thus reducing IT administrative effort.
- Seamlessly delivering multiple security and networking services such as threat prevention, data loss prevention, web filtering, credential theft, and next-gen firewall policies, providing the ultimate in flexibility and agility.
These capacities literally re-write the landscape of enterprise networking and network security, giving organizations employing this solution the edge in the distributed cloud-based space.
How is SASE Different from Current Solutions?
That claim is supported by comparing SASE to current or legacy networking and security networking methods.
Assume for this comparison that you’re a mid-sized to enterprise-level corporation which depends heavily on globally distributed cloud services, with a business that is partially to completely virtual. Your employees are physically located all over the world. How are your network and security needs being met using legacy methods vs. SASE?
In a legacy environment, your IT teams are always scrambling, continually configuring multiple, disparate solutions in an attempt to maintain some manner of consistency and control across a static networking landscape. Because IT is forced to utilize a plethora of different hardware and software solutions, administrative maintenance is high, and provisioning new solutions is extremely difficult.
With SASE, because all networking and security components are fully converged in a cloud-based service, maintenance of the overall environment containing users, devices, and applications is managed quickly, regardless of physical location of components.
Control and Management
With a set of legacy solutions, control and collaboration of IT services is difficult, and teams are isolated based on the point solutions they support. There is a lack of overall visibility into the infrastructure, making management and troubleshooting slow and awkward. Having multiple on-premises devices and applications inhibit scaling, sizing, and upgrading.
With SASE, the converged software stack allows for maximum visibility and control of all network and security events via use of a single interface. IT teams are better able to cooperate and combine their efforts with much less administrative effort, improving efficiency and productivity. This also allows IT to optimize system requirements and roll out upgrades and improvements more quickly and easily.
Continually managing a network and network security using multiple, discordant solutions makes planning for future growth difficult. The maintenance of existing hardware and purchase of new equipment becomes costly, with no end in sight. The organization is perpetually caught in the trap of paying more for a decreasing quality of service.
The Who’s Who of SASE
There are quite a few vendors that have begun appearing in the SASE space. Since Gartner first introduced SASE in fall 2019, several contenders have emerged, most notably Barracuda, Cato Networks, and Zscaler. Additionally, Palo Alto Networks has entered the ring, along with Cisco, Fortinet, McAfee, Open Systems, and other vendors. However, it’s too early to determine who will surface as a leader in the SASE field.
What is more clear, however, is that we’re moving toward a future in which cloud is incorporated into everything, and preparing for that future means investigating coming technologies like SASE to see if they can benefit your organization.