Today’s digital-first world has been stressing our traditional network security measures to keep pace with evolving cyber threats. In the past, Wide Area Network (WAN) solutions relied on private Multiple Label Switching (MPLS) connections, remote user VPN connections and an array of other, often disparate, network security solutions. Traditional WAN management and security was siloed, complex and confined to specific locations. With innovations such as cloud computing and a more remote workforce, organizations are now turning to secure access service edge (SASE) solutions to strengthen their cybersecurity posture.
As defined by Gartner, SASE delivers converged network and security as a service capabilities, including Software-Defined Wide Area Network (SD-WAN), secure web gateway (SWG), cloud access security broker (CASB), next-generation firewall (NGFW) and zero trust network access (ZTNA). SASE supports branch office, remote worker and on-premises secure access use cases. SASE is primarily delivered as a service and enables zero trust access based on the identity of the device or entity, combined with real-time context and security and compliance policies.
Why SASE is on the rise
SASE disrupts and simplifies the traditional WAN management and security approach by consolidating multiple security functions into a single, cloud-native platform. Instead of private MPLS, SD-WAN provides a less complex and more flexible way to connect remote branches to a SASE cloud, using one or several Internet connections. SD-WAN appliances replace on-premises firewalls and MPLS routers, in favor of NGFW’s that reside in the cloud. Just like the SD-WAN appliances leverage any number of Internet connections to connect into the SASE cloud, remote users leverage software clients that create tunnels to the nearest global point of presence (PoP).
SASE also adopts a zero-trust approach. Access to the corporate network, and more specifically its applications and data, is secured based on identity and context. Leveraging CASB ensures users only have access to the cloud services approved for use on the corporate network. The continuous monitoring and adaptive access policies help prevent data breaches and attacks. The convergence of network and security into a single management plan eases the administrative burden on IT staff and ensures consistent security policies are applied throughout the network, no matter where users are connecting from. Users report better performance, as traffic is optimized through cloud scalability and global PoPs. It’s for these reasons SASE is becoming an essential component of modern cybersecurity strategies.
Key SASE attributes
The hype around SASE comes with valid benefits but not all solutions are equal, and the cost can be tough to sell upwards. Here are some attributes of an effective SASE solution and how to position it successfully.
The service must blend comprehensive WAN and network security functions (SWG, CASB, FWaaS, and ZTNA) into a single, integrated service. Many solutions from top name vendors do not meet this requirement and instead marry disparate security solutions with firewalls or SD-WAN appliances to achieve similar outcomes.
- Cloud-Native: SASE should be cloud-native. Cloud-native SASE is scalable on a global level, so the service can adapt with business growth. The same elasticity benefits of cloud computing models apply here as well.
- Global Backbone: A global network of distributed PoPs provides the best possible performance for applications and data accessed across the network. Path optimization and application-aware routing are key benefits of this approach.
- Simplified Management: A cloud-native SASE with converged WAN and network security functions should be manageable from a centralized platform. Reducing complexity and administrative time is one of the greatest cost-saving features of a well architected SASE solution.
- ZTNA: User identity and context, such as device type, location and time are an improvement over traditional perimeter-based security models. Users no longer have unrestricted access across the network, just because they can authenticate. ZTNA enforces granular access, using least-privilege access principles, significantly reducing the attack surface.
The value proposition
As technologists, we are often much better suited to articulating the technical nuances of various solutions, as opposed to conveying the value of those solutions to the business. SASE is no different. Rattling off the breakdown of key attributes, which vendor meets them and which doesn’t, does little to further the conversation with leadership ranks. Focusing on the cost won’t get you there either. Plain and simple, SASE is transformative. Driven by the increasing adoption of hybrid cloud strategies and the rise in remote work, organizations need a new and better way to secure users and data. Disparate solutions that don’t scale, and are difficult to configure and manage, are putting your business at risk and draining time from already busy IT staff.
It’s the opportunity cost of not making a change that needs to be highlighted. We’ve all been here before when the concept of cloud computing was foreign and scary. Initially, most of us compared the cost of cloud to our own compute, memory and storage, laughed and then bought more hardware. We gave little attention to the time that goes into vetting new technology, capacity planning, lifecycle management, compliance and security. Cloud solutions give us back time that can be reinvested in other areas of the business. Choosing the right SASE solution will transform how your business connects and secures a critical resource — its data.
