AskAnEngineer: Is A SASE Model The Future For Organizations?

November 25, 2020 Jose Bormey Jose Bormey

5 Min Read

If you haven’t already heard, secure access service edge (SASE for short) is what Gartner refers to as “the future of cloud security.” In recent posts, we explained what SASE is and revealed why an organization might think about switching their security architecture to this model. 

With all this upward momentum built around SASE, it was only necessary for our team of experts to dissect how an organization can actually benefit from shifting to this model. So, in today’s segment of “Ask-An-Engineer,” we’ll be chatting with our Director of Services, Abrael Delgado, to discuss the benefits of SASE, who SASE might be the best fit for, the technicalities of SASE, and much more. Let’s dive right in!

CQ: When might an organization consider shifting their security architecture to a SASE model?

In recent years, organizations have become more global with an increasingly distributed workforce. Now, the COVID-19 pandemic has only accelerated these trends, causing a more significant portion of businesses, applications, and data to move to the cloud. This opens up a host of various new opportunities, but so many fundamental IT infrastructure changes can also create new avenues for cybersecurity risk.

Networks in security architectures are unable to effectively serve the dynamic, secure access requirements of modern digital businesses. The enterprise data center is no longer the center of access requirements for users and devices. Digital transformation efforts, the adoption of SASE and other cloud-based services, and emerging edge computing platforms have turned the enterprise inside out—practically inverting historical patterns.

CQ: What is your experience using SASE products and services, and what are some of the critical aspects of SASE that you think are game-changers?

SASE is more than just the latest IT buzzword. There are many vendors in the industry that have invested in creating reliable platforms with game-changing aspects that would include more user-work-performance off of the enterprise network than on the enterprise network. Contrary to prior environments and requirements, there are more workloads running in infrastructure as a service (IaaS) then running into the enterprise data center. 

Hence, we see that with these shifts into the cloud and cloud providers, more applications are consumed via SaaS than enterprise infrastructure—and everything is an application. Data is not residing in the data center anymore! In fact, more sensitive data is located outside of enterprise and data center walls in the cloud, more user traffic destined for the public services than to the enterprises, and then more traffic from branch offices headed to public clouds then to the data center. That alone are game changers and change you know the business requirements and how they're operating.

CQ: How can organizations save money with SASE?

By consolidating the secure access services from a single provider, the overall number of vendors will be reduced. The number of physical and or virtual appliances, the number of appliances on each side, and the number of agents is reduced. This means the end-user has fewer agents installed on their devices, so the cost should be reduced over the long term as more of these services are adopted. The savings will come in the vendor’s consolidation’s hand of the technology stack. Cost-savings will vary depending on the organization, its number of sites, how many devices they currently have at each site, how many endpoints exist, etc. Again, since you're consolidating, the savings will come almost naturally.

CQ: Does integration work better with a SASE platform vs. different security postures?

With security and risk professionals in this day and age, need is a worldwide fabric mesh of network and network security capabilities that can be applied when and where needed to connect the entities. In a sense, organizations are not from day and night going to remove their existing infrastructure, and their security posture should remain critical. 

It’s an essential topic of discussion and consideration for any organization, but the shift for security staff from managing security boxes to delivering policy-based security… that's where you see that shift to “I no longer need to manage this firewall or manage these appliances.” It's more so the mind frame should change to policy-based delivery. SASE provides the required services and policy enforcements on command, independent of the user’s location or the services.

CQ: Performance & Dependability: How would you say SASE conquers both?

The adoption of SASE itself is a business enabler in the name of speed and agility. So SASE itself was designed with performance and dependability in mind—that's its purpose. It moves inspection engines to the sessions, not to re-route the sessions to actions. Leading SASE vendors provide optimized latency routing across worldwide P.O.P.S or Points of Presence. This is critical for latency-sensitive applications such as collaboration; So, we see it in our Zoom video, voice over IP, web conferencing, etc.—it's based on policy users routed through these high bandwidth backbones and the peering partners. 

CQ: How am I protected through SASE and what sort of administrative controls would we have?

The user’s identity, the device, and the service is one of the most significant pieces in the SASE context. It can be factored into the policy, so, again, it's designed for the users and the services to be anywhere across the globe. However, other relevant sources of the context should be available for input into the policy application. Some of which include the identity, the time of the day, the risk and trust, assessment of the devices themselves, the users, the users that are accessing them, and the sensitivity of the application or the data that's being accessed. Again, SASE was designed to get full control to the administrators from a policy-based perspective irrelevant of the location or application.

CQ: What are some of the complexities/caveats of SASE, if any?

SASE is designed to reduce the complexity of the existing network security by relying on just  one vendor for secure web gateway cloud, cloud access security broker (CASB), DNS, zero trust networks, and remote browser isolation capabilities. In a sense, it's designed to reduce the complexity engaged with network architects. To start planning for these SASE capabilities, the discussions amongst most organizations and customers that we talk center around considering software-defined (SDWAN) and MPLS offload projects as a catalyst to evaluate and integrate network security services. This reduces complexity by sheer design.

CQ: How easy can I scale with SASE? Is it possible to have a hybrid environment?

Yes, It's possible to have a hybrid environment, and in most organizations, that's the first logical step, right? They’re not going to just rip out their existing infrastructure on-premise overnight. It would just not be feasible, but the digital business transformation requires anywhere-anytime access to these applications services. As I mentioned before, that's what SASE is designed to conquer. 

While enterprise data centers will continue to exist for years to come, the percentage of traffic destined to and from will continue to shrink as we are already seeing today. So, it’s possible to have a hybrid, and that's typically what most organizations do. We see more and more of our companies in the community have non-physical infrastructure, and again, it’s designed for performance dependability, to reduce complexities, and to scale. Scaling the most!

Dive deeper into SASE now with Compuquip!

What can SASE mean for your organization? The possibilities are endless as the SASE model continues to break cybersecurity barriers and level out the playing field for cybersecurity postures of the past. Are you interested in learning more about SASE and how your organization may benefit from its features? Contact our team today to speak with our SASE experts!

New call-to-action

cdo-guide-to-omnichannel-security