What is SASE and Why Should You Care?

April 21, 2020 Eric Dosal Eric Dosal

6 Min Read

Network security has come a long way from the days of on-premises mainframes locked away in a server room. Today’s organizations must manage and secure networks that sprawl across multiple continents and incorporate a variety of potential access points. Some data might be housed in a physical server while other applications are stored in a public cloud platform that can be accessed from anywhere. As the network landscape continues to evolve, companies are looking for new solutions that allow them to maintain data security and control access to their mission-critical systems without compromising the flexibility their networks need to continue driving business results.

What is SASE?

Introduced by Gartner in its August 2019 “The Future of Network Security in the Cloud” report, the concept of the Secure Access Server Edge (SASE) has rapidly found its way into cybersecurity discussions across the technology industry. Pronounced “sassy,” SASE is essentially a cloud-based convergence of a number of existing security technologies, specifically software-defined wide-area networking (SD-WAN) and network security solutions such as cloud access security broker (CASB), firewall-as-a-service (FWaaS), and Zero Trust, into a single, comprehensive service model.

As Gartner states in the report:

SASE capabilities are delivered as a service based upon the identity of the entity, real-time context, enterprise security/compliance policies and continuous assessment of risk/trust throughout the sessions. Identities of entities can be associated with people, groups of people (branch offices), devices, applications, services, IoT systems or edge computing locations.

The need for SASE arose from the difficulties organizations encounter as they endeavor to manage and secure their existing network systems while also delivering the low-latency, uninterrupted access their users demand. As the number of remote users increases and more companies turn to software-as-a-service (SaaS) applications, networks are becoming far more complex than the old “on-premises” networks of previous decades. Today, data must travel from a centralized data center to branch offices along the network edge to a variety of public cloud services and then back again. And this doesn’t even take into account all the data coming to and from the network through the multitude of Internet of Things (IoT) devices active on the edge.

Gartner predicts that 40 percent of enterprises will embrace a SASE strategy by 2024. The advantage of SASE network architecture is that it can identify multiple users and devices interacting with the network and then apply policy-based security and access protocols related to the applications and data being used. Unlike a traditional network security model that centralizes access controls and policies, SASE enables organizations to provide secure access regardless of where users, applications, and devices are located.

7 Benefits of the SASE Security Model

As organizations continue down the winding road of digital transformation, they need to identify new networking security strategies that are suited to the cloud-centric nature of modern enterprise services and virtual workplaces. The unique characteristics of Gartner’s SASE security model provide a number of key advantages in this regard.

1. Cost Savings

Securing the various aspects of a distributed network architecture that incorporates multiple points can quickly become an expensive undertaking. Every security solution implemented in a network needs to be monitored, updated, and maintained. Rather than using a different security strategy for a private cloud network, public cloud services, and various edge deployments, using a single SASE platform to provide a comprehensive approach to security can significantly reduce IT expenses and free up valuable resources.

2. Improved Performance

The cloud-native aspect of SASE is both scalable and streamlined. It allows users to access applications and data from any endpoint without jumping through a variety of security hoops no matter where they’re located. That means they can work and collaborate faster than ever before and are less likely to encounter difficulties and obstacles that might bog down network performance.

3. Flexibility

One of the inherent advantages of any cloud-based infrastructure is its flexibility. When new features, controls, or protocols need to be added, it’s relatively easy to provision cloud computing resources to handle those demands. As organizations grow and look to build-out their IT network, SASE makes it easier to scale their network and security strategy along with it, adding services such as web filtering, sandboxing, credential theft prevention, and enhanced firewall policies as they need them.

4. Reduced Complexity

Managing multiple network and security products can be challenging for an IT team, especially if that team is also tasked with developing or improving the network products and services an organization offers. By consolidating the IT network and security stack into a cloud-based service model, valuable IT personnel can manage, update, and maintain security and access controls from a single point rather than managing multiple points. That means less time spent shuffling between disparate systems and fewer vulnerabilities in the network architecture to exploit.

5. Threat Prevention

The consolidated nature of an SASE network provides much greater visibility in terms of risk mitigation. All users, applications, and devices can be monitored and managed, regardless of their location. More importantly, separate security controls can be applied to each of them. Those controls will follow them no matter where they’re located in the network or where they’re accessing it from. Unauthorized activity can be identified earlier and addressed much more quickly thanks to this enhanced visibility.

6. Data Protection

Few incidents are more concerning for an organization than a data breach. The unauthorized access, abuse, or loss of sensitive information can inflict tremendous damage on a business. With a consolidated SASE framework that applies policy-based security across every level of the network architecture, organizations can ensure that their data protection policies are being imposed wherever their data is located.

7. Zero Trust

A “zero trust” security framework assumes that any user, device, or application attempting to connect to a network could be a potential threat. Traditional network security often treats users within a local network architecture as trusted actors once they provide proper authentication upon initial access. A zero-trust approach removes such trust assumptions, whether the user (and their devices) is on or off the corporate network. The cloud-based nature of an SASE solution allows organizations to provide complete session protection no matter where, when, or how access is requested.

4 SASE Service Requirements

There are a few key characteristics of SASE that make the approach unique to other security services and strategies. A true SASE service provider should be able to meet a number of baseline requirements to be worthy of the name.

1. WAN Edge and Network Security Model Convergence

Meeting the customer demand for simplicity, scalability, low latency, and security requires organizations to combine the physical and virtual aspects of their WAN edge and network security models. Simply chaining those appliances together isn’t enough to qualify as a true SASE solution because they will be difficult to manage, slower, and less reliable. Converging both networking and security into a cloud environment that’s purpose-built for scalability and performance is a foundational requirement for an SASE security model.

2. Cloud-Native Service Delivery Designed for the Edge

Today’s organizations have pushed more and more of their services to the network edge in an effort to combat latency and improve performance. Rather than gathering data on the edge and sending it back to centralized servers for processing, these deployments instead process and manage as much data as possible at or near the edge. This strategy has rendered the old “box-oriented” delivery model of network services largely obsolete, especially as users and devices have become so much more distributed. These edge networks, however, significantly increase the potential threat surface, making strong security a necessity. Since edge services are facilitated by cloud computing with multiple points-of-presence, it makes sense for an SASE solution to live within that same multi-point environment to apply consistent policies and controls across all levels of the network architecture.

3. Unified Vendor Services

There are a number of point solutions that organizations often utilize to address their specific networking and security needs. Solutions such as SD-WAN, VPN, SWG, and NGFW all have their uses, but they also require companies to purchase, size, scale, and maintain them separately. As a transformational cloud-native solution, SASE eliminates the need for legacy silos and offers a “one-size-fits-all” alternative. Any service that provides individualized point solutions that must be managed individually falls short of the requirements of SASE, even if these applications are chained together.

4. Identity-Based Access

Security controls based on identity are core to SASE solutions. Rather than anchoring access and security policies to a specific IP address or physical location, SASE focuses on the identity of the user (whether it’s an individual, device, or application) and the real-time conditions surrounding their attempts to access the network. These controls dictate how traffic is routed and prioritized as well as what security controls are placed upon requests. This means that a person accessing the network from one location with one device may have a different user experience than they would have from a different location with a different device (or the same location with a different device or vice versa). Because all policies are tied to the user identity and not based on an IP address, SASE gives organizations tremendous flexibility when it comes to customizing access and security.

As company networks become more complex and distributed, they need to identify cloud-based solutions that allow them to better manage connectivity and security as they endeavor to scale their business. Thanks to SASE services, they can establish greater control over their networks while significantly streamlining the process of managing them.

If your organization is looking for innovative solutions to solve the security challenges facing your distributed networks, contact the team at Compuquip today to explore your options.

back-to-cybersecurity-basics

cdo-guide-to-omnichannel-security

Related Articles