“Instead of the security perimeter being entombed in a box at the data center edge, the perimeter is now everywhere an enterprise needs it to be — a dynamically created, policy-based secure access service edge.”Gartner, The Future of Network Security is in the Cloud; 30 August 2019
– Lawrence Orans, Joe Skorupa, Neil MacDonald
Hacks and data leaks have become so commonplace these days that most of us are no longer shocked by massive attacks that leave companies scrambling to pick up the pieces. But the fact that we almost expect hacks to happen doesn’t mean that we should become complacent when it comes to security.
If we believe the hype, SASE – or Secure Access Service Edge – may be the answer.
There are several factors at play, helping to stir up the need for better security solutions. Much of the impetus for this change revolves around the push toward the cloud – both as a place to store data and as a means to access applications and services. Yes, we’re moving to the cloud, but where does SASE fit into the picture?
No more status quo
The past year has put a lot of focus on IT teams and where they have either succeeded or failed to provide continuity to employees. Many of us have been working from home for the better part of a year, but we still need to get our jobs done. We still want to have the same fast, reliable connection to apps and services that we enjoyed at the office. And we still need to be safe while doing it, regardless of the Wi-Fi or cellular network we’re likely to be using.
As a result, SASE has become a rallying cry for the future of cloud-based security. Whether it’s a Firewall-as-a-Service offering, a Software Defined Perimeter (SDP) built on a zero-trust architecture, experience monitoring, or a variety of other cloud-powered network and security solutions, the SASE concept points to the future of secure remote access for an increasingly mobile and distributed workforce.
The need for secure, remote access
The big question remains, why do we need SASE? While many organizations do still keep some applications on-premise, many of the applications used by employees are already in the cloud. Office 365, Salesforce, Splunk, Dropbox, Slack, Sharepoint, Okta, Zoom and more are just a few examples. In fact, employees are using an average of eight different SaaS applications every day. We’re also using more devices, like mobile phones, laptops and tablets to do our work, running on more operating systems, and using more non-corporate networks more frequently, including Wi-Fi, 4G LTE and even 5G tethering.
Having to tunnel all of this data and all of these applications through a corporate network and all of its security and policy tools has become a huge bottleneck. Gartner refers to this as ‘network gymnastics,’ which has resulted in the need for greater bandwidth even while causing more latency and limiting secure, direct access to applications.
So instead of this traditional approach to network and security solutions, SASE offers us the ability to deliver those same networking and security solutions to the distributed workforce at the edge, where they can be most effective.
This new SASE model may take several years to accomplish, but it will ultimately sit between the organization’s agile users and the corporate resources they want, delivering identity-centric network security in the cloud.
“SASE is a new package of technologies including SD-WAN, SWG, CASB, ZTNA and FWaaS as core abilities, with the ability to identity sensitive data or malware… with continuous monitoring of sessions for risk and trust levels.”Andrew Lerner, VP Analyst, Gartner
Let’s take a closer look at three specific areas where SASE promises the greatest benefits: reduced complexity and cost, improved user experience, and lower risk.
Reduced IT complexity and cost
With users accessing corporate data across cloud applications and SaaS services from virtually any location, the old network-based security model is being stretched to breaking point. To compensate, over the last year many organizations have taken a Band-Aid approach of adding capacity and scaling existing solutions by deploying additional services to fill the gaps. While these short-term fixes have helped, they have also increased maintenance and operating costs. Despite this costly approach, this traditional network security model hasn’t been able to scale and isn’t agile enough to meet the needs of distributed employees.
SASE turns this legacy approach on its head by focusing on verifying the identity of the users who are trying to access data rather than trying to create a perimeter around the applications. By introducing elements of zero trust into the process, SASE solutions can either permit or deny a connection to a specific service based on each organization’s customizable policies.
Enhanced user experience
Next on the list is user experience. Back when most users were still inside a protected corporate network with applications running in a data center, it was far easier for IT teams to manage and positively influence the user experience. That was largely thanks to the controlled environment and great network visibility. Now, however, with applications distributed across multiple cloud environments and users literally being outside the corporate perimeter, using a legacy VPN to access these applications makes significantly less sense.
This isn’t to claim that SASE is a panacea for all network issues. If the pandemic has taught us anything, it’s that troubleshooting IT issues for remote employees can be incredibly time-consuming and frustrating. But SASE does bring security right to users, allowing IT teams to optimize secure, direct connections to cloud applications and services. This not only lowers bandwidth needs but also decreases latency.
Last but not least, because SASE components can be applied dynamically whenever and wherever needed, based on policy, they promise to lower risk thanks to all of this enhanced security. In a world where users, applications and data are all so dispersed, the various elements of the SASE framework – CASB, SWG, ZTNA, etc. – combine to protect users and reduce the attack surface by hiding network identities. Compared to the legacy approach of networking and security, the SASE framework offers far more flexibility and room to adapt to technology changes in the future.