Even before the pandemic, cloud services were thriving as more businesses sought to go remote. In the US, for instance, the rate of remote work adoption has been rising year-in-year-out for the last 15 years, as reported by the Federal Reserve. Over the last year, more businesses have quickly moved to offer employees a way to work seamlessly from anywhere.
An array of technologies is coming into play to support this digital transformation, with Software as a Service (SaaS) and Firewall as a Service (FWaaS) leading the way. At the same time, a relatively new architecture, the Secure Access Service Edge (SASE), first defined by Gartner, is becoming even more popular. This is no surprise as it combines the capabilities of different technologies into one single platform that offers the network and security that businesses are so much in need of in this era of working virtually.
What is SASE?
SASE, which stands for Secure Access Service Edge (and is read as ‘sassy’), is a model first coined by Gartner in 2019.
The SASE model’s core focus is to:
provide a unified platform that streamlines network access
boost network performance
reduce the number of vendors and devices interacting with IT
SASE can also be viewed as a network architecture that rolls SD-WAN and security into cloud service with simplified wide area network (WAN) deployment and improved network and security efficiency.
How Does SASE Work?
SASE can be analogized by how traditional ‘hub-and-spoke’ enabled users to connect from various locations (spokes) to resources hosted in centralized data centers (hubs). While this network infrastructure can still work, it’s doomed when it comes to dealing with complexities introduced by cloud-based services. On the contrary, SASE works by merging the network or Software-Defined Wide Area Network (SD-WAN) and network security like FWaaS, SaaS, CASB, secure web gateway, and Zero Trust into a single cloud-based service provided by a single service provider.
Essentially, half of the technologies that power SASE are based on the network traffic while the other half major on network security. To achieve the desired level of performance, reliability, safety, and cost, every network session is designed based on the following factors:
What is the identity of the entity requesting a connection?
The real-time context — behavior, state of the device, plus the sensitivity of the resources being accessed.
Enterprise compliance and security policies.
Ongoing evaluation of risk during each session (continuous assessment of session)
As mentioned earlier, SASE brings together the capabilities of:
SD-WAN: The SASE provides a cloud-based WAN that differs from the traditional stand-alone infrastructure that requires heavy hardware. This Software Defined-WAN has distributed Point of Presences (PoPs) that slashes the latency and security issues experienced on the public internet.
FWaaS: Helps protect the infrastructure and applications from cybersecurity threats through URL filtering, intrusion detection/prevention, and uniform policy management.
Cloud access security broker (CASB): The array of security functions the CASB performs includes; unauthorized access detection, data confidentiality via access control, data loss prevention, and data privacy compliance implementation.
Secure web gateway (SWG): Tasked in preventing cyber threats and data breaches by web traffic filtering, blocking suspecting user behavior, and imposing company security policies.
Zero trust network access (ZTNA): Enables enterprises to enforce limited visibility and users accessing the company’s services or applications. It focuses on securing the system/network based on identity by requiring real-time verification in order to access any resource on the SASE.
Gartner predicted that 40% of businesses would adopt SASE by 2024. However, this is fast changing as companies shift to facilitate remote teams to take advantage of the secure and fast platform. SASE brings the elasticity and agility needed to meet client demands in the current workforce – further pushed by the growth of the number of employees working remotely.
What Are the Benefits of a SASE Model?
1. Reduced Complexity
Being an integrated cloud-based platform, SASE meaningfully reduces complexity and cost as companies can now deal with fewer vendors. Besides, the number of the hardware and agents on the end-user devices decreases.
2. Enhanced Performance
There is enhanced performance. SASE allows you to access and connect to resources from whenever you’re located. Users can now have the same experience independent of the kind of request they place or location they’re.
3. Increased Agility
One of the keys to digital transformation in business is the agile factor. SASE enables sharing of Apps, services, APIs with others involving minimal risk. Employees, partners, customers, or contractors can access the network securely and efficiently without the fear of traditional security posed by VPNs and DMZs.
4. Heightened Security
Deploying a secure access service edge increases flexibility, threat prevention, and data protection. The cloud infrastructure makes it pretty straightforward to deliver advanced security services, including web filtering, sandboxing, credential theft prevention, DNS security, next-generation firewall policies, etc.
Threat detection and prevention by state-of-the-art data protection policies is another top-notch perk why you’d want to consider SASE. The Zero Trust approach advances the same by removing any trust assumptions. The infrastructure also demands fewer deployment activities, monitoring, and maintenance.
What Are the Challenges to Deploying SASE?
Being relatively new, SASE adoption faces several challenges.
Since some providers have limited experience in either networking or security, some services from providers may fall short of the expectations on either side of the SASE.
Vendors are still more focused on on-premise hardware than cloud-based, which shows that the initial offerings may be an infrastructure only focused on servicing a single customer at a time.
The lack of experience by some traditional vendors in proxies may lead to cost and performance tussles. At the same time, the inability to understand context might end up limiting them from making informed decisions.
The global coverage of PoPs might prove costly, leading to inefficient performance when accessing resources from different locations as some sites can be much further from the nearest PoP.
SASE transition introduces challenges as it demands an integration of network and security IT teams since infrastructure cuts across the two. Companies may need to retrain their IT staff to handle this new technology.
It is important to remember that Secure Access Service Edge adoption is not the magic answer to all network and network security issues. However, it promises businesses faster response time in case of disruptions or crises, which significantly reduces the impact they may cause. Additionally, it allows businesses to be better equipped for the widespread adoption of 5G technology.
Figuring out all your bases to cover pertaining to your organization’s IT strategy is not an easy process to navigate, especially in times like these— and that’s why Electric is here to support your organization.