By: Samia Oukemeni
July 13, 2021
By: Samia Oukemeni
July 13, 2021
Organizations seek to accelerate growth in an era of rapid change and adapt quickly to the IT ecosystem's demands. With a shift towards the Cloud, security and access controls are moving outside the traditional enterprise perimeter. As a response to these demands, Gartner Inc. introduced a new enterprise networking technology, Secure Access Service Edge or SASE (pronounced Sassy), to solve emerging network and security challenges.
Inside Out: The Shift Towards Cloud-Based Services
With the digital transformation of businesses, users are demanding immediate access to the organization's resources regardless of location. The increase in software-as-a-service (SaaS) applications usage and the remote working trend (due to the rise of COVID-19 in 2020) reshaped the network and security requirements. The existing network and security approaches are no longer providing the adequate level of security to respond to these dynamic perimeter changes. More traffic is going towards public and semi-public clouds outside of the traditional boundaries of the enterprise network. The new perimeter of the enterprise is a set of dynamic edge capabilities delivered when needed.
What is SASE?
In 2019, Gartner published an article entitled "The Future of Network Security is in the Cloud." It explained that enterprise security's barycenter shifted, and the need to secure the enterprise's data center has become outdated. The new paradigm of security is more linked to the users through their identities and devices. As users become increasingly mobile and services more outsourced, the traditional organization perimeter as the primary security focus of the enterprise has become an obsolete model. This can hinder the agility and the growth of a business, thus to its development. This change has given rise to a new paradigm, which Gartner calls "Secure Access Service Edge" (SASE ), enabling secure and fast cloud adoption.
SASE combines the network and security capabilities in a dynamic access service edge, regardless of the location of users, services, or resources. It converges the network and security capabilities into a single cloud-based service based on the identity of entities and real-time context to support the organization's digital transformation and business needs.
SASE is an emerging architectural concept combining network capabilities (SD-WAN) with security functions (such as SWG, CASB, FWaaS, and ZTNA) to support the dynamic access control needed. It gives visibility on all traffic from and between all edges (cloud, mobile, etc. ;) and from edges to the Internet. A SASE solution broadly includes:
- Network as a service
- WAN optimization
- Bandwidth aggregation
- Global private backbone
- Security as a service
- Firewall-as-a-service (FWaaS)
- Secure web gateway (SWG)
- Next-generation antimalware (NGAM)
- Intrusion prevention system (IPS)
- Cloud access security broker (CASB)
- Zero-Trust network access (ZTNA)
Benefits and Challenges of SASE
Gartner predicts that "by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, and by 2025, at least one of the leading IaaS providers will offer a competitive suite of SASE capabilities."
The SASE architectural solution can provide several benefits:
- Reduction in costs and complexity by consolidating secure access services.
- Increase performance and global access to corporate data.
- The cloud-based infrastructure provides flexibility.
- A Zero-Trust approach to the cloud and identity-based access.
- Prevention from unauthorized access to sensitive data.
- Full visibility into the network.
However, with the adoption of a SASE solution, security professionals should pay attention to the following risks:
- Vendors may lack the expertise to build distributed solutions.
- Investments are required to have local POPs/edge capabilities.
- High complexity for enterprises to build their SASE.
- Shortness of cloud-native mindset.
- Investment required to hire or re-train skilled staff.
How To Build a SASE Solution
SASE provides a new shift of network and security architecture in an enterprise. It enables holistic and agile services for businesses. A true SASE solution must have the following characteristics:
- Cloud-native "as-a-service" solutions to bring key cloud capabilities.
- Identity-driven access control instead of relying on IP addresses to access the organization's resources.
- All edges support full networking and security capabilities everywhere.
- Globally distributed across many Points of Presence (PoPs) to guarantee the availability of networking and security capabilities.
Organizations are undertaking remarkable transformations to revolutionize their businesses and adapt to the market changes by enabling optimized and automated processes, and with it comes higher quality and greater productivity. With SASE, businesses can reduce time and increase efficiency in developing new products and respond to the IT landscape changes.