Traditional network architectures and the strategies of yesterday are being fiercely challenged:
- The centralized data center is dying. Meanwhile the WAN edge is gaining importance, forcing IT leaders to reverse their perspective–looking from the network edge in, rather than looking from the data center out.
- Security is moving away from the data center, shifting to the cloud and to the WAN edge.
- Technology advances like tightening the relationship between the network and security, triggering an IT rethink.
All of this is giving rise to a new unified approach to IT services called SASE (pronounced “sassy”). Here’s why every IT leader should grasp this new acronym.
What is SASE?
Gartner coined the acronym, defining secure access service edge (SASE) as “converged offerings combining WAN capabilities with network security functions.” For instance, a SASE solution consolidates SD-WAN with firewall as a service, secure edge gateway, cloud access security broker (CASB) and Zero Trust network access–all into a single unified approach. While Gartner reports SASE solutions are still emerging, many are already defining solution characteristics as:
- Cloud-based: SASE solutions are cloud deployed, cloud managed, and delivered as a service. This helps enterprises transition from hardware to software, reducing costs with multi-tenancy, and supporting a remote, distributed, and mobile workforce.
- Globally distributed: SASE offerings cater to companies doing business across multiple regions or countries with a software-defined network for low-latency routing across worldwide points of presence.
- Identity focused: User identities and individual devices (not the data center) are the focus for SASE, so access to identity analytics and user activity tracking capabilities are key.
- Edge flexible: SASE services place emphasis on flexibility and security at the edge, where branch locations, cloud applications, and mobile and IoT devices connect.
What are the benefits of SASE?
Network and security staff supporting the infrastructure will experience:
- Increased effectiveness: By reducing and eliminating routine tasks setting up the infrastructure, network security professionals will be able to focus on business, regulatory, and application access requirements. SASE delivers centralized policy management with local enforcement.
- Cost savings: SASE supports more capabilities with fewer vendors and may not require the enterprise to invest in new hardware and software. Costs can also be reduced as more and more SASE services come online in the future.
- Stronger security posture: SASE supports content inspection such as sensitive data and malware where all the same security policies are applied. The SASE security updates allow quicker adoption of new capabilities. SASE can even reportedly block new threats as they emerge without requiring new deployments.
- Simplified security: Identity-based security and Zero Trust are essentially network access based on the user, device, and the application identity which simplifies security policy management. SASE also streamlines security by providing end-to-end encryption for each session with optional web application and API protection that can be extended to Wi-Fi networks. Transparency of the security policies will reduce the number of software agents required. SASE helps avoid software agent and appliance expansion. Plus, it can automatically be applied to access policies without user interaction.
SD-WAN vs. SASE: What’s the difference?
SD-WAN is network-as-a-service, and SASE takes that one step further by adding security to the mix. SASE is considered network-security-as-a-service.
They are complementary, not competitors. By bringing SD-WAN and SASE together under one provider and a single solution, enterprise clients can leverage SD-WAN visibility, identity analytics, and security threat information — now security data and network data can come together in the same dashboard for heightened levels of visibility and insight
Keeping SD-WAN and security strategies fully aligned is easier now — network micro-segmentation strategies can be easily leveraged for security monitoring based on segmented flow data
Less friction between network and security — as tools and services are unified, operations and teams will likely follow suit
Why is SASE the next big thing?
SASE is popping up everywhere because it solves significant IT challenges. Existing network security architectures were designed for the centralized data center and fail to serve the needs of digital transformation, SaaS, real-time applications, edge computing, IoT, and other cloud-based services.
Historic network security architectures made the data center the epicenter of connectivity and security strategies. But this design can constrain the dynamic nature of IT and the agility required in the age of digital business. A security strategy focused on the data center is insufficient when it comes to:
- Supporting more users, devices, applications, services, and data located in cloud services, outside the enterprise
- Addressing network latency and complexity requirements
- Analyzing encrypted traffic for security purposes
These challenges actively drive the adoption of security-as-a-service capabilities and have triggered enterprises to shift toward a cloud-delivered secure access service edge.
Additionally, SASE needs to be on the radar of every IT leader because change on the inside calls for change on the outside. Executives who grew up with a data-center focus are realizing that IT environments are looking quite different now, and providers and services need to meet the needs of the modern network:
- The enterprise is running more IaaS/PaaS and SaaS workloads.
- User work performed off of the enterprise network is greater than on the enterprise network and data center.
- Sensitive data is located outside of the enterprise data center in cloud services.
- The traffic destined for public cloud services is greater than to the enterprise data center.
- Branch offices are also increasing their access to cloud services and bypassing the data center.
Isn’t it time for network and security convergence? Are your network services keeping up with your security, multi-cloud, edge-focused strategies?
Read more articles in the SASE Straight Talk series: