Admin 17 Nov, 2021 SASE, CloudSecurity, NetworkSecurity #SASE #CloudSecurity #NetworkSecurity #Cloud 39
Over the last year, remote access and cloud computing access solutions saw an uptick in their adoption across global businesses. Driven by distributed workflows and a remote workforce, the enterprise perimeter is no longer limited to a location. As organizations move beyond the conventional network edge, the focus is on securing all endpoints. At the beginning of the pandemic, VPNs were quickly deployed for remote access. However, traditional network access modes are inefficient for the dynamic environment.
Today’s distributed workforce requires low latency network connections across devices locations and resources. As our digital world expands, the network perimeter is no longer tied down to on-premises data centers. The new distributed workforce demands work from anywhere infrastructure. Between edge computing, cloud services, and a remote workforce, our data can no longer be secured by on-premises data center security measures.
Secure Access Service Edge (SASE) addresses these challenges.
What is SASE?
Introduced by Gartner researchers, SASE (pronounced “sassy”), is an emerging cybersecurity concept replacing the traditional network security architecture. SASE merges software-defined wide area network (SD-WAN) and network security services into a single cloud-delivered service model – streamlining network access and improving security.
With a single management console, SASE unifies SD-WAN network optimization features with security capabilities such as Zero-trust network architecture (ZTNA), data loss prevention, web filtering, next-generation firewall policies, and threat detection. Four factors define the SASE model:
- User identity
- Session context
- Security and compliance policies
- Risk assessment of every session
According to Gartner, “SASE capabilities are delivered as a service based upon the identity of the entity, real-time context, enterprise security/compliance policies and continuous assessment of risk/trust throughout the sessions. Identities of entities can be associated with people, groups of people (branch offices), devices, applications, services, IoT systems or edge computing locations.”
As enterprises solidify their plans for permanent work-from-home, SASE provides the ideal environment to create a scalable and secure network architecture. In their report, “The Future of Network Security in the Cloud, Gartner predicts that “by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018.”
The SASE model is made up of three major components:
- Global SD-WAN: Unlike traditional stand-alone WAN, SASE is defined by an integrated SD-WAN that forms the core of the model
- Cloud Architecture: SASE is a cloud-native solution that combines discrete networking and security devices. The cloud architecture forms the backbone of SASE architecture providing a consolidated security management console
- Zero Trust Network Access: SASE services are identity-driven. ZTNA is integral to SASE architecture. It helps defend against potential threats with real-time verification of every user, device, and application. Other network security components include cloud access security broker (CASB), Firewall-as-a-Service (FWaaS), and secure web gateways (SWG)
- Enhanced network security: The Zero Trust Network combined with SASE’s framework on data protection policies ensure all-round security of your sensitive data
- Cost savings: SASE reduces IT infrastructure down to a single platform or security stack. Organizations save costs by avoiding investments in multiple products and services
- Provide advanced threat prevention: the flexible cloud-based platform aids in threat prevention with its integrated content inspection model. Organizations benefit by gaining better network visibility and insights
- Improve performance: SASE simplifies IT infrastructure that is easy to access by resources irrespective of their location, type of application, and connectivity speed
Are we there yet?
Despite the hype, SASE is still in its infancy. Currently, Gartner lists only a handful of vendors that provide the complete gamut of SASE features. In the long run, SASE is supposed to reduce network security. However, the road to simplifying infrastructure, reducing WAN products, and finally consolidating the features onto the cloud is an arduous exercise that many enterprises shy away from. The other challenge enterprises would face is in breaking down the silos between network teams and security teams. Bringing the two together would require a cultural change that combines the organization’s people, skillsets, and technology.
But the situation isn’t dire. With the rapid increase in connected devices and the digital workforce, SASE’s concept of network security is here to stay. The digital business world is pushing for larger partnerships of network and security vendors.
How can iValue help?
SASE is an amalgamation of network and security products. Currently, the approach demands the involvement of multiple providers (software and hardware) that is cumbersome to manage. iValue helps enterprises by streamlining their technology needs with a range of network and security products. We provide the right mix of domain expertise and niche technology providers to help businesses across their digital transformation journey.