SASE (Secure Access Service Edge) concept first appeared in August 2019 report "The Future of Network Security in the Cloud." written by the Gartner.
SASE concept is today important in the world of digital transformation challenges. To give a secure access to digital ressources anywhere and anytime, security must be now software-based and cloud-delivered.
The traditional security approaches to secure anytime and anywhere access have resulted in a multitude of vendors, policies, and consoles, making it difficult for IT security teams an administrators.
SASE is a key for Cloud Migration
The SASE features are delivered as a service based on identity concepts, real-time control, enterprise compliance policies, and continuous risk and trust assessment during communications. Identity concepts correspond to users, groups of users, devices, applications or different Edge Computing entities.
SASE is defined by a new group of technologies including SD-WAN (Software-Defined WAN), SWG (Secure Web Gateway), CASB (Cloud Access Security Broker), ZTNA (Zero Trust Network Access) and FWaaS (FireWall As A Service) as core features, with the ability to identify sensitive data or malware and the ability to decrypt content in live speed, with continuous session monitoring for risk and trust.
SASE regroup those new network security functions with WAN capabilities (i.e. SDWAN) to meet the live and secure access needs of companies.
These features will be delivered primarily "as-a-Service" and based on identity, and real-time security/compliance policies.
Advantages of the SASE concept
A Zero Trust Approach to Security : based on the concept that devices, applications and users that connect to the network should never be trusted. A SASE solution offers complete session protection whether or not the user is connected to the corporate network.
Data protection: The data protection application policies built into a SASE solution help prevent unauthorized access to important company data.
High visibility threat prevention : Deep content inspection integrated with SASE solutions allows you to increase security and visibility into your own network.
Increase application performance : With a cloud infrastructure you can easily connect to any resource, regardless of its location. Access to Internet, applications and corporate data is available globaly.
Flexibility to protect against threats : Web filtering, sandboxing, DNS security, data loss prevention, new-generation firewall rules... a cloud infrastructure offers various security services.
Streamlined operational management : Simplifying IT infrastructure, reducing the number of products IT teams needs to manage, update and maintain. Cloud-based network security services model.
Save money on infrastructure : Instead of buying and managing multiple specialized products, it teams only use a single platform that saves significant costs and resources.
How to prepare for the journey to the SASE model ?
Beware of internal silos, existing products, and team/skills gaps.
A full SASE implementation requires a coordinated and consistent approach between security and networking teams.
For small companies, this is easier to address because the teams are often merged. In larger companies, the organizational structures, budgeting processes and responsibilities are quite rigid.
Some solutions will be replaced and the associated skills will need to be redesigned to create the right policies in collaboration with the process and application owners.
The SASE architecture
SASE solutions are cloud delivered, but vendors vary in the degree of Cloud sources of their architecture. Older architecture models need to be splited into smaller, scalable components. Era of the microservices.
Each company has different compliance and privacy requirements for data protection, log storage, and traffic routing. Geographic dispersion and the number of applications will also impact a SASE models availability and uptime.
Visibility and control of data
This is a high-priority focus, but one of the most difficult problems for SASE providers.
Sending data to a third party entity for sensitive data identification is not strategic or cost-effective.
This type of feature should be provided directly within he SASE offering along with the options for where sensitive data is inspected.
Current Limited number of real SASE offerings
On year ago, fewer than 10 SASE offerings provide all of the core capabilities described above. Over the next five years, acquisitions and market consolidation will fill these gaps.
In the meantime, security solutions that avoid direct SD-WAN requirements are being stressed by customers to provide such capabilities, like bandwidth prioritization and content inspection.
What do we think ?
At Mobinergy we believe that the main reason why SASE is becoming more and more popular is its simplicity.
It is a single global solution that creates a network for all your data centers, offices and remote workers. It also simplifies access rights because it gives each user a unique identity rather than relying on an IP address.
This allows organizations to easily develop and manage a handful of security policies instead of setting up different policies tied to individual entities.
The SASE model provides robust security features in a simple package that does not impact efficiency. It is the most natural progression of security in a future where people are geographically more and more distributed.
Here is our first preview on the explanation of the SASE model. We hope that it will have brought you some clarification on this technology of the future.
Stay tuned for more content on the Mobinergy blog !