Blog » Adding ‘SASE’ To The Network Architecture For Improved Security
Several recent developments are driving the IT decision-makers to rethink their network security strategy.
There is a growing reliance on the cloud and edge applications among enterprises. An increasing number of businesses are now opting for applications that run in the cloud as Software-as-a-Service (SaaS) instead of the traditional route of hosting them on the private data centers.
Further, the growing workforce mobility means that the traditional methods of ensuring security are no longer enough. This is especially relevant now with remote working or work-from-home becoming the norm after the outbreak of the COVID-19 pandemic. Ensuring secure remote working for the workforce is crucial, especially if one considers that 70% of the successful breaches happen on the endpoint, according to IDC.
These developments mean that the data center is no longer at the center of the enterprise activity. Typically, businesses use several products and solutions to secure different network components, like web gateways, firewalls, Virtual Private Network (VPN), and so on. The issue with this approach is that all these products come with their own policy management, which leads to network complexity and gaps in the overall company’s security issue. This strategy is also not very cost-effective since there are multiple vendors and several products to manage for different network elements. The legacy data center focused network architecture is unable to meet the evolving needs of digital business.
The traditional way of ensuring security ends up adding to the latency, which adversely impacts the experience. Backhauling the traffic for security inspection affects the cloud performance while pushing security inspection out of the office doesn’t address the mobility aspect. While the Software-Defined Wide Area Network (SD-WAN) partly addresses this issue, it is also based on the internet. Any unpredictable and unoptimized internet routing is bound to affect mobile users.
This is where Secure Access Service Edge (SASE) comes in. The technology concept was proposed by Gartner, leading research and advisory firm, last year. Essentially it combines the capabilities of a WAN with comprehensive security functions, such as Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Firewall as a Service (FaaS) and Zero Trust Network Access (ZTNA), to enable secure network access in both cloud and mobile environment.
“SASE capabilities are delivered as a service-based upon the identity of the entity, real-time context, enterprise security/compliance policies, and continuous assessment of risk/trust throughout the sessions. Identities of entities can be associated with people, groups of people (branch offices), devices, applications, services, IoT [Internet of Things] systems or edge computing locations,” according to Gartner.
Around 40% of the enterprises will have strategies to adopt SASE, up from less than 1% by the end of 2018, says the Gartner report.
Possibly the most significant advantage of SASE is that it provides a complete view of the organization’s network, so the firm is in a better position to identify the gaps and address them accordingly. A consolidated view is a key to protecting all the network assets.
The SASE strategy allows remote users secure access to applications in the data centers and virtual private clouds. At the same time, it does away with exposing the enterprise network to potentially compromised remote devices and systems. The endpoint identities that need access can be based on the user, the type of application, device, the historical user pattern, and so on. It is not dependent on the location but on the identity, ensuring the user is able to access the application from any location.
SASE is also software-centric. Once installed, the user is connected to the closest Points of Presence (PoP), and once the user is identified and approved, the network and security policies are accordingly applied. This way, the enterprises can provide safe and secure remote working to their workforce.
Further, a consolidated platform simplifies the network and brings down the cost of managing security for the company. It simplifies the network by combining SD-WAN and other networking infrastructure into a single cloud-based platform.
The developing SASE ecosystem opens up new opportunities for Communications Service Providers (CSPs) to provide comprehensive, integrated services to the enterprises. The enterprises will need a combination of on-premise and cloud-based intelligence to address their network and security demands.
Virtual Customer Premises Equipment (vCPE) is one of the options for service providers. It provides flexible delivery of network and security services, including SD-WAN, routing, VPN, and firewall functionality. The most significant benefit of vCPE is that it allows for flexible hardware at the enterprise premises combined with intelligence that enables several SASE functionalities. This way, CSPs can deploy new services through software updates without changing the physical platform at the clients’ location.
The biggest reason for this is that they offer an unparalleled combination of bandwidth, network, and data center resources. A service provider can provide end-to-end solutions to the enterprise, which combines network, bandwidth, and network services. They are also able to drive the traffic to the closest PoP for a better quality of services.
Increasingly the traffic is moving to the edge of the network and telcos typically have a network of data centers closer to the consumer. A network edge helps the enterprise to clean the traffic for better protection before it enters the internet.
With more applications, users, and devices outside the enterprise, the traditional network architecture is not capable of addressing the security needs.
The businesses across the business verticals are in the midst of digital transformation, driving the need to enhance network simplicity, improve agility, and adopt new network architecture in line with the evolving needs.
SASE is an opportunity for the communications service providers to provide comprehensive end-to-end offerings to the enterprises looking to improve the network security to cater to the changing usage pattern.