Reimagining network security with Secure Access Service Edge
Digital transformation has long been the top priority for the majority of businesses. However, despite the clear and all-inclusive benefits of digital transformation (when done right), the sobering reality is that many enterprise technology teams are struggling to manage and secure such a complex and multifaceted IT environment.
Chief among these challenges is the troubling increase in cybersecurity threats. While the emergence of a new hybrid working model undoubtedly brings with it a wealth of benefits – such as employee productivity and wellbeing – the security concerns are enough to give even the most agile and progressive IT team a headache. How then, do enterprises balance the safety and security of their cloud-based infrastructure with the unrelenting march of technological transformation?
A strategic shift in security: Enter, Secure Access Service Edge (SASE)
Findings from our Verizon Data Breach Investigations Report (DBIR) flagged that 85% of data breaches involve the human element. This increased reliance on employees to remain vigilant to security threats, coupled with the explosion of new attack surfaces as people adopt more apps, devices, and platforms, has transformed the hybrid working environment into a veritable playground for cybercriminals.
A new security concept has emerged that aims to address the modern demands of the cloud-native, digital-first era – SASE (Secure Access Service Edge). First coined by Gartner in 2019, SASE essentially splices an enterprises’ network (such as SD WAN) together with advanced and robust network security services – such as zero-trust network access (ZTNA), firewall as a service (FWaaS), and cloud access security broker (CASB).
However for some companies, such as Verizon Business the concept of SASE has been around long before Gartner put a name to it; ensuring that security is a fundamental part of the network and cloud offerings has always been a core mantra of the company.
The term SASE itself is also being interpreted in different forms by the market beyond Gartner's original and most "SASE" programs may not be as holistic as the original definition. Enterprises are moving from best-of-breed technology to best-of-suite technology. An integrated solution suite is more important than the best 30 individual components and enterprises are investing more with fewer vendors that deliver integrated service performance, clear investment and innovation roadmaps, and are commercially astute enough to value long term client relationships.
Network, meet security: The benefits of SASE
According to research, the SASE market as a whole is set to enjoy a compound annual growth rate of 116%, rising to $5.1 billion by 2024. This, coupled with the fact that at least four in ten enterprises will possess SASE adoption strategies by 2024, demonstrates the huge potential SASE offers.
The very fact SASE’s infrastructure is housed in the cloud makes it infinitely easier for enterprises to optimise their access performance and connect to resources regardless of location. Most significantly, the benefits ripple across the entire business, such as reduced development time, increased speed to market, and higher levels of agility in response to competitive demands or operational challenges.
Better performance: Taking advantage of a global SD WAN service, SASE brings down latency and boosts application performance by merging hybrid networking and cloud security services. This brings data inspection much closer to the end-user, rather than having to push public cloud traffic through the data centre.
Superior security: SASE enables a more bespoke and granular approach to access security decisions, based on identity and application, rather than relying on perimeter-focused security, which just doesn’t hack it in today’s decentralised network environment.
Increased agility: SASE reduces system integration headaches, enables faster and more secure cloud adoption, and powers mutually-beneficial business relationships by allowing the seamless sharing of data, apps, and services with partners.
IT infrastructure made simple: SASE consolidates security products to reduce system cleaning and maintenance, freeing up IT teams to focus on more value-adding tasks.
Network and security as one: By bringing network and security functions together – such as application-aware routing and firewalls, SASE enables better access performance, reduces operational complexity, and improves security.
4 key components for getting SASE right
Setting SASE up and running isn’t as simple as flicking a switch. Businesses need to review their requirements across four key areas, these are:
Cross-technology integration - When it comes to SASE, there is no one-size-fits-all solution. The way SASE is built and implemented will differ based on a number of factors and variables, often unique to the enterprise in question.
Network: Different enterprises run and require different network technologies, and SASE enables seamless integration across a broad range, from physical transport (private IP and MPLS) to virtualisation (SDN layer). The ultimate goal is a fully-integrated SD WAN with the capability of traffic routing, prioritisation, and bandwidth optimisation.
Edge computing: Whether it’s a content delivery network, multi-access edge computing (MEC), or IoT gateway, enterprises must possess a comprehensive understanding of how edge computing slots into a SASE approach.
Devices: With new devices released every day, enterprises must possess the ability to manage how to securely connect them to the network.
Applications: SASE is all about securely connecting people and things in the cloud, regardless of their location or app of choice. For this reason, a blend of security services are required, from FWaaS to CASB to ZTNA.
Cross-departmental collaboration - SASE not only brings two functions together in the form of network and security, it also brings together both the departments working behind the scenes to make sure each component does its job. For this reason, SASE necessitates a collaborative working environment, spearheaded by the CIO and CISO coming together to make sure both departments are working efficiently with one another.
Orchestration - With so many moving parts, it’s critical that enterprises understand how the various technology aspects of SASE click together.
Service chaining: A critical element of SASE, service chaining automates and optimises the service delivery experience. However, doing this in a virtual network demands experience and expertise in the use of orchestration tools and systems.
Optimisation: Because SASE is still in its infancy, no single provider can deliver the perfect end-to-end SASE solution (yet). This means enterprises will need to optimise new and existing technology to operate to its full potential within the SASE model.
Performance testing: Since SASE comprises so many moving parts, the ability to consistently test that systems are fully integrated and performing at their best level will be key to SASE success.
Expertise - To make SASE a success, at the very least, the enterprise should possess deep expertise of networks, SD WAN, virtualised applications, and network security. Going further, using a SASE provider can help plug any skill gaps that may exist in-house – such as expertise in MPLS or other network/security protocols.
Shaping the future of the enterprise with SASE
The increasing demands of the cloud-native, digital-first era means that the merging of network and security makes perfect sense. Already, many enterprises are enjoying the superior security, performance, and flexibility that SASE delivers.
However for some businesses the many SASE initiatives on offer from such a variety of vendors may confuse. One thing is certain, as enterprises increasingly leverage the cloud, mobile working and depend upon newer technologies such as 5G as well as high speed internet, 'pure' SD-WAN solutions that do not have integrated security functionality will struggle to provide businesses with the security foundations they desire.
Working with a partner that understands the complexity of network and security features that comprise SASE—and that can help businesses choose and implement the right features to meet their needs—will be critical. Contrary to what some new entrants to the SASE field might claim, network and connectivity matter, and for SASE to work across the full suite of technologies, the network and connectivity must be understood and integrated with the security solutions.
Those who embrace SASE and make it work for their individual requirements will help redefine the future of their enterprise.