What is SASE and Why Should You Care?
When Gartner talks, people generally listen. So when Gartner noted “secure access service edge” (SASE) as a technology that is “on the rise” in their Hype Cycle for Enterprise Networking report in July 2019, tech insiders took notice. And when Gartner explicitly encouraged companies to plan for the adoption of SASE in their The Future of Network Security Is in the Cloud report in August 2019, SASE became one of the hottest buzzwords in the networking and security world.
But what is it? And why should you care?
Secure access service edge (or “SASE”, pronounced by your IT team as “sassy”) combines the concepts of software-defined wide area networks (SD-WAN) with integrated security (embracing the features of CASB, firewalls, VPNs, etc.) into a single cloud-based service offering. Furthermore, SASE shifts the security focus away from the data centre, and over to the identity of the user or device seeking access at the edge of the network.
It is also important to understand that SASE is a framework: it is an aspirational model for unified network and security delivery in the cloud. The Gartner definition of SASE describes all of its services as cloud-based, while others argue that, as long the service layer is available as a cloud service, the technology behind the scenes can be straight cloud or hybrid hardware/cloud infrastructures. The major players in the network infrastructure and security space will rely on their own definitions, as they seek to develop, acquire, and consolidate suites of offerings into their single SASE platform. The key from the customer’s perspective is that the “plumbing” is behind the scenes, and the SASE services are strictly consumed as cloud services.
SASE is an answer to a problem that has persisted for a number of years. SD-WAN technology has been around since the early 2000s, but adoption has been slowed due to the difficulty in management, configuration, and security of the networks. Only the largest or most sophisticated enterprises have had the wherewithal to manage the networks and the security effectively. SASE technology seeks to simplify that complexity, thereby opening the door to wider usage. Gartner is so bullish on SASE that they forecast 40% of companies will have “explicit strategies to adopt SASE” solutions by 2024, up dramatically from just 1% of the market at the beginning of 2019.
Beyond simplifying access and the administration of the technology, SASE is expected to deliver a host of other benefits through integrating networking and security:
- Cost Savings: While cloud solutions do not necessarily imply reduced costs, SASE is expected to drive down operating expenses by consolidating network and security tools, giving customers a single tool (and vendor) to deal with. Overlapping feature sets between competing providers and “supplier sprawl” will be reined in. And of course, capital expenses are reduced with SASE’s cloud service model.
- Flexibility: Scalability and solution diversity are traits that you expect to see with cloud solutions, and the SASE model delivers. Systems will be designed with the ability to spin up resources and handle usage peaks gracefully. And with a rich variety of tools and features available, SASE solutions are expected to provide users with access to a wide range security and network configurations to match their shifting and evolving business requirements.
- Decentralization: SASE breaks down the notion that the data centre is the nexus of all of the security and access requirements. With secure wide area networking more easily achieved, data can be stored in different places based on sensitivity, access requirements, etc. Mobile access is simplified and secure.
- Performance: With tighter integration between the security and network layers, speed and reliability are expected to be greater with SASE solutions. In addition, Gartner’s vision for the ultimate SASE implementation features a global wide area network offering low latency to the decentralized cloud services and resources.
The importance of shifting the security model away from the data centre and over to users and devices should not be understated. Greater numbers of mobile users and remote, often unmanaged devices are making the “head office” as the central point for security operations impractical. Further, the explosion of SaaS and other cloud applications (each with their own security profiles, inter-operability requirements, and all being fed or consumed by these mobile users and remote devices!) demand that a new security delivery model that fits the way people and business work in the 2020s. Gartner describes a SASE security architecture as one that defines entities as “people, groups of people (branch offices), devices, applications, services, IoT systems or edge computing locations”. The architecture then uses security policies to provide these entities with access to other entities, resources, or data as appropriate. Security administrators will become more concerned with identity management and crafting security policies that broker the trusted communications. Implementations of the security layer provide complete tracking and logging – in and out of the network – and can include such features as content filtering and encrypted packet inspection to support better intrusion prevention/detection.
If the hype is true and SASE is “better, faster, cheaper, easier, safer”, then it is something that you need to monitor as the technology evolves, particularly as you construct your three- to five-year technology roadmaps and budget projections. For many businesses, the era of the data centre as the hub of the enterprise is coming to an end, so it is important to be prepared to take full advantage of the competitive edge that SASE technology can offer.
ISA can provide guidance and more insights on SASE solutions as they emerge, and as they may apply to your company. Contact us for more information