Aside from pushing the limits of healthcare systems worldwide, the coronavirus pandemic also introduced drastic changes to the way people live and work. For instance, work-from-home arrangements became the norm as companies struggled to continue their operations while minimizing the health risks to their employees.
While countries have already lifted most Covid-19 restrictions, experts say that remote work is here to stay and is expected to increase in 2023. This means that companies, especially those dealing with sensitive customer data online, need to factor in this new workforce trend while maintaining the security of their networks.
With workers becoming increasingly mobile these days, most applications are now being offered as software as a service (SaaS). This means that previous network security protocols of routing traffic from branches and remote workers to enterprise data centers could add latency and result in poor user experience and service. That’s where SASE comes in.
What is SASE?
SASE stands for Secure Access Service Edge, an emerging cybersecurity concept first coined by Gartner in its report “The Future of Network Security in the Cloud” published in August 2019. The technological research and consulting firm based in Stamford, Connecticut also covered the topic in its Strategic Roadmap for SASE Convergence in 2021.
“SASE capabilities are delivered as a service based upon the identity of the entity, real-time context, enterprise security/ compliance policies, and continuous assessment of risk/trust throughout the sessions,” Gartner said. “Identities of entities can be associated with people, groups of people (branch offices), devices, applications, services, IoT systems or edge computing locations.”
From centralized to decentralized
SASE can also be described as a change in the architectural principles, moving away from a centralized enterprise delivery model to a decentralized could-delivery model. By connecting to a single global cloud-based solution, SASE enhances the remote experience of remote entities using the system such as individual users, devices, applications, branch offices, and edge computing locations.
SASE also allows businesses to consolidate security and implement user and device role-based access controls while continually assessing potential risks and access level compliance in real-time throughout each session. Aside from enabling faster delivery of services, SASE also helps reduce operating expenses by unifying the management of networking and security services.
How SASE Can benefit businesses
Switching to a SASE framework can greatly benefit businesses, which explains why the majority of businesses plan to do so in three years. “By 2025, 80% of enterprises will have adopted a strategy to unify web, cloud services, and private application access using a SASE/SSE architecture, up from 20% in 2021,” Gartner explained.
Reducing the complexity of network security. With SASE, enterprises can combine a variety of security features to suit their needs. These include branch FWaaS, Secure Web Gateway, ZTNA, CASB, and sophisticated threat prevention tools like sandboxing.
Flexible security infrastructure. The platform-agnostic SASE architecture allows for the most adaptable security infrastructure possible. Businesses can easily expand their security infrastructure as they grow thanks to this flexibility.
Cost-effective security. By eliminating the need for several management consoles is possible since SASE allows businesses to consolidate security services resulting in more cost-effective but efficient security management.
Enhanced performance. By using SASE, users will experience a marked improvement when connecting to cloud SaaS applications and latency-sensitive apps including collaboration suites, video, VoIP, and web conferencing.
Enhanced security. While directly connecting to Internet access and the use of cloud apps can reduce network latency, it also comes at the expense of an increased security risk. Thankfully, SASE can fill these security gaps with cloud security services that use cutting-edge threat prevention techniques like sandboxing and CDR technologies.
Zero trust security implementation. With SASE, companies can easily implement their zero-trust policy with ZTNA solutions. Security is assured at all times as the system will prompt users to enter their credentials and only allow them access to the organization’s applications if they need those apps to complete their tasks.
SASE security components
With the increasing role of technology in businesses, companies will always be facing potential risks from bad actors online. With SASE, businesses can customize their security settings to create a security architecture that meets their requirements.
According to Garner, the core capabilities of SASE include the ability to identify sensitive data and malware as well as to encrypt and decrypt any content. These capabilities are achieved thanks to SASE’s core security components known as Firewall as a Service, Secure Web Gateway, Zero Trust Network Access, and Cloud Access Security Broker.
Firewall as a Service (FWaaS). This is a cloud-based Next-Generation Firewall that is scalable. With the help of this application-aware solution businesses to do away with the difficulties associated with outdated appliance-based systems.
Secure Web Gateway. By utilizing unified threat protection technologies, such as Application Control, URL Filtering, Antivirus, intrusion prevention systems (IPS), Anti-bots, and Zero-Day attack prevention, Secure Web Gateway enables secure Internet access to Web applications and resources.
Zero Trust Network Access (ZTNA). This replaces conventional remote access solutions where the VPN was terminated in an on-premises data center. Users can expect an improvement in user experience such as latency since SASE Remote access no longer needs the traffic to be backhauled,
Cloud Access Security Broker (CASB). A Cloud Access Security Broker provides API-based content security allowing users secure access to SaaS apps like Google Suite and Office 365.
In conclusion
There are some security components that are not required for SASE but are still recommended by some experts. These include web application and API protection (WAAP), remote browser security, recursive DNS, network sandbox, API-based access to SaaS for data context, and support for managed and unmanaged devices are all nice to haves or strongly advised.
Meanwhile, there is only one network component of SASE. By employing software-defined WAN (SD-WAN) technology to locate the best path and circuit for accessing the corporate data center, the Internet, and cloud applications, the overall user experience can be enhanced. Essential SD-WAN networking capabilities are routing, dynamic path selection, and latency optimization.
