Corporate networks are evolving quickly. Cloud-based infrastructure, with its numerous benefits, rapidly gained popularity, and the COVID-19 pandemic has dramatically accelerated the adoption of telework around the world. These, along with other factors, mean that how corporate networks are structured and used is very different now than even a few years ago.
As corporate networks change and evolve, it is important that approaches to network security keep up. Traditional network security models, which rely on the deployment of security solutions on-premises and routing all business traffic through these environments, no longer meet the needs of the modern organization.
Secure Access Service Edge (SASE) is the next step in the evolution of how organizations secure their business networks. In fact, the Gartner definition of SASE discusses how it is designed to support the needs of digital enterprises, and Gartner has stated that “the future of network security is in the cloud”.
What is SASE?
Traditionally, organizations have secured their internal networks by deploying a stack of standalone security solutions at the network perimeter. SASE replaces this model with a fully-integrated networking and security solution that is located in the cloud.
Software-defined WAN (SD-WAN) was designed to optimize network routing over multiple potential transport links. SASE takes these capabilities and integrates vital security functionality, including:
- Next-generation firewall (NGFW)
- Secure web gateway (SWG)
- Zero-trust network access (ZTNA)
This fully-integrated solution is placed in the cloud. This allows SASE points of presence (PoPs) to be distributed globally and connected with high-performance, dedicated links. This enables geographically-distributed devices to easily connect to the corporate WAN and have their traffic securely and optimally routed to its destination.
Why SASE Beats Out the Competitors
SASE’s billing as “the future of network security” comes from the fact that it provides a number of different benefits to its users. Three major benefits include full security integration, geographic distribution, and easy scalability.
- Security Integration
Securing an organization against cyberattack is growing increasingly complex. Some of this complexity originates from the evolution of the cyber threat landscape with cybercriminals developing new ways to gain access to an organization’s network and to cause damage once they are inside. Additional challenges arise from the fact that most organizations’ networks have expanded to include a variety of new devices and environments (such as the cloud), which introduce unique security requirements.
In order to address a range of new security threats and endpoint-specific requirements, organizations deploy ever-growing numbers of standalone security products. However, this mainly serves to increase the complexity of security and decrease its efficiency.
SASE provides full integration of core security functionality – as well as the network optimization capabilities of SD-WAN – within a single solution. Since SASE is located in the cloud, it can be deployed to support any endpoint. This enables an organization to deploy consistent, integrated functionality to secure a wide variety of operating environments.
- Geographic Distribution
The geographic footprint of the modern enterprise is expanding rapidly. Adoption of cloud-based infrastructure moves critical data storage and processing to off-site systems. Increased adoption of telework means that many employees are no longer directly connected to the corporate network.
This distribution means that traditional network security solutions are no longer as effective for securing the modern enterprise. Routing all traffic through the corporate network to ensure visibility and security inspection increases network latency and decreases employee productivity. Even software-defined WAN (SD-WAN), which moves networking and security functionality to the network edge, is constrained by an organization’s ability to deploy physical appliances.
SASE solves this issue by moving networking and security functionality to the cloud. Cloud-based infrastructure means that organizations can take advantage of geographically dispersed SASE PoPs. As a result, the inefficiencies associated with routing business traffic through a PoP for security inspection are minimized, improving network performance.
- Easy Scalability
Few companies intend to stay the same size forever. Most embrace a growth mindset with the intention to expand their workforce and physical sites if customer demand warrants it. Even in the short term, an organization’s network may experience variable load due to sudden surges in customer requests.
Organizations require the ability to scale network infrastructure and security to meet demand. However, this is difficult to achieve with physical appliances. An organization must either overspend to ensure its ability to handle unexpected load or risk outages or degraded availability if demand grows or suddenly surges.
SASE, with its cloud-based infrastructure, provides the flexibility and scalability that organizations need. Like any cloud-based solution, SASE capacity can expand or contract to meet an organization’s needs, and optimized routing over multiple transport links minimizes the performance impacts of increased demand.
Choosing A SASE Solution
SASE provides a number of benefits to the modern organization, winning it the title of the “Future of Network Security” according to Gartner. However, not all SASE solutions are created equal.
Gartner warns about SASE vendors that will use VM service chaining and a number of corporate partnerships to offer SASE functionality. While this is a fast and easy method of implementing SASE, it sacrifices many of the advantages that an integrated SASE solution provides.
When selecting a SASE vendor, look for one that provides truly integrated SASE functionality. This guarantees that the benefits of SASE will not come at the cost of inconsistent performance and increased complexity.