As enterprise networks evolve, it is important that security evolves with it to adapt to the changing needs of the network and its users. Traditional approaches to security are poorly suited to securing the modern network, making secure access service edge (SASE) a good choice for organizations.
Introduction to SASE
Before diving into the advantages provided by SASE to the enterprise, an important first question to ask is “what is SASE?” Essentially, SASE is designed to integrate networking and security functionality into a solution based in the cloud. This is accomplished by taking software-defined wide-area networking (SD-WAN) and transitioning it to cloud-based deployment. SD-WAN provides optimized routing of traffic over multiple transport media, providing significant performance impacts. SD-WAN also integrates security functionality, such as a next-generation firewall (NGFW) and secure web gateway (SWG), within a single appliance.
While these benefits are useful to an organization, SD-WAN is only useful if it is conveniently located for the network’s users. This is why SASE has moved SD-WAN functionality to the cloud, which expands the potential locations of security solutions beyond an organization’s geographic footprint.
The Benefits of SASE
As organizations increasingly adopt cloud computing and users move off of the enterprise local area network (LAN), traditional security solutions are no longer effective. SASE is designed to meet the networking and security needs of the modern enterprise and provides a number of different benefits.
- Simplified Security
One of the biggest advantages provided by SASE is security integration. With traditional approaches to security, including the deployment of point products to secure different platforms, security quickly becomes complicated. Because different platforms and devices cannot always use the same security solutions, organizations are forced to work with a hodgepodge of standalone solutions.
A SASE system integrates an organization’s security architecture into a single system, removing the need for security teams to monitor and operate multiple, standalone point products. This is made possible because security is embedded into the network layer of the system, which is homogeneous, rather than residing on the organization’s diverse set of endpoints.
The growing complexity of securing the modern network is one of the leading challenges for the modern security team. Security integration allows an organization to do more with a smaller team, which is a huge advantage when cybersecurity talent is rare and expensive to acquire and retain.
- Network-wide Visibility
In the past, all of an organization’s inbound and outbound network traffic passed through the network perimeter, making it easy to maintain visibility into network communications. With the growing use of Internet of Things (IoT) devices, mobile, and the cloud, this is no longer the case. Some organizations attempt to retain this full network visibility by backhauling all business traffic through the enterprise network for monitoring and scanning. However, this approach is inefficient and can break latency-sensitive applications.
SASE enables an organization to maintain security and network-wide visibility without sacrificing network performance. SASE is deployed in the cloud, meaning that SASE points of presence (PoPs) can be easily located geographically close to a user and common traffic destinations, such as the organization’s cloud-based deployments. These PoPs perform security scanning and enable an organization to achieve centralized visibility of traffic flowing through a distributed network with minimal impact on network latency and performance for users or applications.
- Optimized Network Routing
As corporate networks have grown and evolved, a decreasing percentage of traffic originates or terminates within the corporate network. Instead, users are connecting to applications and data stores located in the cloud and maybe working remotely or at small branch locations of the enterprise.
With the growing use of cloud-based deployments, routing all traffic via the corporate network no longer makes sense. Logically, all traffic destined for the cloud should go directly there, rather than being backhauled through the corporate network first. However, in the past, accomplishing this securely could be challenging since organizations would either have to give up visibility into this traffic or monitor and manage an array of security solutions deployed in cloud environments.
SASE provides an efficient and secure solution to this problem. SASE PoPs are deployed in the cloud, making it easy to locate them near a user or cloud-based endpoint. When users connect via a PoP, security scanning is performed there, providing complete visibility and protection. After this is complete, traffic can be optimally routed to its destination with no negative impacts on company security.
The Future of Network Security
Increasingly, users and endpoints are moving to the network edge. As organizations increasingly use Software as a Service (SaaS) applications, such as Salesforce, for daily business and employees work remotely, attempting to secure modern networks with security solutions deployed on the corporate LAN is no longer effective.
SD-WAN provides the networking and security functionality that the modern enterprise needs, but it is also limited by the fact that it is traditionally deployed on the corporate LAN. SASE corrects this issue by moving security to the cloud, which makes logical sense since this is increasingly the destination of an organization’s network traffic.
Beyond this simple functionality, SASE provides a number of advantages to an organization. This is why Gartner has declared that “the future of security is in the cloud” and has developed a new magic quadrant to highlight the forerunners in the new SASE space.