Secure Access Service Edge (SASE) is a way for businesses to bring their network and security tools into a single cloud service. Pronounced “sassy”, it is a simple framework for unifying security and networking, no matter where in the world resources or employees are based.
As it’s a cloud technology, organizations don’t need to invest in hardware, instead combining SD-WAN with their security functionality on the cloud.
How does SASE work?
Wide area network (WAN) and security functions are combined into a single cloud unit, including security functionality such as cloud access security brokers (CASB), firewall as a service (FaaS), Virtual Private Networking (VPN), antivirus and malware, web gateways, and Data Loss Prevention (DLP) tools.
This is all delivered at the network edge, as close as possible to users and cloud services. By working as a single unit and delivered as one service, organizations can see enhanced reliability, and maximize their performance overall.
Previous security and connectivity models focused their attention on the data center. However, as Gartner reports, “In a modern cloud-centric digital business, users, devices, and the applications they require secure access to are everywhere.”
Traditionally, the network was protected by perimeter security, but in today’s increasingly connected business world, the perimeter is all but dead. Cloud services, BYOD, and third-party business vendors means that the majority of traffic is moving inside your network, not in and out from the web. The way that networks, traffic and both customers and employees work is vastly different than it was when legacy security controls and models were created.
Here are just a few examples:
The majority of workloads are now run in cloud services, while not long ago this was data centers.
Instead of hosting applications locally, organizations primarily run SaaS applications.
Rather than backup and store data inside on-prem servers, organizations are turning to cloud services to host their sensitive information.
Traffic is primarily being sent to the cloud, not to data centers.
SASE is an announcement that it’s time for a new kind of security to protect this new world.
What are the benefits of SASE?
With SASE, security controls are integrated closer to the user at the edge, and security is integrated across the whole network in a location agnostic way. All endpoints connect to SASE instances, and only safe network traffic is forwarded, with anything suspicious blocked before it can reach the end user. Additional benefits include:
As SASE uses a distributed architecture, all actions are performed near the end user, and applications can be held in the data center, in any hybrid cloud reality, or even packaged as SaaS tools.
IT pros can centralize their management of security policies, no matter where in the world employees are based. The network controls the security settings, rather than the endpoint. Choose the right policies for the right devices, no matter the vendor, age or functionality.
SASE enables reduced hardware and WAN costs, as a cloud-based solution, and also reduces ongoing costs of managing policies, which can be centralized to a single stakeholder or team. The same centralized management and control means your business is also reducing the risk of human error.
Instead of managing security per-device, IT pros can set up network-wide policies that work for each type of use case. One policy for IoT devices, another for mobile phones, and so on. These policies can cover routing traffic, as well as content.
Secured traffic is routed directly to where it’s being sent, without the need for trombone routing, or the use of a VPN to a corporate data center. This improves the network latency, boosting performance overall. Cloud architecture is also more robust against cybersecurity attacks.
What should I know before I consider using the SASE model?
Remember that SASE is a framework which many vendors and third-parties will help you to implement, it’s not a specific tool or technology in and of itself. That means there are multiple ways to implement SASE, and you’ll want to research broadly before you choose any specific partnership. No specific choice is going to be the best on the market, it will be about your specific business requirements.
Like with any digital transformation initiative, there’s also likely to be a cultural change that needs to occur cross-org. SASE involves doing things in a new way, which is always hard. Especially if your organization or your customer’s business currently has disparate networking and security teams, they may not recognize the value in merging their skills and working together.
Closing the SASE gaps for smart implementation
In a recent SASE report, Gartner has identified five key areas that need attention in the market. These gaps will help IT pros who are looking to implement SASE to consider their options and to pick the right vendor. They are:
this includes limited skills in-house, and existing investments which wrap up security budgets elsewhere, such as in existing third-party agreements and contracts.
Inconsistent architecture: For SASE to work, it needs to operate centrally and from a cloud-native architecture. At the moment, many organizations are using a patchwork solution which is at least partially made of existing architecture.
Today’s SASE vendors put an emphasis on malware prevention and DLP tools, but Gartner believes they don’t currently offer enough visibility or inspection into traffic to secure sensitive data and manage compliance.
While the point of SASE is to bring together a wide array of security services and functionality, the reality is that most vendors aren’t there yet. More robust feature sets are on the way, but businesses must closely consider what they need and prioritize.
Few complete SASE vendors
In the report, Gartner commented that they only identified 10 vendors who meet their definition of a complete SASE vendor. This is bound to change as SASE adoption continues to grow.
According to the report, by 2025, 60% of enterprises will have their timelines and strategies on the roadmap for SASE adoption. One thing is for sure – the old models of security are ready for a rethink. Is SASE the right answer for you?
See Atera in Action
RMM Software, PSA and Remote Access that will change the way you run your MSP Business