According to a recent report by Gartner, “The Future of Network Security Is in the Cloud,” a “transformational” new technology is on the horizon. Its name is SASE – pronounced “sassy” – which stands for “secure access service edge.” The concept strives to create a secure cloud environment that is fully integrated into the cloud enterprise network.
Believing that network security architecture is no longer adequate for dynamic modern enterprises, Gartner estimates that at least 40% of businesses will have “explicit strategies” to adopt SASE by 2024. This is a huge increase from less than 1% at the end of 2018.
Here we examine what SASE entails and how the technology could help your business.
What is SASE?
According to Wandera, SASE is a new model for delivering security and network connectivity through a single cloud security platform. This targets modern businesses conducting their digital operations through the cloud, with 83% of enterprise workloads set to be run on public cloud platforms by 2020.
As a result, Gartner considers traditional network security architecture, focused around a data center, to be “increasingly ineffective and cumbersome in a world of cloud and mobile.” A data center is a centralized location where large amounts of data can be stored, accessed, processed, and distributed, allowing shared software applications and information to be delivered. However, when businesses are relying on cloud-based applications, most of the data they require won’t actually be in the data center.
Furthermore, productivity and user experience can be tarnished when users can only access SaaS through the enterprise network or by using a VPN, while they may also need different software agents to engage with the whole network. Though the cloud is posited as a seemingly flexible way to access data, networking is actually rather rigid. Businesses often have to mix a number of different solutions like firewalls, Intrusion Prevention System (IPS) appliances, and SD-WAN devices to enable processes via the cloud. This is predictably difficult to manage, which is where SASE comes in – a united, single cloud-native network that securely connects all resources to users regardless of location.
What does the SASE ideology include?
Focus on identity. The concept of the “branch office” is less relevant in the age of flexible working. As Gartner puts it: “A branch office is simply a place where multiple users are concentrated. Likewise, a salesperson in a car accessing a CRM application is a branch office of one.” This is why identity, and not the data center, is at the heart of SASE. Users are connected to a centralized cloud-based service at an individual level, rather than as a branch connected to the data center like in a traditional WAN model. No matter the device or location, SASE ensures that users are connected to their required services based on their identity by tying policies to individual users rather than IP addresses.
Cloud capabilities. SASE includes traits like mobility, scalability, and other key cloud capabilities for maximum efficiency. Like other cloud software, the architecture is also available anywhere and can be globally distributed. As Gartner notes: “To provide low-latency access to users, devices, and cloud services anywhere, enterprises need SASE offerings with a worldwide fabric of points of presence (POPs) and peering relationships.” POPs refer to the interface points between multiple networks or communication devices.
Network integration. SASE creates one unified network embodying all company resources including data centers, branch offices. and mobile users.
What are the main benefits of SASE?
Lower costs. Fewer vendors are required with SASE due to the fact that all services will be consolidated under a single provider. This also means that the number of software agents on end-user devices, as well as the number of appliances in a branch, will decrease. Businesses can save money in the long term by adopting SASE and unifying its technology.
Improved performance. The best SASE vendors will include latency-optimized routing across global POPs, so it will take less time for data to get from one point to another. This is crucial for video, collaboration and web conference apps, as well as other latency-sensitive applications.
Increased security. With SASE vendors that support content inspection to identify malware and sensitive data, all access sessions can be scanned so the relevant security policies are consistently applied regardless of the user or device location. The security perimeter is no longer limited to the data center – “the perimeter is now everywhere an enterprise needs to be.” SASE can also be implemented as part of a zero-trust security methodology. A key part of zero-trust is the focus on user identity as opposed to IP addresses or physical locations. And SASE can support the policy’s “trust no one” outlook by including relevant safety measures like end-to-end encryption and public WiFi protection.
Simpler access. There will be no need for numerous software agents on devices once SASE has been successfully introduced. Instead, just a single agent or device is necessary, and the correct access policy will be automatically applied without the user’s needing to take action.
What are the limits of SASE?
Though there are many benefits to SASE, there are also risks. First, it can be complicated to create a SASE system from various vendors and cloud elements or if a vendor compiles a SASE package from multiple acquisitions and/or partnerships. Such inconsistency can be difficult to manage and enforce, which may negatively affect performance. Moving to SASE will also mean switching to new vendors and subsequently retraining staff, while legacy vendors may struggle to adjust to the cloud-native mindset SASE requires.
Another concern is whether SASE is really as “transformational,” as Gartner claims. In an interview with SDxCentral, Clifford Grossner of IHS Markit questions whether the concept demonstrates any new technology, claiming: “All we can see is an integration of existing technology. This is simply edge computing, connectivity, and security with integrated management.” He also dismisses SASE “as a separate market,” as he doubts whether businesses would buy everything from a single vendor. However, as SDxCentral editor Tobias Mann notes, this skepticism has not been convincing enough to stop vendors from exploring the SASE market.
When can businesses incorporate SASE?
Gartner emphasized that SASE is “in the early stages of development.” According to another of its reports, “Hype Cycle for Cloud Security 2019,” it’s predicted that the SASE approach will become mainstream in five to 10 years.
Gartner believes that several vendors will be able to provide complete portfolios by the end of 2020. This includes Cato Networks, with CEO Shlomo Kramer insisting that the vendor has always “focused on converging networking and security into the cloud, creating one, global, cloud-native architecture.” Barracuda Networks also highlights the value of SASE while promoting its CloudGen Firewall. And during its earnings call in September 2019, Zscaler CEO Jay Chaudhry proclaimed: “As the world moves towards the SASE model, traditional network security vendors are embracing Zscaler’s vision of cloud-based security after rejecting it for years.” Meanwhile, VMware claims its VeloCloud SD-WAN is indeed a SASE platform, though it’s not yet clear whether this matches Gartner’s SASE definition.
Though none of the major public cloud providers – Amazon Web Services, Azure, or Google Cloud Platform – is competitive in the SASE market yet, Gartner believes at least one “will move to address the majority” of requirements in the next five years. As it’s still early days for SASE, Gartner also recommends entering only into short-term contracts with vendors of no more than two years, which include acquisition protection clauses.
For more on cybersecurity, see “Staying Ahead Of Insidious New Breeds Of Cyber Attacks.”