Getting SASE: Making Network/Security Convergence Happen

This Industry Viewpoint was contributed by Kristen Menard of Claro Enterprise Solutions

A sales executive has a few hours to kill between meetings, so she camps out at a coffee shop to catch up on emails and review sales reports. Accessing the café’s public WiFi network, however, leaves sensitive account information vulnerable to hackers. Meanwhile, a contractor using his own machine has to access the company’s Finance and Accounting and HR applications. But because his laptop isn’t on the protected corporate network, data assets are similarly exposed.

These risks exist because traditional cybersecurity architectures treat different components of the enterprise essentially as discrete fortifications. These components – the user’s device, the corporate network and the public Internet – each present a set of risks that require ongoing remediation as the threat landscape continually evolves. More specifically, as users move from one fort to another, the multiple points of entry and egress that result create myriad additional risks. In today’s increasingly open and integrated business environments, this patchwork is no longer viable.

The Next Big Thing

The solution may be on the horizon. Secure Access Service Edge (SASE – pronounced “sassy”) is emerging as the next Big Thing in networking security.  By integrating the disparate pieces of traditional security architectures into a Cloud-based, as-a-service delivery model, SASE represents a convergence of security and the network. This convergence is characterized by seamless delivery of security functions, including firewalls, identify verification, malware detection, virus blocks and malicious activity alerts, all at or near the edge. At the same time, SASE prioritizes network traffic to reduce latency and optimize network and application performance.

For the sales exec at the coffee shop and the contractor working on HR files, this integration of network functionality and security capabilities minimizes the risk of exposure from open networks or unprotected devices. By definition, SASE takes a zero trust security approach to protect today’s amorphous  network perimeter, which is complicated by factors such as mobile computing, telecommuting, BYOD policies, direct Internet access, multi-Cloud access points and increasing data storage at the workstation level. By decoupling  security from the static traditional network, SASE applies zero trust principles such as access control, user authentication, device-state analysis and segmentation at the network’s moving, fluxing edge.

Range of Benefits

One advantage of converged network security through SASE is the ability to enable secure transactions at the edge of the network. The traditional approach of backhauling  traffic to a central data center to apply network and security and policy takes time and wastes network bandwidth. SASE provides better, more agile reflex and reaction time for network computing and security at the actual touchpoint.

 

SASE also supports Cloud-based centralized management of policy with distributed enforcement points close to the entity, enabling local decision making as needed by branch offices and local agents. By making applications, services, APIs and data securely accessible to partners and contractors, without the bulk risk exposure of legacy VPN and legacy demilitarized zone (DMZ) architectures, SASE facilitates idea-sharing and innovation.

Latency-optimized SASE solutions deployed across worldwide points of presence, moreover, boost performance of latency-sensitive collaboration, video, VoIP and web conferencing applications. Transparency is enhanced because policies are applied automatically, consistently and without user interaction across different Cloud-hosted applications, regardless of user/device locations.

Early Days

Because the model is still in its early days, enterprises adopting SASE face some challenges and potential risks. The scope of functions involved requires that providers adopt a variety of strategies and approaches. And given the nascent state of the model, we have little evidence regarding the strengths, weaknesses and limitations of any given approach.

Moreover, SASE is less an innovative new technology than it is a new approach to integrating a wide range of existing technologies. This makes breadth and depth of capabilities imperative. As the SASE market develops, vendors will scramble to assemble the required capabilities via acquisitions or new partnerships. Analysts are already warning of the risks relying on complex webs of multiple partnerships and alliances to deliver a solution.

Another key capability is networking infrastructure. A global SD-WAN footprint, or similar architectural approach such as edge computing or software-defined networking, is an essential building block of a SASE solution.

Who to Trust?

SASE promises to make existing network security models obsolete and transform how businesses secure their data, devices and communications. While deployment requires a wide range of expertise, networking and security fundamentals are paramount.

As such, providers with a legacy in the telecom space could have an opportunity to prosper in this burgeoning market. The transition to digital models makes physical assets such as disks and boxes less and less prevalent.  Telecom vendors, moreover, are increasingly adopting software-as-a-service. In this rapidly evolving business network environment, the provision of security is similarly being redefined.

Kristen Menard is Director of Managed Security Services at Claro Enterprise Solutions, a global technology services provider.

If you haven't already, please take our Reader Survey! Just 3 questions to help us better understand who is reading Telecom Ramblings so we can serve you better!

Categories: Industry Viewpoint · SDN · Security