Whilst Private Cloud environments are still relevant in our market today, more and more is happening in the cloud. Employees do most of their work there, and their critical tools like SaaS applications and email are found there. Even large portions of an organization’s data are now located in the cloud. Naturally, security needs to be located there as well.
Unfortunately though, it is not. It wasn’t too long ago that all those elements, along with employees, resided together within the confines of an office building. Data travelled securely between a data centre and employees working onsite or in regional branch offices. But one by one beginning with data migration to cloud services like AWS or Azure, followed by the transition of applications such as Microsoft 365 these elements started moving to the cloud. That migration accelerated in 2020, as the COVID-19 pandemic struck, which quickly forced people out of the building to remote working.
Having people, data and applications “everywhere” while security is confined to one spot has created a mismatch. Organizations have had to relay traffic between multiple checkpoints like firewalls, thereby interrupting traffic flow, increasing the vulnerability to attack, and struggling to protect multiple network edges.
Defenders initially turned to VPNs but quickly found that they didn’t scale effectively with the resulting bottlenecks hampering productivity and ultimately compromising security. Trying to shoehorn a security fix into a flat data centre architecture simply doesn’t work. Instead, security teams are now slowly adopting a new security-driven network architecture strategy that protects employee productivity in the cloud.
Enter Secure Access Service Edge (SASE).
What is SASE?
SASE tightly integrates software-defined wide area networking (SD-WAN) capabilities with network security functions such as Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Zero Trust Network Access (ZTNA). SASE also integrates the networking underlay elements link Telco underlay, link optimisation, monitoring, and network aggregation to create a framework that supports the dynamic secure access needs of modern organizations looking to secure the modern workforce.
The emphasis is not only on remote access but rather on a device’s identity using real-time contextual information. SASE applies the security and compliance policies of an enterprise, as well as functions that allow organizations to continuously assess risk and trust during a session. Those identities aren’t always associated just with devices or people but can be linked to applications, different groups of people and even IoT systems or computing locations at the edge.
While the SASE concept has just started to create a buzz, none of the tools used in this emerging framework are new—in fact, they’re familiar to most security teams, which already use them liberally, albeit separately. They’re simply packaged together to dynamically create a policy-based secure access service edge that moves the security perimeter out from the confines of a box in the datacentre.
What benefits does SASE deliver?
For companies continuing their digital transformation to become more agile and differentiate themselves from competitors, SASE delivers a number of benefits. The convergence of networking and security will position modern organizations to:
- Better safeguard data. Through the tight integration of networking and security offered by SASE, organizations can marshal the resources to prevent data loss, provide secure access, and guard against advanced threats across an organization’s systems.
- Protect and increase productivity. SASE provides the visibility, scalability, and flexibility that organizations need to let employees work from anywhere using the applications they need, add users, see and monitor data no matter where it resides, and head off potential security issues before they become a problem.
- Reduce friction and dissuade users from skirting security. Users frustrated with barriers created by security controls will often find workarounds, putting their organizations at risk. But in a SASE model, security happens in the cloud and behind the scenes, improving both the user experience and workflow.
- Apply consistent security policies to all devices. Tablets and smartphones are often treated like second-class citizens when it comes to security. But with SASE in play, organizations have the tools they need to deliver the same type of security experience to those computing devices as they would deliver to desktop computers—regardless of the location of the user, either in an office or remote. Consistent policy tightens security across a company’s assets.
- Simplify management of security tools. The number of tools that organizations must manage has exploded in the last few years. Through SASE, those tools are integrated into a single architecture or platform that is more easily managed.
- Reimagine security as a business enabler. The Security team is often known as the “No Man” of any organization, rigidly holding users to strict policies and declining requests to use much-needed technologies and applications that fall outside those policy norms. But SASE enables users to capitalize on the advancements of cloud applications and SaaS applications while allowing security to still implement sound policy without changing user behavior.
How does SASE work?
SASE relies on a distributed group of cloud gateways called POPs, or local points of presence, that receive traffic from other locations (sometimes/ideally running SD-WAN devices). Within these POPs, all security functions and policies from web and email security to firewall and access control are implemented. By deploying security in a SASE framework, security is close to users and their data and applications, visibility and control is maintained regardless of location or device type, and security is invisible to end users, who continue to work normally.
What are the challenges of adopting SASE?
Making good on the SASE premise assumes that the cloud is smart enough, dynamic enough, and scalable enough to deliver secure access to resources, no matter where a user is located. Intelys have developed a step-by-step approach to SASE which outlines the four critical steps to take in deploying a SASE strategy. A good starting point in the SASE journey is at the Secure Web Gateway, which provides a blanket of security no matter wherever a user is located. Features like CASB and DLP can then be added. That’s not a trivial change for a lot of companies because they’re moving from on-premises security, so they must put the time and resources aside and partner with the right vendor to ensure a smooth transition.
Ready to take the first step in your SASE journey? Discover the four critical steps to take in implementing a SASE strategy with Intelys. Alternatively get in touch with our team to setup a session to discuss our approach.