The latest trend in cybersecurity, Secure Access Service Edge (SASE), was first introduced by Gartner in 2019. SASE is an architecture model that combines software-defined wide area networking (WAN) with security functions to support the dynamic nature of today’s modern workforce. There has been a dramatic change, both technologically and operationally, in the working environment. This is due to a combination of applications moving out of the data centre and into the cloud, more employees working from remote locations than ever before, and data being accessed from a wide range of company and personally owned devices. These factors make it increasingly difficult for network and security administrators to know what applications and data are being accessed (and by whom), as well as their usage. And, of course, what they cannot see, they cannot manage or secure properly.
There is no off the shelf SASE solution, because there is no clear definition of what technologies must be included to qualify. For that reason, vendors that offer a wide range of networking and security products may market what they offer as a SASE solution. However, there are five technologies that are considered core to the architecture: Software-defined wide area network (SD-WAN), firewall-as-a-service (FWaas), zero trust network access (ZTNA), secure web gateway (SWG) and cloud access security broker (CASB). To help security practitioners to better understand this concept, here are its key principles:
Firstly, the data centre is no longer the concentration point of the network. Traditionally, organisations had a central office for employees to work from that would be protected by network security tools that operated on the corporate LAN. This legacy approach was ideal for the traffic flow of data accessed. However, with the increased remote workforce and the adoption of cloud services, data and applications, the traffic flow has changed. Continuing to backhaul cloud destined traffic to the data centre will add unwanted latency and ultimately become a business inhibitor.
Secondly, data accessed must be granted based on the user’s identity, not their location. Previously, all those that had access to the network were trusted users. Due to the remote nature many of us find ourselves in, this is neither conducive nor safe. Nor is the option to allow everyone open access to the network as this could lead to insider threats. Employees and business partners should have access to only the data required to complete their job duties, no more and no less.
Additionally, with users and applications more widely distributed, organisations should consider technologies that offer worldwide points of presence and peering relationships to reduce latency. Having a point of presence that is geographically near a user facilitates a shorter logical path between them and the resource they are accessing, allowing them to focus on accomplishing their job duties or tending to customers, as opposed to waiting for applications and web pages to load.
Lastly, SASE promotes the consolidation of the number of vendors an organisation leverages when addressing the management of the network and security. Ideally, these would be managed by a single security solution that provides intelligence, analysis, automation and can communicate seamlessly with other technologies on the network.
It is possible that many vendors already offer aspects of SASE, but it is strongly advised that organisations take the time to conduct the necessary due diligence to understand what is being offered. Remember that no single network or security solution ticks every box. Instead, a combination of products, policies and procedures will reduce the overall risk level while offering a more complete defence against cyberthreats.
While the term SASE is not in its infancy, its deployment certainly is – with Gartner expecting mass adoption to occur over the next decade. If organisations are evaluating security budgets, consider acquiring multiple solutions from one vendor or see how existing technologies can be integrated. Within the cybersecurity industry there have been many acquisitions with vendors trying to offer a complete suite and product line that addresses both network and security issues. This further supports the move for organisations to adopt the SASE framework with its consolidation of technologies and management platforms.
In considering the SASE framework, there are many options available for organisations in how they can integrate its core technologies. Much like meeting compliance requirements and the many forms this may take, there is no one prescriptive approach to achieving SASE. Whether it’s from one vendor that offers a complete stack or if it’s through a layered approach from multiple vendors. As the business world continues to evolve in the wake of remote working, organisations must continue to improve efficiency, productivity, the management of the network and overall security. Adopting a SASE architecture can help them to do this.
Author: Mary Blackowiak, Lead Product Marketing Manager, AT&T Cybersecurity