Secure Access Service Edge, better known as SASE, is among the hottest trends in the IT industry. That is because with businesses increasingly embracing the cloud, IoT becoming more prevalent, users going mobile, and 5G applications requiring responsiveness, it has become near impossible to provide security across the enterprise.
Security should not only be about perimeter security but should also include flow-based security together with automation. This will be particularly crucial as the need for a versatile SD-WAN solution that can be part of SASE, as well as of alternatives such as SD-Branch, rises.
Need for convergence of networking and security
Digital transformation is all about efficiency. Information technology makes that happen. Efficiency via automation, elasticity, and flexibility are some of the benefits of the modern IT infrastructure — achieved via the increased usage of cloud computing.
Cloud computing has also created several challenges — networking and security are incompatible with the cloud-centric and mobile-first business models. On one hand, the network is rigid and static. On the other, security is heavily centered on the data center, fragmented across multiple domains of physical locations, cloud resources, and mobile users. Together, networking and security have created silos that were designed and deployed decades ago, and today, new functionalities are just added and patched in as needed in a haphazard way.
Gartner defined the SASE framework that converges network and security into a single cloud-based service. Simply put, SASE is the secure network for the future of your digital business.
What is SASE?
SASE is a framework that brings together networking and security services in one unified solution, designed to allow strong security from edge to edge, delivered as a service — including the data center, remote offices, roaming users, and beyond.
In July 2019, SASE was positioned in the ‘Innovation Trigger’ phase of Gartner’s Hype Cycle for Enterprise Networking. In July 2020, SASE moved into the Peak of Inflated Expectations phase with a five to ten-year timeline to plateau. In contrast, SD-WAN is currently in the ‘Slope of Enlightenment’ phase with more than two years' timeline to plateau.
SASE – A new converged framework of networking and security
SASE addresses the numerous problems that have been discovered with traditional cybersecurity methods used in the cloud. Many of those problems have roots with the ideology that network security architectures must be placed at the center of connectivity in the data center. SD-WAN provides the flexibility in architecture to distribute the intelligence and processing away from the data center. Hence, SD-WAN is an essential pillar of the SASE framework.
Salient features of SASE include the ability to be delivered to enterprises as a managed cloud service, as well as to shift away from a traditional box-heavy branch (i.e., next-generation firewall, branch routers, etc.) to a thin branch (with SD-WAN) and a heavy cloud model.
Through these features, SASE can offer a multitude of benefits, including reduced cost, complexity, need for complex integrations, or management and administrative time, plus faster deployment time.
SASE and networking: SD-WAN is the of foundation SASE
The enterprise network has been evolved and is not the old hub-and-spoke model with rigid interfaces. The new network provides connectivity and pervasive security across the branches, HQ, cloud, internet Software-as-a-Service (SaaS) applications, mobile users, and even IoT devices.
As a result, cloud-delivered and managed SD-WAN services are the foundations of SASE. Not only that, but security is also delivered on top of SD-WAN as a value-added service. With all of this in mind, SD-WAN has several features and benefits to the SASE model, including:
- Network agility by offering flexibility and choice of multi-protocol label switching (MPLS), broadband, LTE
- Ease of deployment through various plug and play options for the customer-premises equipment (CPE), whether it's hardware, cloud, or virtualized
- Network management and automation with real-time networking monitoring, analytics, and network reports
- Application performance assurance functions, including business-policy based application prioritization, performance, and application-based service level agreements, and application performance reliability
Recommendations and considerations
SASE will become an important consideration as enterprises implement their next-generation branch networks – but SASE is a journey. Gartner expects enterprises to adopt SASE over a five to ten-year period. However, the best model will be starting with SD-WAN and phasing in SASE at an appropriate timeframe, rather than waiting it out. It is important to note that SASE is new, and careful planning and vendor selection is needed for this unproven framework.
If you’re an enterprise that is aggressively moving to cloud-first or cloud-native applications, then SASE may be more appropriate for you sooner than an enterprise that still has legacy apps and private data centers and more traffic contained inside the enterprise perimeter.
SD-WAN is being widely adopted by enterprises, which is greatly simplifying the branch network environment by integrating multiple functions (e.g., WAN connectivity, NGFW, Application optimization, Wi-Fi, etc.). These strategic changes make it timely for enterprises to rethink and refresh their strategy and plans for network security, but Gartner sees no rush for enterprises to implement SASE in the near-term.
For SASE deployment, it is recommended that enterprise service providers offer not only the SD-WAN managed service but also that the SD-WAN has appropriate integrations with cloud security vendors that offer advanced security functionality such as a cloud access security broker, zero-trust network access, and data loss prevention. It is also important to ensure the flexibility and options to deploy SASE security functions – embedded and offered at the branch, via VNFs, or cloud-delivered.
The hype around SASE has grown rapidly, and it will become an important reference framework for the convergence of networking (SD-WAN) and security – but it’s still in the early adopter phase of deployment.
SD-WAN is growing rapidly and at the same time presents security issues, challenges, and opportunities. The future success of enterprise SD-WAN depends on how security is considered because SD-WAN is the foundation of SASE. When considering a SASE future, it is important that – whether they go it alone or with a managed services partner – enterprises pay careful attention to the SD-WAN functionalities underneath it, including multi-path selection, choice of interfaces, performance, and deployment flexibility.
Charuhas Ghatge is Product and Solutions Marketing Director at Nuage Networks.