Stated simply, secure access service edge, also known as SASE, is a cloud architecture that combines network and cloud-native security technologies and delivers them as a single cloud service.
As a result, SASE enables enterprises to use a single management console to bring together their network and security tools. This recasts network expansion by providing a simple security and networking tool that's independent of where employees and resources are located.
With the number of remote workers increasing and more organizations using cloud services to run applications, SASE offers a fast, affordable, and scalable SaaS product that covers both networking and security functions.
Network Expansion to Date and Going Forward
“Irrespective of SASE, there’s been a general trend to make network deployments easier over the past decade,” explained Mauricio Sanchez, Senior. Director, Enterprise Security & Networking Research at Dell’Oro Group, a network infrastructure market research and analysis firm. "The classic case is dropping shipping a box somewhere (a router, a Wi-Fi AP, etc.) and having it automatically provision its network policy by itself once it gets plugged in. "
Fast forward to what’s happening with SASE, that ease-of-deployment and auto-provisioning is extending to the security and endpoint side. “On the security side, the user/SASE security policy is now starting to be attached to the network provisioning workflows, which gets us one step closer to secure networks out of the box,” said Sanchez.
"On the endpoint side, it's a conversation about how to get endpoints (laptops, iPads, phones) secure connectivity." As a result, SASE solutions are now extending to help provision that secure connectivity a lot faster and better than before.
What SASE Solutions Include
SASE requires little to no hardware and uses cloud technology to bring together (SD-WAN) with network security functions. They include Firewall-as-a-Service (FWaaS), Software-as-a-Service (SaaS), Secure web gateways, Cloud access security brokers, and Zero Trust Network Access.
Beyond Provisioning to Zero Trust Network Access (ZTNA)
Enterprises beset with adding a growing number of remotes and WFH locations still need to face ZTNA. Any SASE solution worth its beans is going to be able to show how it helps improve zero-trust in the organization. “When lighting those new remote sites or users, it’s vital to leverage zero trust philosophy and make sure those remote sites/users only get the access they need and no more,” explained Sanchez. Otherwise, he added, it’s as good as leaving the back door open.
Why the growth in enterprise networks?
SASE has taken center stage in network planning as enterprises face a two-headed challenge or provide secure access to far-flung locations (many of which are gaining broadband access per the Broadband Equity, Access and Deployment program (BEAD) while simultaneously supporting employees working from home. IT security staff can also use SASE to cover mobile connections and the attached devices.
BEAD: BEAD provides $42.45 billion to expand high-speed internet access by funding planning, infrastructure deployment, and adoption programs in all 50 states. With the funding amounts per state recently announced (each received $100 million), the focus has shifted to the actual deployment of broadband services to unserved and underserved areas in a bid to finally close the Digital Divide.
WFH: Security is of paramount importance when supporting WFH as workers had not planned that their home would be their office and often know little about broadband access networking and security challenges. While some large U.S. employers are trying to get WFHomers back in the corporate office, working from home full time will continue forward.
Mobile Workforce: Beyond federal and state-funded broadband rollout efforts already underway, the rapid emergence of 5G networks has network and business planners looking to better secure connections to fast-growing mobile workforces, be they in sales, support, field service, etc.
SASE to the Rescue for Network Expansion
Having scrutinized the SASE market for years, Sanchez has found items network planners should look for in bringing on a solution:
- Agent deployment: “Good SASE solutions have a mechanism to deploy/install agents via an email invitation.”
- Agentless: “For transient users that don’t want to download an agent, there are SASE solutions that support agentless modes (through the web browser isolation).” It’s a bit like taking Zoom or Teams calls within a web browser, he added.
- Hardware on-prem: Though not cheap, there are still some vendors that offer equipment for the home. These little hardware boxes set up a secure extension of the corporate LAN in the home environment.
The Final Word on SASE for Secure Network Expansion
It's easy to be wowed by vendors that have long lists of "nerd" knobs and overlook operational fit, warned Sanchez. "There's no point in buying a SASE solution that has 300 different features if none of those are going make deployment and day-to-day operations successful."