Secure access service edge (SASE) is a popular topic in the world of enterprise IT. There are plenty of articles available that discuss the benefits of the cybersecurity model. What’s missing, however, is a discussion of the network impact that SASE poses once implemented within an enterprise infrastructure. Let’s look at some the effects that SASE will have on traffic flows and existing network security tools.
SASE significantly changes network traffic flows in two key areas
Until recently, most businesses required that employees work out of a central corporate office. Thus, security architects would deploy network security tools within the confines of the corporate LAN. Examples of these types of tools include firewalls, intrusion prevention systems (IPS), secure web gateways (SWG), and zero trust network access (ZTNA). Deploying network security tools directly on the LAN brought security services in line with the natural flow of network data between end-users and the applications and data they were accessing. This is true regardless of whether the data and services resided on-premises or the public cloud.
Looking at branch office and remote users, however, we see a different traffic flow story when it comes to accessing apps/data that reside in public clouds. In these situations, branch and remote user traffic must first be backhauled to the corporate LAN, then out to the internet where the cloud services reside. The reason for the backhaul is because the data flows must first be processed/analyzed and cleared by the various network security tools. Backhauling remote traffic obviously creates sub-optimal paths from a network perspective that can add latency to internet-bound communications.
If a business largely manages their data and applications within private data centers, a centralized network security deployment architecture makes complete sense. But as IT departments migrate apps/data to public clouds, forcing users to send data to the corporate headquarters for network security no longer provides for optimal traffic flows. Combine this with the fact that the number of remote employees is expected to continue to rise and we can start to see why SASE has become so popular as of late.
Rearchitecting networks based on evolving traffic flows
Because a great deal of business traffic is now being directed out the internet to public clouds, branch office, and WFH user traffic flows should be rearchitected to access public cloud resources directly while also being able to access network security services. This is the purpose of SASE as network security tools are migrated away from private data center deployments into the public cloud. By doing so, all users, regardless of physical location, have the same access and network flow efficiency. It also means that both corporate internet edge and branch office WAN traffic will decrease as remote user traffic no longer has to be backhauled to the corporate LAN. This reduction in traffic can translate into the IT department downsizing corporate Internet broadband and private WAN throughput capacity.
Does SASE signal the end of on-premises network security tools?
While SASE seemingly negates the importance of on-premises security tools, it’s likely that most enterprise organizations will still require them as part of a hybrid cloud security architecture. In-house security tools must still be deployed to protect IT applications and services that still reside within private data centers. That said if a company's long-term goal is to migrate all apps, data, and other digital resources to public cloud service providers, the need for on-premises network security tools may no longer be necessary.
Architectures can leverage SASE to create more efficient and secure networks
IT architects are tasked with creating networks that accomplish three primary goals. First and foremost is connectivity. Next is optimizing traffic flows. Finally, network architects must work with security counterparts to provide a secure path for business data. With SASE, all three can be accomplished with relative ease.
Related Network Computing articles: