Understanding SASE Architecture
SASE converges the functions of network and security point solutions into a unified, global, cloud-native service. Such capabilities provide enterprises with a number of benefits.
January 29, 2024
Secure Access Service Edge (SASE) is an enterprise networking architecture category introduced by Gartner in 2019. It converges the functions of network and security solutions into a unified, global cloud-native service.
SASE allows an architectural transformation of enterprise networking and security. It is typically delivered as a service, but enterprises can also combine WAN and security services into their own managed SASE solution.
One of the challenges those new to SASE technology often encounter is that solutions can be quite complex as they are made up of many discrete elements. One way to better understand what SASE is and what it does is to look at those elements.
6 Reasons Why Your Business Needs Strong SASE Architecture
SASE converges the functions of network and security point solutions into a unified, global, cloud-native service. That, in turn, lets IT provide an agile and adaptable service to its users.
As such, a successful SASE implementation delivers many features, functions, and benefits. They include:
Flexibility and Scalability
SASE network architecture delivers flexibility in multiple ways. First, SASE uses a variety of protocols to connect devices to the network. This allows businesses to choose the best option for their needs and provides flexibility in connecting devices.
SASE solutions use software-defined networking to route traffic dynamically across the network. This allows businesses to adapt quickly to changing conditions and provides flexibility in traffic routing.
SASE uses cloud-based services to provide flexibility in delivering services. This allows businesses to scale their services up or down as needed and provides flexibility in how services are delivered.
Enhanced Security
By converging security and networking functions into a single platform, SASE provides a unified security posture. Solutions encrypt data in transit, leverage the cloud to identify and block threats, and offer several features, such as zero-trust network access and threat detection based on analytics.
Optimized Performance
SASE solutions can optimize performance by accommodating increased traffic as your business grows. SASE solutions also enable businesses to connect remote users and devices efficiently with little latency.
Cost Efficiency
SASE architecture can reduce business costs by consolidating multiple networking and security solutions into a single cloud-based platform. This approach can help reduce the number of hardware and software components businesses need to purchase and manage. That, in turn, can help enterprises run and manage their networks with fewer staff members. It also helps cut energy consumption.
Streamlined Management
SASE offers improved and simplified manageability for businesses. It centralizes your data, applications, networking, and security functions into a single platform. SASE solutions provide control over networking and security policies, which helps businesses optimize their networks for optimal performance. SASE provides real-time visibility into the status of the network and its security. This is performed from a central location.
Compliance and Regulatory Benefits
The overarching goal here with a SASE solution is to configure security to detect and stop threats while maintaining compliance. What is needed is contextual visibility into what is happening in a SASE session or connection.
To that end, organizations need insight into all cloud entities and knowledge of how the relationships among them affect their security posture. Once you know what you have, where it is, and how secure it is, you can enforce customizable governance policies that keep your cloud compliant with internal and external standards.
SASE-2-J0YXDX.jpg
Components of the SASE Model
Delivering these capabilities requires a modern SASE solution. Such solutions typically include multiple elements, each performing a different security or network function. The components are well-known individually within an enterprise. What makes SASE unique is it brings these elements together into a single solution that is easier to manage. Additionally, there are synergistic benefits to gain by integrating the elements into a single solution.
That said, the major components of a typical SASE solution include:
Cloud-access Security Broker (CASB)
A CASB sits between a cloud application and the user or device trying to access that application. IT and security staff can set and enforce security policies granting or denying specific users or devices with access to the app. For example, an organization might require two-factor authentication to access a particular app, or it might opt for single-sign (SSO) to all cloud applications.
Zero-Trust Network Access (ZTNA)
ZTNA gained prominence during the pandemic. It is an approach to security that starts with the premise that all users and devices must prove they have access rights to an application, server, or other corporate resource. Access is granted to those with suitable privileges. The devices and resources are not visible to those who do not have appropriate access privileges. The technology has been widely used to support remote access, layering authentication on top of any other access control.
Software-Defined Wide-Area Networking (SD-WAN)
Modern networks are incredibly dynamic entities. WAN technologies of old, like MPLS, simply do not have the flexibility to meet the changing backbone network requirements of today's enterprises. In recent years, SD-WAN has emerged as the connectivity architecture of choice. The software-defined nature of SD-WAN services simplifies WAN management while helping organizations improve network performance, reduce costs, and support new applications.
Secure Web Gateways (SWG)
A Secure Web Gateway (SWG) filters unwanted software, such as malware, from web and internet traffic. An SWG solution is often used for content filtering, blocking access to websites based on content categories (such as adult content, gambling, etc.). Many SWGs offer advanced SSL Inspection, with the capability to decrypt, inspect, and re-encrypt SSL/TLS traffic. This is crucial since a large amount of web traffic is encrypted and could potentially hide malicious activity.
Firewall as a Service (FWaaS)
Firewall as a Service (FWaaS) is a cloud-based security solution that delivers the capabilities of a traditional firewall along with additional features in a more flexible and scalable way. A FWaaS offering typically offers network traffic filtering and advanced threat protection using features and capabilities of traditional intrusion prevention systems (IPS), anti-virus scanning, sandboxing, and other systems to identify and block sophisticated cyber threats.
Centralized and Unified Management
The main advantage of a SASE solution is that it enables organizations to centrally manage their network and security solutions through a unified management platform. It allows organizations to manage networking and security products like SD-WAN, CASB, SWG, ZTNA, and FWaaS from one location. As a result, team members are free to focus their energy on more pressing areas, and the organization’s hybrid workforce can enjoy a better user experience.
Network Services Components in SASE
With the emergence of Network-as-a-Service (NaaS), enterprises have a newfound opportunity to boost flexibility and cut costs by dynamically using transport services from countless providers.
Similar to cloud computing, NaaS eliminates the need for an enterprise to buy and manage WAN routers, switches, next-generation firewalls, VPN boxes, and more. Used in conjunction with the SASE architecture for security, NaaS promises benefits but also faces challenges that are being addressed by multiple associations.
A New NaaS Framework Enables SASE
In October, the MEF announced the industry’s first NaaS blueprint, a SASE certification program, and an enterprise leadership council.
The NaaS blueprint should result in the emergence of the second take on network communication services, while the SASE part helps make evaluation of security solutions easier for businesses.
For organizations that find a subscription approach to enterprise networking appealing, NaaS offers a turnkey solution that typically includes equipment, software, orchestration, and management at a fixed recurring cost, with services tailored to meet the adopter's specific business requirements. This helps you smooth out the financial and operating lumps that come with ongoing technology refreshes.
NaaS technology provides networking hardware, software, and operational/maintenance services as an operational expense instead of the traditional upfront expense. Like other cloud services, NaaS is managed by the service provider and delivered for a fixed fee.
Of great importance is the development of NaaS APIs, which service providers employ to automate common functions like order processing, service provisioning, and security. They can make it easier for an enterprise to order and use NaaS services.
SASE-3-2G01B0R.jpg
Challenges and Solutions in Adopting SASE
After deciding that SASE is the right approach, there are several issues to consider and resolve before an implementation can begin. They include:
Single or multi-vendor solution?
While a multi-vendor solution may provide the best-of-breed components from multiple vendors, integrating these building blocks can be time-consuming. The specter of vendor finger-pointing (or internal confusion) when a problem arises is chilling.
By contrast, one of the largest trends in 2023, which is projected to continue for years to come, is the soaring business interest in single-vendor SASE architecture solutions.
"Since we started tracking the SASE market in 2019, multi-vendor solutions have represented most of the market compared to single-vendor. However, in 2023, we anticipate that single-vendor SASE will become most of the market," said Mauricio Sanchez, Senior Director, Enterprise Security and Networking at Dell’Oro Group.
Where are you on your cloud journey?
The SASE ecosystem can appear fragmented and confusing by nature, and this approach may not make the procurement process any easier. If an enterprise is not already far along on its cloud journey, converging network access and security into a single architectural model may be a challenge.
Teamwork is essential
Some of the challenges have to do with getting enterprise IT staffers to play on the same team. SASE architecture converges network access and security, but within an organization, two different teams may be responsible for these capabilities, and getting them to work together could be a delicate process.
Consider buy-in from the top down
The decision to move to a SASE architecture requires buy-in from the very top of the business all the way down to those responsible for implementing the components, operating/managing, and operating the resulting blended security and networking solution. Since this is an enterprise-wide effort, buy-in from C-level executives (business and technology) would go a long way to driving the implementation with broad support.
Join or stay abreast of MEF undertakings, resources, and opportunities
As explained above, the MEF and friends have launched global initiatives aimed at defining SASE and NaaS through industry collaboration. A planned SASE certification program should lighten the lifting for businesses.
Examine the NaaS Industry Blueprint from the MEF
MEF and its member organizations are laying the groundwork to bring a new generation of Network-as-a-Service (NaaS) to market. They envision NaaS as services that combine on-demand connectivity, application assurance, cybersecurity, and multi-cloud-based services. To meet enterprise demands, those providing these services will need a standards-based automated ecosystem.
Where to turn for help? Try the NaaS Industry Blueprint. The intent of the blueprint is to help accelerate a new generation of NaaS. Specifically, the blueprint defines NaaS and proposes primary building blocks of NaaS solutions, including services, automation platforms, ecosystems, and certifications. It incorporates existing MEF service and Lifecycle Service Orchestration (LSO) automation API standards and industry tools for building and delivering NaaS services. Finally, the blueprint presents initial NaaS use cases in the areas of on-demand transport, SD-WAN, SASE, and multi-cloud.
After the green light
Though many are first focused on money, there are several other important aspects for businesses to focus on when evaluating and selecting a SASE provider. Start with each vendor's experience with SASE and customers. Also, check into their training program.
Next, check the level of pre- and post-sales support available. Costs are an important factor, but try to think instead of the value SASE portends to deliver to your business.
About the Author
You May Also Like