For decades corporate networks consisted of centralized applications that lived within the walls of the organization. Traditional data and application security was hardware-centric and based on the idea that traffic should be sent to the corporate network where the standard security appliances were located, and outside internet traffic was minimal. In today’s hybrid work environment, the old model has been flipped on its head. Employees move between locations and work remotely, and cloud is the norm. Companies want a more user-centric approach with a flexible model to support a remote workforce and the services and applications they need to access. Premise- and hardware-based models are no longer adequate—a completely different approach to security is required.
Enter secure access service edge (SASE). SASE has emerged as a new breed of cloud-based security architecture that provides a unified, effective way to deliver both security and networking, and it is quickly gaining traction with enterprises. According to Dell’Oro Group, the SASE-related technologies market will exceed $13 billion by 2026.
What’s in a SASE solution?
Today’s IT landscape is complex with hybrid and multi-cloud environments, a host of connected devices, and a distributed workforce. SD-WAN has been an integral part of enterprise networks for more than a decade, given its simplicity. While SD-WAN does have inherent security capabilities adding the flexible, multi-pronged approach of SASE provides the utmost efficiency and is well suited to today’s corporate networks. SASE consolidates connectivity (i.e., SD-WAN) and security functions and delivers them as a single service from the cloud. The streamlined model allows IT to easily connect and secure all of an organization’s networks and users in a cost-effective and scalable way. Enterprises can select SASE solutions irrespective of the whereabouts of employees or company resources.
For enterprises considering SASE, there are many advantages. SASE offers advanced security and networking so that enterprises can update security solutions to address new threats and quickly establish policies to adopt new security capabilities. Additional key benefits include ease of management with one platform to enforce all security policies, simplified network infrastructure based on SD-WAN, and improved end-user experiences, among others.
Zero Trust and SASE go hand in hand
Zero Trust is an identity- and data-centric approach to security that aims to eliminate risk to the organization by removing all implicit trust from the security infrastructure and verifying everyone and everything before granting access to network resources. It is a cornerstone to SASE, which builds on the Zero Trust concept to deliver a fully integrated, secure network. Together, SASE and Zero Trust provide a streamlined, comprehensive security solution able to protect applications and data and enforce policies across the entire network. The combination reduces the attack surface and establishes a hardened perimeter that makes it difficult for malicious actors to penetrate.
SASE features, solutions, and challenges
As we’ve discussed, SASE offers many benefits for today’s modern enterprise. However, there are a few challenges of which to be cognizant. As security needs grew with a changing and growing threat landscape, many enterprises added security teams in addition to the existing networking teams and a host of different security solutions. Often, each of these teams and the solutions within their purview are controlled by different parts of the organization. This can lead to siloed thinking, mismatched skill sets, and a mixture of solutions in different departments from different vendors that are complex to integrate and manage. Enterprises need to ensure that networking and security teams integrate their systems together into a cohesive, synergistic solution that works efficiently to best meet the needs of the organization.
Additionally, a fragmented vendor ecosystem and lack of common terminology leave enterprises challenged to compare SASE feature sets and solutions. The resulting confusion can lead to incomplete service offerings that don’t meet needs and expectations. To simplify and speed evaluation, implementation, and management of SASE services, MEF recently published the industry’s first standard for SASE, which defines common terminology, attributes of the service, and a service framework, along with a Zero Trust framework. MEF’s new SASE standard and Zero Trust framework help simplify offerings and provide clarity when selecting SASE services. Enterprises can make choices based on industry-standard definitions allowing for easier evaluation and faster decision-making and implementation.
As SASE becomes more vital to an organization's strategy, organizations may opt for an “easy button” and consider a managed SASE service offering from a service provider. Standardized, certified services, technologies, and professionals will assure IT professionals of the services they are receiving while providing a common language, constructs, labels, vocabulary, etc., with which to compare managed service offerings between providers.
Learn more about MEF standards and certifications here.
Pascal Menezes is CTO of MEF. Read his other Network Computing articles and view his full bio here.
(Note: This article is part of our regular series of articles from the industry experts at MEF.)