Politicians from Winston Churchill to Rahm Emanuel are known to have uttered something along the lines of "never let a good crisis go to waste." The point is to seize the opportunity during a calamity to do something you could not do before. That seems to be the case with proponents of Secure Access Service Edge (SASE).
SASE is an enterprise networking technology category introduced by Gartner in 2019. It converges the functions of network and security point solutions into a unified, global cloud-native service. It allows an architectural transformation of enterprise networking and security. That, in turn, lets IT provide an agile and adaptable service to its users.
SASE’s Covid boost
Until the pandemic, SASE’s adoption was limited. A 2021 industry survey of 750 IT leaders, including CIOs, CTOs, IT, and network directors, found that less than 12% of enterprises fully embraced the framework before the pandemic. Part of the problem was confusion about what SASE is. One-third of the 750 professionals surveyed could not even confidently define SASE.
That said, interest in and adoption of the technology exploded last year thanks to the networking and security challenges of the pandemic. Traditionally, enterprises used firewalls and enterprise VPNs to secure network traffic through an encrypted tunnel. These measures were already becoming obsolete in a world where data was increasingly distributed and perimeter-less.
In other words, now that enterprises simply don't use the old hub-and-spoke topology that routed remote users' network traffic through a single data center, neither should their modern security frameworks. Transitioning from traditional network security models, network administrators shifted to cloud-centric security strategies that let people securely work from anywhere.
Bottom line: SASE is designed for today's perimeter-less environments. It eliminates the need to force traffic through a central site and makes it easier for remote groups to work over distributed networks securely.
SASE drivers and obstacles
Last year, many organizations came to the same simultaneous conclusions. Namely, work-from-home was here to stay (in one form or another) and there was a need to better manage remote connectivity and security together. These points were evident in our coverage of the issues during the year. Some examples:
Networks Must Change to Support Mainstreaming of Working from Home
The article noted that Enterprise Management Associates (EMA) published a research report, "Enterprise WAN Transformation: SD-WAN, SASE, and the Pandemic,” based on a survey of 303 IT professionals. The research found that, prior to the pandemic, the average enterprise had about 14% of its employees working from home on a regular basis. At the time of the survey, 64% of employees were working from home. And more than half of the enterprises surveyed expect their work-from-home populations to remain elevated after the pandemic ends. This permanent shift means that IT organizations need to adjust network architecture and network operations.
The research also found that 82% of IT professionals believe SASE can support business continuity during the pandemic. The primary opportunity is secure remote access, such as a cloud-delivered alternative to traditional remote VPN solutions.
Will SASE Mark the End of the Network as We Know It?
The article noted that SASE offers an entirely new network architecture that brings applications closer to end users worldwide, and it also provides secure access. Its key advantage is its ability to tap into cloud resources, which tend to be far more expansive than the options provided by an on-site data center or any network device, to identify and mitigate security risks.
Given its many inherent attributes, SASE represents a modern, converged approach to networking and security. As a result, the article noted, "SASE promises to revolutionize wide-area networking to the extent that it will soon eradicate conventional SD-WAN technology.”
How SASE Architectures Can Reach Beyond Cybersecurity
The article noted that because SASE uses a flexible software-as-a-service (SaaS) model, cybersecurity services can be positioned in the cloud, at a metro edge, or inside a private edge. The physical location where services reside depends on where end users are located and the level of network performance they require. This means that cybersecurity services are delivered in a manner that can dynamically shift delivery points based on user location and need and fully abstracts the delivery of those services.
Ultimately, SASE is a dynamic service edge architecture that has the potential to become the next-generation foundation for enterprise networks of the future.
SD-WAN and SASE – Hype or Reality?
The article noted that in 2022 and beyond, many secure SD-WAN and SASE deployments will be offered as managed services from a service provider with cloud-native technologies. SASE moves the security function to the cloud in the nearest edge computing environment to the user's home. As a result, SASE shares the resources of an edge cloud with multiple tenants, optimizing resources and security functions for multiple subscribers. Security functions can be shared between many subscribers in a multi-tenant model and scaled using cloud-native microservices architectures.
However, the lack of common terminology and standards will slow adoption as proprietary solutions are developed, and confusion exists over the flavors of technologies and services. Pascal Menezes, Chief Technology Officer at MEF, noted: “The good news is that with available standards and new standards coming in 2022 to define SASE and Zero Trust, customers will be better informed to compare services and understand key definitions and frameworks when purchasing secure SD-WAN and SASE managed services.”
Looking ahead
SASE will become an important consideration as enterprises implement their next-generation branch networks. Industry analysts expect enterprises to adopt SASE over a five- to 10-year period. Many enterprise organizations will start with SD-WAN and phase in SASE over time. The reason: Familiarity with SD-WAN technology and its wide availability from many providers. That brings up an important point to remember. SASE is relatively new. As noted above, one-third of IT managers in one survey said they could not define SASE.
Organizations likely to adopt SASE faster than others are those that are embracing a cloud-first or cloud-native philosophy. Such organizations may find SASE is a good complement to their way of thinking. Businesses that may delay the adoption of SASE have common traits. Typically, they have many legacy applications (i.e., applications that are not cloud-native), large data centers, and most of their network traffic is still within the enterprise perimeter.
NetOps teams, like Spider Man, have great powers and great responsibilities. Increasingly, they are adopting a Zero Trust approach to network operations to help fight their battles.
Senior stakeholders who want to hold on to their CISOs must ensure that they have sufficient incentives and, more importantly, support to cope with the burden of risk that they are carrying.
The most alarming takeaway from Cisco’s new Cybersecurity Readiness Index report is that even after decades of having the importance of cybersecurity driven home, cyber threats are still taken too lightly.
