Breaking Down SASE

Deeply integrating security with networking functions provides higher-order protections for applications and data regardless of the paths that workflows or transactions take.

John Maddison

September 14, 2020

6 Min Read
Breaking Down SASE
(Source: Pixabay)

SASE, or Secure Access Service Edge, is one of the hottest topics in both networking and security at the moment. And for good reason. Businesses, and the workers and networks that support them, have been thoroughly disrupted. Organizations, and especially their IT departments, have been wrestling with digital innovation for the past several years. With largely the same budget and staff they had at the start of this disruption, these teams have had to plan, design, implement and manage the rapid expansion of the traditional network to include multi-cloud environments, SaaS applications, the massive adoption of IoT, and next-gen branch offices that need rapid and reliable access to all of these applications and services.

And in just the last few months, the entire networking model has been inverted. Huge numbers of traditional workers now having to access business applications and networked resources from home. And this isn’t just a temporary change. One recent survey reports that nearly a third of organizations are planning on having more than half of their employees continue working remotely full-time even after the pandemic subsides.

Defining SASE

As a result of all of this disruption, the arrival of SASE couldn’t have been better timed. The basic concept is that SASE ensures secure access to distributed resources to a widely distributed and highly mobile workforce. And like SD-WAN, it also ensures reliable connectivity and performance across the public internet while keeping data, applications, transactions, and workflows secure.

However, while the high-level view of SASE is indeed promising, there is still some confusion about what a SASE solution is, the technologies it encompasses, and how it should be implemented. For example, is SASE just a cloud solution, or should it be integrated with physical, on-premises devices? Regardless of how organizations decide to address the implementation of a SASE solution, however, the most important thing to remember is that the definition isn’t really all that important. What organizations really need to focus on is designing and implementing a secure access strategy that can grow and adapt along with their business requirements.

SASE Must Start with a Strong Foundation

So, where do you start in selecting and deploying a SASE solution? Here are three critical concepts that should drive your SASE strategy.

1) Unify Security and Networking. First, you will need to bring security and networking together into a single, unified strategy. Far too often, network expansion driven by digital innovation results in siloed environments. For example, individual cloud environments – even when deployed as part of a multi-cloud strategy – are often secured using different security tools that do not interoperate. Branch offices often end up with their own security solutions that do not line up with those deployed in the cloud or on the LAN. And remote workers can weaken the chain by further fragmenting security.

Such environments – characterized by vendor sprawl, mismatched security solutions, and inconsistent policy enforcement – severely limit visibility and constrain control. While SASE is designed to help secure dynamic connectivity issues, the challenge is that SASE tends to be limited to cloud deployments, potentially contributing to a fragmented security strategy. But in the real world, where the LAN edge is just as important as the WAN and cloud edge, what’s needed is a more comprehensive approach.

A security-driven networking strategy can overcome this limitation. Consistent solutions deployed in every branch, cloud, remote worker, or traditional network environment – including those chosen as part of a SASE solution – ensure broad visibility and control. And by deeply integrating security with networking functions, security can do more than span the entire network, providing higher-order protections for content, applications, and data regardless of the paths that workflows or transactions need to take. It can also adapt as that network infrastructure adapts to changing circumstances and requirements.

2) Integrated Products. The second-most important element of a SASE strategy is choosing security solutions designed to work together. Security technologies deployed in different cloud environments, for example, need to be able to gather and share threat intelligence between each other. But they also need to do this with similar security solutions deployed in branch offices and physical data centers, as well as on remote worker networks and devices. This enables the aggregation of data, so security teams can more effectively identify and respond to even the most sophisticated, evasion-enabled threats, as well as apply a single, consistent response that leverages resources from across the network.

3) Flexible Consumption Models. Finally, solutions need to support a variety of consumption models depending on where you’re integrating your security stack – whether in hardware, virtual environments, or as cloud-hosted solutions. Security tools need to be chosen not just for their efficacy at addressing threats but also because they can be deployed across the maximum number of environments in the widest variety of form factors. This also includes interoperating with other third-party solutions – whether security or networking technologies – using APIs and common standards. This ensures a single view across the network, combined with centralized management and consistent orchestration of policies and configurations so that the entire enterprise is uniformly protected.

SASE is All About Flexible, Anytime, Anywhere Security

To be truly effective, SASE cannot be a “one size fits all” proposition. By integrating cloud-based SASE technologies with such things as physical access points and WAN and LAN controllers, organizations can implement a much more universal SASE strategy. By combing virtual solutions with physical systems, organizations can more effectively establish and enforce consistent policies, such as zero-trust networking that provides consistent protections and access controls to critical resources across the entire network, not just a piece of it. This ensures that any user, anywhere, on any device, can securely access the resources they need to do their job, and at the same time, do not have access to systems or resources not needed to do their job.

Once all of the hype surrounding SASE – or really, any new networking solution or strategy – goes away, these three fundamentals remain in place. With the right foundation in place, you won’t have to go out and buy a bunch of products to have a “SASE” solution. Instead, if you start building your network with the above three principals in mind, your network can be easily expanded to include SASE – or any other new development – while remaining resilient, secure, and manageable from end to end. That approach stands the test of time and allows organizations to stay ahead of the latest hype.

Related Network Computing articles:

About the Author(s)

John Maddison

John Maddison is EVP Products & Solutions at Fortinet. He has more than 20 years of experience in the telecommunications, IT Infrastructure, and security industries. Previously he held positions as general manager data center division and senior vice president core technology at Trend Micro. Before that John was senior director of product management at Lucent Technologies. He has lived and worked in Europe, Asia, and the United States. John graduated with a bachelor of telecommunications engineering degree from Plymouth University, United Kingdom.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights