Getting SASE - The Future of Network Security is in the Cloud

One of our Senior Account Director's, Steve Wood, shares his thoughts on SASE

"The Future of Network Security is in the Cloud" so say Gartner in a recent white paper and on balance, we agree with them.   

For the past 10-15 years we have been punching more and more holes through our perimeter defences to the extent that trying to maintain this choke point to apply any meaningful security policies leaves us with several blind spots.   

Notably we saw a huge shift in user’s expectations on how they expected to interact with data back when the iPhone launched in 2007 and the days of IT controlling the end to end device to data were changed forever.  More recently as most organisations march to “everything as a service” even the traditional data centre model is evolving.  It’s little surprise then that for a user, on a device they own, accessing data delivered by a cloud provider, the traditional legacy network security approach can be somewhere between ineffective and irrelevant.  Users are spending less time on a corporate network, as the way they interact with data has changed and this is expected to evolve at pace once 5G is widely available. 

So how to address this seemingly constantly shifting dilemma.  Enter stage Secure Access Service Edge (SASE) (pronounced Sassy so easily memorable). 

What is SASE?

The SASE marketplace is the convergence of wide area networking (WAN) providers delivering SD-WAN, CDN, Network as a Service and Network Security providers who offer Secure Web Gateway, CASB, FWaaS, Zero Trust packaged as a single cloud service. 

The advantage to this approach is that policy and protection is focused on sessions or users, removing the blind spots and simplifying management by allowing more across the board control irrespective of where the user connects, on what device and where the data resides that they’re accessing. 

Benefits of SASE 

Reduced complexity and costs 

Consolidating security and networking to a single service will help organisations by reducing the number of vendors they have to manage, the number of appliances and endpoint agents and overcome traditional security siloes.  As more features are enabled with the SASE provider the comparative costs associated with deploying new solutions and ongoing maintenance would also be expected to be reduced. 

Improved Performance  

By deploying through a SASE provider, you will benefit from their high bandwidth, optimized global networks meaning user experience shouldn’t be hindered irrespective of where they attempt to connect to data and utilize services such as VoIP and web conferencing.  

 

Improved Security 

Many SASE providers will enable Zero Trust, granting access based on the Identity of the user, the device and the application simplifying policy management.  Other services include end to end encryption of the entire session to protect when the user connects in an untrusted environment, content inspection to identify sensitive data and apply appropriate policies, malware and threat detection/prevention, WAF/WAAP and DNS protection. 

Improved Effectiveness of Security and Network staff 

This is a common upside anyway to deploying cloud services as staff’s time isn’t taken up performing routing tasks such as upgrading and patching however by consolidating more to SASE will also mean there are less vendors to manage and a more common interface across what were traditionally multiple different systems. 

Conclusion 

While most of the technologies that make up SASE aren’t new, the concept for a single vendor offering all of these features is still relatively new, so were not quite at the point (and we’re definitely not recommending) that you should ditch all of your traditional network and security vendors and jump wholesale on to a SASE service.  That said, if you are working on projects that include some of these areas, it’s definitely worth reviewing your roadmap and areas that may also be delivered by this type of service and reviewing the market with an eye on the future. 

In addition, no one provider seems to tick every box just yet however a handful do have pretty comprehensive portfolios and we expect a lot of activity in this space as vendors race to improve their offerings.  We are also seeing some vendors tenuously aligning themselves to SASE to ensure they’re cited when this area is discussed, that means you may need to filter through the noise a bit when reviewing which is unlikely to make the selection process any more straightforward.   

All that said, we definitely see more merit than drawbacks with the SASE model and it certainly addresses a number of concerns and issues that our customers are seeing as they attempt to keep pace with fast moving user expectations for working practices, managing security threats and ensuring that security is an enabler to the business.