For much of the digital age, IT organizations have maintained networking and security as separate teams with different priorities, expertise and technologies. However, that approach is inefficient now that organizations must secure more devices and users across more locations. Perhaps that’s why organizations should look to combine networking and security with secure access service edge (SASE). Let’s explore the concept.
The Way it Was
Traditional security methods meant to protect a central data center cannot be easily extended to cloud instances, distributed architectures and remote workforces. That’s why more organizations are adopting SASE. This is an emerging architecture that tightly integrates LAN and WAN networking functions with cloud-delivered security services. Analysts say the SASE market is growing by more than 30 percent annually. Moreover, Gartner predicts 80 percent of companies will be using it by 2025.
Enforcing security policies in a work-from-anywhere world is challenging because IT lacks physical control over the work environment. Remote workers use various devices, services and applications and connect to many different networks, including home and public Wi-Fi networks.
How Combining with SASE Makes it Better
SASE — pronounced “sassy” — addresses this challenge by allowing IT administrators to centrally set and manage security policies for all areas of the distributed network through a single management console. Policies regarding application access, web security, compliance and more can effectively follow users, devices and applications across all network access points. Uniformly applying security measures reduces the potential for security gaps or inconsistencies.
SASE also uses identity-based security mechanisms to authenticate and authorize users and devices based on their identities rather than their IP addresses. This approach enables granular control over access privileges and allows security policies to be tailored to specific user profiles.
SASE solutions generally comprise the following major components:
- A software-defined wide-area network (SD-WAN) to securely connect users to apps and locations.
- Domain name system (DNS) layer security to block malware and prevent callbacks to attackers.
- Secure web gateways for detecting and filtering malware from Internet traffic.
- Firewall-as-a-Service (FWaaS) to provide visibility and control of Internet traffic across all ports and protocols.
- Cloud access security brokers (CASBs) that control access to cloud services.
- Zero trust network access (ZTNA) that requires strong authentication and authorization of devices and users.
Building the Best SASE Framework
Building a SASE framework with components from multiple vendors is possible but isn’t always advisable. Although it might avert vendor lock-in, a multivendor approach can also result in interoperability and support issues. A single-vendor solution is easy to implement, ensures seamless integration and eliminates complexity. That’s why Gartner predicts two-thirds of enterprises will use a consolidated SASE solution from a single vendor or two explicitly partnered vendors.
Even vendors specializing in best-of-breed solutions are developing single-vendor options for their customers. For example, Aruba originally designed its SASE solution to integrate with almost all major cloud security vendors. However, company officials recently said they are looking to invest more in their own security portfolio in order to offer customers a single-vendor option. Contact us to discuss your SASE roadmap.