Secure Access Service Edge (SASE) represents the dawn of a new era for enterprise security. Since its introduction by Gartner analysts Neil MacDonald and Joe Skorupa, SASE has been hailed as the future of network connectivity. Data centers were the go-to solution for WAN connectivity and security in the past. However, with the proliferation of cloud-based solutions combined with an untethered work environment, the traditional network security we were familiar with is no longer a viable option. SASE addresses these issues by providing an approach to combine network connectivity and network security functions. On the endpoint side, this aids in delivering a cloud-native solution to WAN security that eliminates the requirement for security to be run through a centralized data center.
SASE has been gaining traction since its establishment in 2019; nevertheless, we saw an accelerated increase in the SASE market in the aftermath of the worldwide pandemic. On-premises solutions and networks with perimeters started to make no sense when the whole workforce was scattered worldwide. SASE solves this by bringing security to the user via the cloud, making it one of the most promising examples of edge computing. As a direct result of the pandemic, the worldwide SASE market, which was already gaining steam, experienced exponentially accelerated growth almost overnight. According to the Dell’Oro group, the SASE industry will rise to $5 billion per year by 2024.
Why SASE Is the Next Big Thing in Network Security
SASE brings a lot to the table. At its core, it’s a unified platform converging network as a service (NaaS) and security as a service (SECaaS). Apart from Zero Trust Network Access (ZTNA), the popularly known capability of SASE architecture, Gartner has identified software-defined WAN (SD-WAN), secure web gateway (SWG), cloud access security broker (CASB), and firewall as a service (FWaaS) as the other four core capabilities of SASE. That being said, SASE is not just an amalgamation of the previously mentioned acronyms; a SASE portfolio could include any networking or security feature that can be deployed through the cloud, on-prem, or even a hybrid version of the two.
The most transparent benefit of such architecture is on the management front. A single SASE solution can substitute for multiple solutions with minimal integration and provide a solitary console to configure, manage and report on your entire network and security infrastructure. Beyond the ease of management, SASE addresses most of today’s networking and security hurdles when appropriately deployed.
SASE is a solid solution for networking and network security, but at the same time, it is flexible. Essentially, it means that SASE does not represent a definite set of solutions. Instead, each organization must examine which applications and services they require on the NaaS and SECaaS fronts. The true beauty of this flexibility lies in its deployment process. As SASE consists of multiple applications and services focusing on different aspects of network or security, a complete deployment of all these capabilities together is not necessary. Instead, according to individual use cases, SASE can be gradually deployed one service at a time based on individual preferences. Moreover, each branch office of a business can configure the depth to which SASE is deployed. For example, an organization’s headquarters may need more services than one of its branch offices. While the cloud nature of SASE makes the provisioning of new branches significantly more effortless, the scalability is also flexible. It can be turned up or down based on the deployment location.
The digital transformation of the workplace has been growing for a long time. Cloud adoption plays a significant role in it and, based on research by Gartner, is at an all-time high. A considerable part of SASE was designed based on the rise of cloud-native applications. Traditional data centers aren’t designed to include today’s cloud-based solutions. Applications like G-Suite and office 365 were already provisioned through the cloud. The inclusion of software-defined WAN (SD-WAN) eliminates the need to use slower WAN technologies like MPLS. In addition to securing cloud topology, SD-WAN avoids hair-pinning through these stacks or data centers, reducing latency and providing faster connectivity. Using SD-WAN instead of private MPLS networks also provides the added benefit of being significantly cheaper.
When Gartner first introduced SASE back in early 2019, they were oblivious to their powers of prophecy. Six months afterward, when the coronavirus first appeared and work turned remote, the relevancy of SASE took a huge step forward. Employees require access to business resources and apps even if they work from home. This is where one of SASE’s most essential features comes into play. Zero trust network access (ZTNA), as the name suggests, trusts no one. There is authorization at every stage to proceed to the next, thereby adding extra layers of security. This reduces the vulnerabilities caused due to working from a home network by using a trusted broker to identify and authorize users continuously. ZTNA also prevents lateral movement inside the network, hides company assets from public view, and minimizes the attack surface area.
Zero trust and SASE are two of the most buzzing trends in cybersecurity recently. Both of them, lauded as the future of enterprise security, are closely linked. Although zero trust is an expansive architecture including several services, SASE helps enterprises build towards the overall idea. ZTNA is a crucial part of enabling a zero-trust environment and, for many organizations, is a significant spending point within SASE. Organizations heading towards a zero-trust paradigm could use SASE as an enabler for what they are trying to achieve.
How Can Companies Assess Whether They Are SASE Ready?
Even before SASE arrives, IT admins will have had policies that meet their regulatory, security, and business requirements. It’s wasteful and time-consuming to rewrite these policies, which were already in compliance with privacy legislation like the GDPR or the CCPA. Moreover, it will also make years of work redundant. So, when looking for a SASE solution, make sure that it can be seamlessly incorporated with the existing policies.
As SASE is made of a collection of existing services, the actual value of SASE only comes out when these solutions are integrated in such a manner to reduce the overall complexity of using them individually. Preferably security firms with a proven track record and a strong network foundation should be able to converge different SASE solutions successfully.
Most big enterprises will already be using most of SASE’s services like SD-WAN, CASB, FWaaS, etc. As a result, choosing another full-stack vendor might not be needed. A full-stack vendor offers all the five core capabilities of SASE, leading to better integration. Large enterprises with SASE services already deployed individually should ask the question of whether their existing solutions can be used to run their own SASE architecture. Granted, integration would be less, but SASE is still in its nascent stage, and many full-stack vendors offering a complete SASE are still shy of true convergence.
The scenario is different for mid-market and smaller enterprises. For example, such companies might not have dedicated teams for networking and security. In such cases, using a full-stack vendor to deploy a unified solution is a more viable option. Three leading full-stack vendors appearing in both Gartner’s SSE magic quadrant and WAN edge magic quadrant are Versa, Cisco, and Palo Alto Networks.
Beginning the Journey to SASE Deployment
As SASE can be deployed in layers, the question then becomes where to start. One approach would be to start with one of the most vital foundational subsets of SASE, SD-WAN, a significant priority for most customers dipping their legs in SASE waters. It serves as an on-ramp to many SASE services, so it’s a comfortable place to start. If SD-WAN is a top priority in your SASE solution, I recommend choosing an established NaaS provider who has evolved to supply SASE. Ideally, these providers should have a proven track record of SD-WAN deployment with a network of POPs placed globally to connect the distributed workforce and ensure increased connectivity, reduced latency, and reliability.
As SASE is based on identity, a different approach would be to start with a network access solution like ZTNA to concentrate on user identification and authorization first. ZTNA works on the idea of never trusting and always identifying and is a reliable solution to provide security by restricting users to only what they need. ZTNA will examine a user’s identity, context, and policy adherence before granting access to other SASE capabilities or even other company resources.
After implementing either one of the above foundations, other features, including other core capabilities, can be added on top of it.
Challenges Along the Way to SASE
The idea of a unified solution overseeing all networking and security functionalities seems like a modern-day Elysium. Nevertheless, enterprises not equipped to deal with the paradigm shift accompanying the deployment of a SASE architecture may face some obstacles along the way.
The converging of network services and security services into a single solution will need a drastic rearrangement of the existing corporate structure. Traditionally, network and security teams have operated independently, concentrating on their own areas of competence. In the same manner that SASE converges network and security functions, a shift to SASE will require enterprises to converge their network and security teams. Teams in these settings have most likely reached a peaceful fellowship over time through working in close proximity yet independently. An overnight congregation between the two in such a manner might upend both of their worlds. It will be a completely different experience that will need teams to relearn the art of collaboration.
SASE’s genuine worth rests in its dynamic and adaptable service approach. It unifies all network and security activities and gives businesses the flexibility to expand features as needed. Coupling it with a proper unified endpoint management solution and a secure endpoint security solution will establish an authentic zero-trust architecture. The SASE solution monitors whether the device fits the business’s policy criteria and will want to know whether there were any strange behaviors on the device or an application running on it. This visibility into the device is possible through integrations with endpoint management solutions. Together, they provide a suit of armor that envelops all endpoints, data, and networks in a corporate environment.
Considering the centralized, cloud-native, and distributed architecture of SASE, it is no surprise that Gartner predicts that at least 50% of businesses will have clear SASE plans in place by 2025. Of course, it’s wishful thinking to imagine that today’s cybersecurity conundrums could be solved through a single solution. However, SASE is proving to be a genuinely transformative solution that revolutionizes the realms of network connectivity and security.