What is SASE?
Secure Access Service Edge, better known as SASE is a recently emerging term, coined originally by Gartner in 2019. SASE is the convergence of modern WAN services and network security services into a single cloud based service model.
SASE has emerged as a concept in a response to growing challenges of digital business transformation, edge computing and workforce mobility as organisations face increasing pressure to converge services in order to reduce complexity, improve speed and agility, enable multi-cloud networking and secure new SD WAN architecture.
With SASE representing an integration of multiple existing functions (like SD WAN and Security) into one system, & exporting some or all of that functionality to a cloud-based SaaS (Software as a Service) model, it seems apparent that this process doesn't actually represent new features or technology per se. So how much of a change is it really?
Securing the hybrid workforce with SASE
We've partnered with industry-leader Versa Networks to deliver a 4-step guide to getting the most out of a SASE deployment
With the advantage of hindsight, the preceding Software Defined Wide Area Networking (SD WAN) development was the biggest change at the underlying level. Turning private networking into an overlay function that was deployed independently of the underlying network layer, wrested control of the private network away from Telcos and threw the market open to a wider spectrum of players.
From there, the growth of security as a key feature-set was all but assured: SD WAN is after all a private network built on public internet connections.
The security industry has seen this consolidation before – ‘Next-Generation’ firewall and Unified Threat Management (UTM) trends saw what was once a range of separate security devices and functions merged into one platform. In fact, this was a ready-made integration stack that the security players could very easily slide into the SD WAN discussion.
Much of this core functionality had already been commoditised, which meant that it was relatively quick and easy for new players to also get on board. Hence a very rapid escalation that has seen the SD WAN marketplace begin to morph into the SASE marketplace.
However there is a tension here, which is where the cloud element comes in.
How can SASE help your business?
A SASE security model can help your business in many ways:
With infrastructure in the cloud, you are flexible to deliver and implement security services quicker and easier than ever before, including web filtering, DNS security and next-generation firewall policies.
Use a single platform to drasticallty reduce your costs and IT resources.
Reduce the complexity of your IT infrastructure by reducing the number of security products your internal teams have to manage and maintain.
With cloud infrastructure, you can quickly and easily connect to resources - with access to apps, internet and data available globally
A Zero Trust approach to the cloud removes trust assumptions when users, devices and applications connect. A SASE solution will provide complete session protection, regardless of whether a user is on or off the corporate network.
The role of cloud in SASE
As bandwidth requirements continue to grow, routing functions rely on the minimum possible packet processing for the maximum possible efficiency. From a security perspective, more and more advanced functionality requires more and more invasive examination and processing of traffic content (HTTPs decryption, IDS/IPS, Anti-Malware), turning all of this on can easily destroy routing performance on customer premises equipment (CPE) if it’s not appropriately dimensioned. In the cloud, providers have the flexibility and economies of scale to manage these processing challenges in a more effective, efficient and scalable manner. So whilst this doesn’t automatically mean that all security features have to move to the cloud, it’s no surprise that’s where the lion’s share seems to be headed.
Gradual change or evolution?
This didn’t all start with SASE. These fundamental performance conflicts, along with the diminishing importance of location versus the increasing importance of identity in security have been gradually pushing advanced security functionality into the cloud for years. For example, one of our key security partners at Colt is Zscaler, and they have been providing SaaS-based security services from the cloud since their inception in 2008, over a decade before the term SASE was first coined. Versa Networks will soon be celebrating their ten year anniversary and their founders saw the need to converge and integrate in the cloud and on-premises security, networking, and analytics within a single software operation system.
Many of the SASE providers still provide some of the more basic security features like stateful firewalling on the CPE. It makes sense for some of these features to remain within a CPE-based deployment model, particularly when you consider that they also provide some degree of LAN segmentation for East-West (within the site) traffic as opposed to just North-South (in and out of the site). You don’t necessarily want to push everything through the cloud if it’s not headed that way anyway.
When you weigh up all the evidence then, it seems that SASE is more of an evolution than a revolution. It does though still represent change – it’s a coming-together of many different strands, together with the potential for much greater flexibility in security deployment within one’s network.
With hybrid work set to stay for the long term and security threats only continuing to grow, every organisation should weigh it up and assess how it could work for them.
Protection for tomorrow's distributed workforce
One of the biggest barriers to success for a hybrid workforce is security. The balancing act is to enable easy access to the enterprise network from anywhere, without compromising network security. Deliver world-class secure access for the hybrid generation, and the generation to come.
How to secure a hybrid workforce with SASE
We know that the needs of IoT and edge computing will only increase the dependence on cloud-based resources, yet security remains tailored to on-premises enterprise data centres. With SASE, end users and devices can authenticate and gain secure access to all the resources they need, protected by security located close to them. Once authenticated, they have direct access which helps minimise any latency issues.
The objective of any SASE deployment is to deliver as secure a network as possible, available from a mix of locations. The ultimate goal is to be a sustainable long-term solution that can support working from home or office on a level playing field, allowing for seamless access to the network from anywhere and from any device without compromising the integrity of network or data security.
If a SASE deployment is to be a success, then it needs clearly defined objectives from the start. Without considering in detail what you want SASE to achieve, you might be on track for disappointment.
A SASE deployment is all about enabling businesses to activate secure connectivity wherever it is needed. How well defined is your business and network perimeter?
Organisations need to be planning for the long term and secure networks must be central to that process. We’re well beyond the early days of the pandemic when network technology rose to the challenge of keeping huge numbers of remote workers connected and operational.
Components of a SASE model
SD WAN 2.0
SD WAN 2.0 introduces a series of enhancements that align SD WAN to customers’ evolving network landscape. Looking beyond the pandemic, companies will need a long-term solution to address the needs of their growing remote workforce, including optimisation of cloud applications, securing the dynamic network edge, comprehensive insight of network activity, and the ability to scale quickly and efficiently.
As part of the SD WAN 2.0 experience, Colt is launching transformative new features to address these requirements; the WAN optimisation suite, advanced firewall enhancement, enhanced network insights, and an optional Self-Install CPE capability.
The WAN optimisation suite employs packet cloning and Forward Error Correction (FEC) techniques to enable end-users to experience improved quality and speed of mission-critical applications across their network.
Colt’s enhanced security at the network edge (SASE) offers 3-tier security across a customer’s WAN, LAN, and DMZ and is capable of supporting integrated Dynamic NAT and DDoS protection
Its new advanced analytics platform, powered by Artificial Intelligence and Machine Learning (AI/ML), empowers customers with greater depth and granularity in network reporting.
Colt’s Self-Install CPE feature offers an option for customers to enable Colt’s SD WAN service safely and rapidly with cost savings when compared with third-party installation in non-Colt countries.
Cloud security is a set of technologies and applications that are delivered from the cloud to defend against threats and enforce user, data, and application policies. It helps you better manage security by extending controls to devices, remote users, and distributed locations anywhere in minutes.
Zero trust network access
Zero trust network access verifies users' identities and establishes device trust before granting them access to authorised applications. It helps organisations prevent unauthorised access, contain breaches, and limit an attacker's lateral movement on your network.
SD WAN 2.0
Initially the service was launched to optimise traffic across MPLS and IP-based connectivity, and while that’s key – enterprises need more. Next generation SD WAN is now here and it’s utilising everything the cloud has to offer.