| 15 min read
SASE explained
A comprehensive overview for modern network security.
What is SASE?
SASE is a cloud-based framework that seamlessly integrates software-defined wide area networking (SD-WAN) and Zero Trust security solutions, a next iteration of network security that mitigates security concerns associated with local breakouts and numerous network access points by de-centralising network security.
Here's what you need to know:
- SASE grants access based on user and device identities. Authentication and authorisation play a central role
- Users and endpoints are securely connected to apps and resources, regardless of their physical location
- Both infrastructure and security solutions are delivered via the cloud
- This flexibility allows for scalability, agility and efficient resource utilisation
- SASE safeguards every edge, including physical, digital and logical boundaries
- Whether its a remote worker, branch offce or IoT device, SASE ensures consistent security
- Users are secured anywhere they work, whether in the office, at home, or on the go
- SASE eliminates the need for backhauling traffic to traditional data centres for security inspections
Key components of SASE:
Traditional CPE’s consist of specialized hardware devices to perform dedicated functions. These hardware-based functionalities are known as Physical Network Functions. These consist of provider-owned, specialized hardware devices, such as a device for Firewall from Palo Alto, a router from Cisco and a switch from Juniper, which are then deployed to a customer premise, or a data centre.
In the past, this would mean that businesses would need multiple devices on site, helping them move data from one end to the other safely and correctly.
Having to comply with these kind of hardware devices and this model of working can be a challenge for a business. For example, opening a new office, or simply adding a new network function, would involve:
SD-WAN creates virtual connections between endpoints (both physical and logical), optimising user traffic by providing near unlimited paths, enhancing user experience
FWaaS moves firewall protection to the cloud, extending security beyond the organisation's geographic footprint. Remote and mobile workers connect securely to the corporate network while adhering to consistent security policies.
Secure Web Gateway filters unauthorised web traffic before it reaches the network perimeter. Technologies like malicious code detection, malware elimination and URL filtering enhance security.
Zero Trust Network Access ensures trust is never implicit. Access is granted on a need-to-know basis. All users, devices, and applications undergo continuous validation before accessing private resources.
NETWORK MANAGER'S GUIDE TO SASE
Stay secure beyond borders
With employees working remotely and critical systems moving to the cloud, traditional network perimeters have exploded and businesses need to stay secure beyond borders to enable success. Download the guide to discover a guide to SASE implementation, to help you find the right pathway for your business.
How does SASE compare to traditional network security solutions?
1. The location of the security perimeter
2. Network Architecture
3. Security Services
4. Authentication
5. Flexibility
6. Scalability
7. Cost model
In summary, SASE provides a more adaptive, cloud-based and holistic approach to network security. It assists enterprises in staying ahead of new threats while simplifying their security landscape. However, the choice between SASE and traditional security depends on specific organisational needs and priorities.
The History of SASE
The term itself it still fairly new. It was coined by Neil MacDonald and Joe Skorupa at the analyst firm Gartner in 2019.
They initially explained that it represents an integration of multiple existing functions (like SD WAN and Security) into one system, which also involves exporting some or all of that functionality to a cloud-based SaaS (Software as a Service) model.
This turned private networking into an overlay function that was deployed independently of the underlying network layer, which threw the market open to a wider spectrum of players. The security industry has seen this consolidation before – ‘Next-Generation’ firewall and Unified Threat Management (UTM) trends saw what was once a range of separate security devices and functions merged into one platform.
When you weigh up all the evidence then, it seems that SASE is more of an evolution than a revolution. It does though still represent change – it’s a coming-together of many different strands, together with the potential for much greater flexibility in security deployment within one’s network.
How to get the most out of a SASE deployment:
The objective of any SASE deployment is to deliver as secure a network as possible from a mix of locations. To help network managers get there, here are four essential considerations in order to get the best results:
A common objective for SASE is to replace a disorderly jumble of disparate solutions with simplicity and manageability. Many organisations currently struggle with a messy mix of security appliances and point solutions, provisioned at different times by different departments and with different needs in mind. The right SASE solution will replace this with secure network access of a uniform quality at all end points. It functions, if done right, as a single pane of glass offering a full view of your network.
You will also need to decide how you want to deploy SASE. You might have in-house IT expertise on hand to make your choice of SASE solution work. Or you might prefer to turn to a partner to deliver it as a managed service. Doing it this way means you can rely on ongoing support to ensure day-today operational success. Your partner will be part of ensuring that your network is able to grow and evolve along with your business requirements. A partner can also help you navigate the increasingly complex network environment in which we all find ourselves.
You will also need to give thought to capital and operational costs. What is the best way to balance increasingly complex networking requirements with budgetary constraints? What returns can you expect from an outlay on SASE if you buy your own solution? How might the alternative of a managed SASE service help with cost of ownership and return on investment?
Critical questions to ask:
A SASE deployment is all about enabling businesses to activate secure connectivity wherever it is needed. With a hybrid workforce, the perimeter of your business is no longer fixed and defined. It will embrace remote locations and on-prem ones. It might be in the cloud, out in the field, or a combination of all these. All enterprises will have different types of requirement that must be considered before SASE can be effective.
You need to understand where your users are, how they’re connecting and which devices they’re using. It will also be necessary to define their access profile. The inherent attributes of SASE makes this easier than with legacy security methods. Remember that SASE security is policy-driven, and not contingent on the location of the user. It is also open to a range of different device types. Access and security are based on a user’s identity rather than a physical IT-controlled device or network access point. SASE offers flexibility in where and when security services are applied, and meshed traffic patterns are handled with efficiency. You will need a handle on what security you already have in place, and how that might fit with SASE. You must consider the security requirements of individual applications too, and have an idea of their performance needs, mapped by location groups.
Critical questions to ask:
Organisations need to be planning for the long term and secure networks must be central to that process. We’re well beyond the early days of the pandemic when network technology rose to the challenge of keeping huge numbers of remote workers connected and operational. Looking ahead, the challenge is no longer about a quick fix to get us through an emergency.
The short-term solutions put in place at the beginning of the pandemic, like legacy VPN connections, will not be up to supporting the complexities of hybrid work. Older solutions, created before the cloud era, will not protect against latest threats, and are difficult to scale and expensive to operate. These drawbacks will inevitably have a negative impact on network performance. New approaches and new technologies are needed, either to replace all older solutions wholesale or perhaps just to manage them better under a single platform. This is where a managed SASE solution can fit in.
Critical questions to ask:
Not all SASE solutions are the same. A common pitfall is to invest in SASE that is made up of many different bits and pieces, only superficially united under one fabric. It is important to ask if the solution you have in mind follows the Gartner guidelines:
- Can it be delivered as a managed service?
- Is it designed for the cloud from the ground up by people who fully understand the needs of the cloud?
- Does it offer a truly integrated approach based around a single dedicated platform?
SASE with the right qualities is a sustainable solution that is secure and scalable – both in terms of the number of end points and geographic reach – as well as cost-effective, easy to manage and quick to set up. All in all, it should provide a good experience for many different types of end-user. SASE must provide policy-based, software-defined access to work with the most fluid of network fabrics. It should let network managers and security professionals specify the level of performance, reliability and security of every network session, based on identity and context. It must define and control all the dynamic access requirements that digital transformation entails, allowing secure connectivity between a variety of distributed users, locations and cloud-based services. If it doesn’t do all this it is not true SASE, and may well end up as an expensive headache.
Deliver world-class secure access for the hybrid generation.
Colt has formed a partnership with leading SASE vendor Versa Networks to deliver a truly integrated approach to networking and security. Colt’s global next generation network and leadership in the SD WAN market has been teamed with VOS™ (Versa Operating System) to answer the needs of today’s hybrid working patterns.
The latest Remote Access feature, one of the first to be based on Versa SASE, builds on the success of Colt’s award-winning SD WAN service to allow remote access without compromising network security, integrity and performance, and is based on an easy-to-scale, cost-effective model. Colt and Versa offer SASE connectivity that is built from the ground up as a true enterprisegrade solution. The result is a wide global footprint combined with massive bandwidth and a software layer designed for both networking and security. As the market continues to evolve, it’s important to have a partner with a strong roadmap. Colt and
Versa together have the resources and skills to make connectivity both secure and future proof
Recommended solutions:
Colt SD-WAN
SD-WAN is a more intelligent, software defined way to build a WAN. See why 93% recommend our award-winning SD-WAN solution.
Colt Edge Compute
On-premise Edge compute, bringing the power of the cloud closer.
NETWORK MANAGER'S GUIDE TO SASE
Stay secure beyond borders
With employees working remotely and critical systems moving to the cloud, traditional network perimeters have exploded and businesses need to stay secure beyond borders to enable success. Download the guide to discover a guide to SASE implementation, to help you find the right pathway for your business.
