What is SASE?

With the advantage of hindsight, the preceding Software Defined Wide Area Networking (SD WAN) development was the biggest change at the underlying level.  Turning private networking into an overlay function that was deployed independently of the underlying network layer, wrested control of the private network away from Telcos and threw the market open to a wider spectrum of players.

From there, the growth of security as a key feature-set was all but assured: SD WAN is after all a private network built on public internet connections.

The security industry has seen this consolidation before – ‘Next-Generation’ firewall and Unified Threat Management (UTM) trends saw what was once a range of separate security devices and functions merged into one platform.  In fact, this was a ready-made integration stack that the security players could very easily slide into the SD WAN discussion.

Much of this core functionality had already been commoditised, which meant that it was relatively quick and easy for new players to also get on board.  Hence a very rapid escalation that has seen the SD WAN marketplace begin to morph into the SASE marketplace.

However there is a tension here, which is where the cloud element comes in.

This didn’t all start with SASE. These fundamental performance conflicts, along with the diminishing importance of location versus the increasing importance of identity in security have been gradually pushing advanced security functionality into the cloud for years.  For example, one of our key security partners at Colt is Zscaler, and they have been providing SaaS-based security services from the cloud since their inception in 2008, over a decade before the term SASE was first coined. Versa Networks will soon be celebrating their ten year anniversary and their founders saw the need to converge and integrate in the cloud and on-premises security, networking, and analytics within a single software operation system.

Many of the SASE providers still provide some of the more basic security features like stateful firewalling on the CPE.  It makes sense for some of these features to remain within a CPE-based deployment model, particularly when you consider that they also provide some degree of LAN segmentation for East-West (within the site) traffic as opposed to just North-South (in and out of the site).  You don’t necessarily  want to push everything through the cloud if it’s not headed that way anyway.

When you weigh up all the evidence then, it seems that SASE is more of an evolution than a revolution. It does though still represent change – it’s a coming-together of many different strands, together with the potential for much greater flexibility in security deployment within one’s network.

With hybrid work set to stay for the long term and security threats only continuing to grow, every organisation should weigh it up and assess how it could work for them.

We know that the needs of IoT and edge computing will only increase the dependence on cloud-based resources, yet security remains tailored to on-premises enterprise data centres. With SASE, end users and devices can authenticate and gain secure access to all the resources they need, protected by security located close to them. Once authenticated, they have direct access which helps minimise any latency issues.

The objective of any SASE deployment is to deliver as secure a network as possible, available from a mix of locations. The ultimate goal is to be a sustainable long-term solution that can support working from home or office on a level playing field, allowing for seamless access to the network from anywhere and from any device without compromising the integrity of network or data security.

SD WAN 2.0 introduces a series of enhancements that align SD WAN to customers’ evolving network landscape. Looking beyond the pandemic, companies will need a long-term solution to address the needs of their growing remote workforce, including optimisation of cloud applications, securing the dynamic network edge, comprehensive insight of network activity, and the ability to scale quickly and efficiently.

As part of the SD WAN 2.0 experience, Colt is launching transformative new features to address these requirements; the WAN optimisation suite, advanced firewall enhancement, enhanced network insights, and an optional Self-Install CPE capability.

The WAN optimisation suite employs packet cloning and Forward Error Correction (FEC) techniques to enable end-users to experience improved quality and speed of mission-critical applications across their network.

Colt’s enhanced security at the network edge (SASE) offers 3-tier security across a customer’s WAN, LAN, and DMZ and is capable of supporting integrated Dynamic NAT and DDoS protection

Its new advanced analytics platform, powered by Artificial Intelligence and Machine Learning (AI/ML), empowers customers with greater depth and granularity in network reporting.

Colt’s Self-Install CPE feature offers an option for customers to enable Colt’s SD WAN service safely and rapidly with cost savings when compared with third-party installation in non-Colt countries.