Enterprise networks have undergone a huge degree of transformation over the past few years.
COVID-19 accelerated a rapid shift to cloud and SaaS applications, as IT staff scrambled to quickly connect remote users with the apps and data they needed. Perimeter-based security approaches quickly became insufficient, resulting in a complex patchwork of policies and software.
The impact is still being felt today, prompting many organisations to reimagine their network and security architecture with a Secure Access Service Edge (SASE) framework. SASE brings network and security functions together as cloud services that operate closer to users and devices.
Gartner research shows 80 per cent of SD-WAN deployments will incorporate security service edge requirements by 2024, up from less than 25 per cent in 2022. Taking advantage of this opportunity now gives organisations a competitive advantage and sets a solid platform for the future.
Rather than one specific toolset, SASE describes a framework that’s made up of multiple elements. In simple terms, SASE supports a customer’s need to securely connect users to applications based in the cloud, regardless of whether users are located inside the corporate network or remote.
Getting the most out of SASE will depend on current business priorities, technology investments and immediate pain points. More importantly, full adoption of SASE isn’t required. Business can adopt SASE in phases and plan their journey to maximize benefits. There are three core use cases for SASE architecture that are driving value for organisations.
1. Modernising WANs for cloud-first networks
With increased cloud/SaaS adoption, big data analytics, IoT, and distributed workforces, WANs need to be agile and highly scalable to account for rapidly changing business requirements and market dynamics.
Traditional WANs that rely only on fixed links with manual tuning are less flexible and can become a major strain on growth. Businesses looking to modernise and simplify their WAN infrastructure for more flexibility and to meet immediate business needs.
SD-WAN architecture uses policy-based routing through an orchestration layer that offers a much higher degree of agility, visibility, and control. It greatly reduces time to provision and time to market. Furthermore, SD-WAN architecture can incorporate cloud connectivity natively for a cloud-first network design.
Cloud adoption has been key technology driver over the past few years and will continue into the foreseeable future. Incorporating cloud connectivity natively into your WAN architecture will ensure continued longevity of your design.
2. Securing a remote and hybrid workforce
Hybrid working is here to stay. According to recent Omdia research, 58 per cent of employees says they will either be primarily home-based or will adopt a hybrid style, with 68 per cent of enterprises believing working remotely is improving productivity. While this has many advantages, a distributed workforce results in a distributed perimeter, making employees a more vulnerable to cyber attacks.
As technology architectures adapt to business priorities, organisations must ensure applications and data are accessed securely. That means applying security policies across users, devices, and locations to achieve data security and threat prevention across both ‘in-motion’ and ‘at-rest’ data.
SASE provides robust options to securing data. Organisations can combine Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Firewall-as-a-Service (FWaaS), Data Loss Prevention (DLP), and Remote Browser Isolation to maintain secure cloud apps and web traffic.
When these technologies are delivered as a single managed service, organisations get incredible capabilities to manage their end-to-end user experience all the while maintaining security.
3. Workforce Transformation with secure corporate access
While it’s important to maintain security standards for your remote workforce, it’s just as important to ensure staff can easily access the data and applications regardless of location.
It can be tough to do this in a secure way with a distributed perimeter, multiple hybrid cloud platforms and a remote workforce, especially when third parties are required to access applications located inside the corporate network.
The Zero Trust Network Access (ZTNA) framework and toolset enables this capability through client and clientless access to private web-based applications. As an alternative to remote VPN, ZTNA couples with other SASE technologies to ensure secure access into corporate networks where applications live behind corporate firewalls.
Extending the power of SASE through cloud posture & integration
As defined by Gartner, SASE provides a powerful framework for connectivity and secure access to applications. However, SASE implementations deliver the most value when designed to the needs of the organization. This may mean only adopting some SASE technologies or extending it through complementary capabilities. There are 2 examples of complementary capabilities worth mentioning.
Posture Management: Access to cloud-based applications is a core part of securing remote and hybrid workforces, with an emphasis on user level policies. SASE Security vendors have extended their capabilities to include posture assessments of Public Cloud and SaaS platforms. The Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM) solutions focus on securing Public Cloud & SaaS Platforms from misconfigurations created by inadequate change control. These tools continuously monitor configuration drift to identify and correct security holes.
Security Integrations: The mantra of defence-in-depth is well known to security professionals and still holds true today. SASE technologies are one part one part of the solution, but we can take it one step further. Security policies can link security events
from the integrated technologies such as email, endpoint detection response (EDR), identity and access management (IAM). This becomes a powerful engine for a tightly security architecture that secures users, applications, and data.
A SASE solution that works on your terms
Deploying SASE will look different for every business. One size does not fit all, each company will have a unique SASE Journey. Understanding your immediate business needs and planning your journey is an important first step to achieve any results. Companies must lean on their partners for advice on how SASE fits into their technology environment and where to start.