Cloud services and networking are driving the concept of digital businesses, yet traditional networking and cybersecurity architectures are far from meeting the demands of the digital business.
Gartner’s “The Future of Network Security Is in the Cloud” report spells out the potential for the transformation of networking and security in the cloud, built upon a new networking and security model. That model is called Secure Access Service Edge (SASE), a term coined by Gartner’s leading security analysts Neil MacDonald, Lawrence Orans, and Joe Skorupa.
Gartner claims that SASE has the potential to invert the established networking and security service stack from one based in the data center into a design that shifts the focal point of identity to the user and the endpoint device.
SASE addresses the numerous problems that have been discovered with traditional cybersecurity methods used in the cloud. Many of those problems have roots with the ideology that network security architectures must be placed at the center of connectivity in the data center.
Those legacy applications of network security cannot efficiently support newer networking ideologies and use cases, such as the shift to dynamic services, software as a service (SaaS) applications, and the growing trend of enterprises needed to work with distributed data.
Traditional network and network security architectures were designed for an era where the enterprise data center was the physical center of access requirements for users and devices. A model that worked relatively well until the push for digital transformation drove new requirements.
With enterprises embracing digital business processes, along with edge computing, cloud services, and hybrid networks, it became evident that traditional networking and security architectures were beginning to fail on multiple fronts.
The overall complexity of traditional architecture introduced problems such as latency, networking blind spots, excessive management overhead, and the need for constant reconfiguration as services changed. The SASE model eliminates those problems by reducing networking complexity and shifting the security process to where it can do the most good, the network edge.
As an emerging, disruptive technology, Gartner has doubled down on the importance of SASE, as evidenced by Gartner’s “Hype Cycle for Enterprise Networking, 2019” report, which presents SASE as so strategic that the technology earned the label “transformational.” The report also establishes sample vendors and the critical elements of SASE.
What Exactly is SASE?
As defined by Gartner, the SASE category consists of four main characteristics:
- Identity-driven: User and resource identity, not simply an IP address, determine the networking experience and level of access rights. Quality of service, route selection, applying risk-driven security controls — all are driven by the identity associated with every network connection. This approach reduces operational overhead by letting companies develop one set of networking and security policies for users regardless of device or location.
- Cloud-native architecture: The SASE architecture leverages key cloud capabilities, including elasticity, adaptability, self-healing, and self-maintenance, to provide a platform that amortizes costs across customers for maximum efficiencies, easily adapts to emerging business requirements and is available anywhere.
- Supports all edges: SASE creates one network for all company resources—data centers, branch offices, cloud resources, and mobile users. For example, SD-WAN appliances support physical edges while mobile clients and clientless browser access connect users on the go.
- Globally distributed: To ensure the full networking and security capabilities are available everywhere and deliver the best possible experience to all edges, the SASE cloud must be globally distributed. As such, Gartner noted, they must expand their footprint to deliver a low-latency service to enterprise edges.
Ultimately, the goal of a SASE architecture is one of making secure cloud enablement easier to accomplish. SASE provides a design philosophy that eliminates the traditional methods of stitching together SD-WAN devices, firewalls, IPS appliances, and numerous other networking and security solutions. Instead, SASE replaces that mish-mash of difficult to manage technology with a secure, global SD-WAN service.
Available SASE Services
Gartner acknowledges that the SASE market is in flux, with no one vendor offering the entire SASE portfolio of capabilities. Some vendors, such as ZScaler, offer firewall as a service but lack the SD-WAN capabilities (and other security capabilities) required by SASE. Other vendors offer security as an appliance but not in a cloud-native, global network.
About the closest to a functioning SASE service that I’ve seen is from Cato Networks. Cato Networks provides a global private backbone (50+ points of presence (PoPs) at last count). The PoPs run Cato’s own cloud-native architecture that converges networking and network security. The Cato software is a single-pass, cloud-based architecture. All network optimizations, security inspection, and policy enforcement are done with rich context before forwarding traffic onto its destination.
images from Hacker News