Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

2/22/2020
10:00 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

All About SASE: What It Is, Why It's Here, How to Use It

Secure Access Service Edge is a new name for a known and growing architecture designed to strengthen security in cloud environments.

Implementing SASE: One Company's Story
This is what Andrew Thomson, vice president of innovation and technology at BioIVT, was looking for when he was revamping network security two years ago. He wasn't specifically seeking SASE but wanted to find a more secure way to manage the network in the cloud. At the time, BioIVT was running on a network with several Cisco point-to-point connections, which connected sites together into a WAN. There were multiple points of entry through various Internet provider connections, and he wasn't sure how to support its growth.

"We were kind of at a crossroads," Thomson says. "How do we manage this growing network and how do we manage our security game?" The search turned to SD-WAN providers, which were focused on this type of service.

He found disparate tools but wasn't enthusiastic about working with several partners. "I didn't want to have to go find different vendors … didn't want a network monitoring vendor, and a new firewall vendor. Being able to select a SASE model, [we have] one vendor handling all that for us."

BioIVT needed to maintain connectivity throughout the implementation process and was able to structure the integration as it ran in parallel alongside its existing network. Since then, he's noticed some unexpected benefits to the new approach. The company has been able to stick with the same vendor (Cato Networks) without additional monitoring or staffing, a perk because it hasn't required a learning curve for security employees. Since its implementation, BioIVT has grown from eight locations to 17, and a preconfigured device can be shipped to each new site.

To SASE or Not to SASE?
There are several reasons why an organization might adopt a SASE model and many reasons why they might hold back. Companies that choose SASE are driven by a set of factors: They don't want to run their own hardware anymore; they don't want traffic backhauled to the data center before it goes to the Internet; they don't want end users unsecured when not on a VPN.

If your firewall is about to expire, for example, you might consider a SASE-based approach rather than investing in new hardware, Cross notes. Perhaps you're opening a new office and it would be easier to connect using a service-based security model. Or maybe you're in the M&A process and need stronger control over a new company's security processes and infrastructure. Distributed workforces, branch offices, and retail stores are also scenarios where SASE fits in.

When Cato Networks started, only the smallest businesses were looking for a SASE model, says Greenfield. Mid- to low-end enterprise users often didn't have the staff to manage a lot of complex infrastructure. Now, even the largest enterprises are adding SASE to 50–70 sites. Security has grown so complicated that most organizations don't have the resources to manage it.

"It doesn't matter how big you are but how old you are and how your IT works," Cross says. Businesses born in the cloud will have an easier time adopting SASE, but the reality is that most are not starting from scratch. And there are some industries that will always need on-premises IT infrastructure: manufacturing facilities, hospitals, and retail sites all need hardware on-site. 

The Future of Cloud Security?
There has been a "significant uptick" in interest in solving this problem over recent months, says Cross, and as a result, multiple vendors are tackling the issue from different directions. Vendors like Cato Networks, Zscaler, Forcepoint, OPAQ, and Symantec for a while had a managed WAN or proxy type of service they're starting to extend, says Rothman. Meta Networks, another, was acquired by Proofpoint — an early sign of consolidation in the space.

While adoption has grown, it's unclear if or when SASE will reach the widespread popularity of cloud storage and apps. Some organizations remain hesitant, a common mentality when cloud computing started to emerge. "When IaaS began, a lot of people were like, 'We're not going to move our workloads to the cloud — we're not going to trust cloud providers,'" says Cross.

Consider the millions of workloads in platforms like Amazon Web Services and Microsoft Azure, he continues, and think about how much weaker their security would be if each organization had handled their security on their own. It's the same situation with security-as-a-service: Outsource to people who can securely manage the infrastructure — they will be more successful.

"This will be proven out over time, just as with the cloud," Cross says.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "10 Tough Questions CEOs Are Asking CISOs."

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
johncarterr
50%
50%
johncarterr,
User Rank: Apprentice
3/5/2020 | 3:50:01 AM
thanks
the term SASE in its 2019 networking hype cycle, but it's not a novel practice. Rather, it's a new name for a tactic that organizations have been adopting as they navigate new security hurdles amid the transition to cloud- and mobile-intensive environments.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management Strategist,  5/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13485
PUBLISHED: 2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
CVE-2020-13486
PUBLISHED: 2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.
CVE-2020-13482
PUBLISHED: 2020-05-25
EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.
CVE-2020-13458
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
CVE-2020-13459
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.