Cybersecurity In-Depth

The Edge

SASE 101: Why All the Buzz?

Wide area networking and network security services unite to provide secure, cloud-based connectivity for enterprises' remote employees -- and these days that means billions of workers.

{image 3}

One of the pandemic's legacies could be the realization that companies can securely support a massive remote workforce. A recent study by the Harvard Business School and the University of Illinois found that, post-pandemic, 16% of companies will switch from having employees in professional offices to working at home at least two days per week.

Related Content:

Introducing 'Secure Access Service Edge'

ISP Security: Do We Expect Too Much?

Zero-Trust Security 101

But their ability to create an efficient, cost-effective, and secure network they can trust is an ongoing challenge. This has paved the way for a new category of network infrastructure technology Gartner has dubbed "Secure Access Service Edge" (SASE) – which combines wide area network (WAN) functionality with network security services to protect against cloud-enabled SaaS and Web threats.

What Is SASE?
Most enterprises with remote workers have implemented virtual private network (VPN) solutions. However, when deployed on a wide-scale basis, VPNs can suffer from scalability, availability, and performance issues. VPN servers under extreme loads can impact response time and user productivity. 

SASE (pronounced "sassy") provides network managers with another choice. SASE is built as the core network and security infrastructure of a business, rather than as a remote access solution. It incorporates software-defined wide area networking (SD-WAN) and zero-trust technologies, providing secure access to users from the cloud rather than their devices, as with a VPN. A SASE solution can include threat prevention, web filtering, sandboxing, DNS security, credential theft prevention, data loss prevention, and next-generation firewall policies.

In its 2019 report "The Future of Network Security Is in the Cloud," Gartner describes SASE capabilities as "delivered as a service based upon the identity of the entity, real-time context, enterprise security/compliance policies and continuous assessment of risk/trust throughout the sessions. Identities of entities can be associated with people, groups of people (branch offices), devices, applications, services, IoT systems or edge computing locations."

What Problems Could SASE Solve?
SASE solutions combine enterprise-class data loss prevention with secure access and advanced threat protection.

"The 'cloudification' of applications necessitated this type of security," says Rik Turner, principal analyst in Omdia's IT security and technology team. "It's all about access to applications."

As the number of remote workers steadily climbed this year, the security proposition SASE offers has shifted its perception from an "emerging" technology solution to a timely one.

"The overall numbers went from 12% to 15% of employees who had been working at home, and that quickly went to 100%, and now some of those won't ever return to an office," Turner says. "[SASE] is gaining a head of steam, turbocharged by COVID. And it is a convenient peg for these vendors to hang their hat on."

Vendors in the space are familiar names in network security, including Palo Alto Networks and Fortinet, as well as those providing network-as-a-service solutions, such as Cato Networks and NetFoundry.

What Should a SASE Vendor Provide?
If you decide a SASE is a good fit for your organization – or at least worth exploring – Turner suggests four guidelines when looking for a vendors:

1. They must own their network or contract with a substantial telecom network. They are delivering services over a network, which must, therefore, be rock-solid.

2. They must be a player in the software-defined wide area network (SD-WAN) world. SD-WAN makes it easier than traditional networking approaches to administer traffic across a network and provides a better user experience.

3. They must have network security chops, including expertise in intrusion detection, firewalls, content filtering, and secure web gateways. Those capabilities are necessary for offering security to branch offices.

4. They must adhere to a zero-trust concept: Never trust, always verify. No network user gets access to an application without verification.

As remote working continues, companies must pursue the latest methods to combat evolving security threats. SASE is one of the latest ways to combat threats inherent in a virtual work environment.