Security
Because of all the buzz around SASE, many “SASE vendors” are marketing solutions that have features found in SASE. However, most of these solutions miss the mark when it comes to achieving SASE’s promise of a holistic and converged network security solution. Here, we’ll look at what is not SASE to help identify what value SASE vendors should deliver to enterprises:
In some contexts, SASE is viewed as the next generation of SD-WAN. From the perspective of bringing agility and convergence to network infrastructure, it’s understandable why the comparison gets made. In fact, the ability to optimally route traffic and abstract away the underlying physical medium (which are core benefits of SD-WAN) is an important part of SASE.
However, SD-WAN alone is only a piece of a broader solution SASE vendors should provide. Further, not all SD-WAN implementations are created equal. For example, SASE aims to support all network edges (WAN, edge computing, cloud computing, and mobile), but with many SD-WAN appliances, mobile support is lacking or non-existent.
As with SD-WAN, there are many security features that are important parts of a SASE solution. Examples include IPS (intrusion prevention system), NGFW (next-generation firewall), and SWG (secure web gateway).
Since identity-driven security and cloud native architecture are key characteristics of SASE, it may be easy to buy into the idea that a feature rich cloud-based firewall can serve as a method to implement SASE. However, in practice, this doesn’t work out well. Security is only half SASE architecture, and a cloud-based firewall and IPS alone can’t help with routing and WAN optimization at a global scale.
Again, as with SD-WAN the benefits of these technologies make them an important part of SASE, but even while bundled-together they are not in and of themselves SASE.
The SD-WAN functionality that enables agile and efficient routing is an important part of SASE. Similarly, security features such as IPS, SWG, and NGFW are an important part of SASE. However, simply deploying appliances and solutions from “SASE providers” that check all the boxes of the SASE feature set won’t deliver the promise of SASE.
This is because creating a patchwork of network and security appliances and cloud solutions simply can’t provide the agility, visibility, simplicity, and performance a single converged solution can. Sourcing, deploying, managing, and integrating multiple products not only drives up costs, but it also increases network complexity.
As a result, a patchwork of solutions that look good on paper often create operational bottlenecks and security oversights at scale. While some may argue for shifting the complexity to a service provider, this doesn’t resolve the underlying issues and often leads to higher costs for sub-optimal performance.
Running virtual appliances on an edge device reduces the hardware footprint but does little for operational costs. Appliances still need to be deployed, integrated, upgraded, deployed, and maintained. The underlying silos and complexity don’t go away.
True SASE platforms eliminate the appliance form factor. Functions are delivered as a multi-tenant, cloud-native platform. SASE providers manage and maintain the underlying platform for the benefit of all customers. Neither the enterprise nor the provider incur the operational overhead of managing appliances.
SASE combines software-defined wide area networking (SD-WAN) capabilities with a number of network security functions, all of which are delivered from a single cloud platform. In this way,
SASE enables employees to authenticate and securely connect to internal resources from anywhere, and gives organisations better control over the traffic and data that enters and leaves their internal network.
SASE includes four core security components
The resulting converged cloud service is substantially more efficient than building your own SASE using manually integrated, separate cloud-based technologies.
Minimize inefficient traffic with efficient intelligent and secure direct-to-cloud access.
Protect remote sites via SD-WAN using industry standard Dynamic IPSec and GRE protocols leveraging SD-WAN technology that connects office sites to cloud resources faster and more directly than ever before.
Enjoy low latency and unlimited scalability with a global cloud footprint and cloud-native architecture that includes global Peering POPs (Point of Presence) reducing delays.
Cloud service with 99.999% uptime (Maintained Service Availability) and internet speeds faster than a direct connection, improves the productivity of your workforce while reducing the cost of your network infrastructure.
HOSTED