What we do
Sassiness isn’t something I normally look for in my networking security controls, but maybe it should be? SASE, or Secure Access Service Edge, has the potential to change the way we buy and deliver CLOUD SECURITY: SECURE ACCESS SERVICE EDGE (SASE) network security within our environments.
The cloud consumption model has become ubiquitous across the majority of our IT environments with scalable user-based cost models allowing us to flex to the evolving needs of our businesses. Yet, one area has lagged behind this (r)evolution…I’m looking at you big iron firewalls.
The firewall is often the foundation of our network security and is still often purchased as a network device, with organisations trying to predict their growth over 3, 5, or even 7 years.
This has typically led to customers purchasing boxes too large for the majority of their contract, wasting money, or purchasing boxes that need to be replaced to support the additional bandwidth needs of our increasingly video and cloud-based IT environments. This isn’t to put the blame solely onto our networking security vendors because providing high speed network security is hard; the processing required to decrypt, inspect, analyse and act is difficult to achieve at scale.
Now, issues of scale in IT aren’t new but the network security is unique in that we require the processing to be performed on an appliance in a network location, or at least we used to.
SASE takes a cloud-first approach to delivering security, providing an amalgamation of network security functions; Cloud Web Security Gateway, TLS interception, Firewall as a Service, IPS/IDS, Sandboxing, AntiMalware, CASB with remote access functions, VPNs, SD-WAN, Zero Trust Network access and QoS. In addition, it creates one platform in which to deliver all of these elements.
The first major advantage of this approach is the scalability. Given you are now purchasing these as a service, you aren’t responsible for scaling, load balancing or making them highly available. A microservices architecture means each element scales automatically to your bandwidth requirements, all without you having to interact with the service.
As these services are delivered in the cloud they provide exactly the same security controls regardless of your users location. In effect each device, site or location is protected by a security fabric that adapts to your changing environment. This means your users get a predictable experience and you are assured that they are just as protected at Starbucks as they are at their local office. As the solution uses a mixture of agent and network-based connectivity you can always find an appropriate way to secure your users or devices.
Further advantage comes with the ability to connect to internal services without using VPNs or exposing internal sites to the internet. Zero Trust has been around for many years now and, at its core, the premise is to remove any implicit trust that is given by a user connecting to a network and replace it with an explicit trust model where the user and device is given access only to the systems they need to perform their jobs.
SASE allows you to grant users access to any application regardless, across your hybrid infrastructure, and all without opening any inbound ports. This uses a small piece of software deployed at each data centre or cloud location which makes an outbound connection to the SASE cloud, and provides access to authorised systems based upon identity and device health. This can massively reduce the attack surface for organisations making data centres “dark” to external threat actors.
Whilst SASE is a technology solution, it provides a fundamentally new way to think about delivering network security, enabling organisations to more flexibly adapt to new ways of working and the delivery of applications. For organisations with global footprints, SASE is distributed across the world and so users performance is greatly improved as they always connect to the local SASE cloud, reducing latency and improving user experience, especially for video.
If you are currently reviewing your network security approach and possibly looking to replace aging firewalls, secure your remote users, or shift to a more permanent home working strategy, SASE should be a consideration. You may never buy a new firewall again.
We would love to hear any comments you have about this article!