SASE Will Redefine Network and Cloud Security: So What Does it Mean?
The emerging Secure Access Service Edge (SASE) framework promises to converge network, web, data, and cloud app connectivity and security delivered together from the cloud.
SASE, pronounced “Sassy” and short for Secure Access Service Edge, is an emerging security and networking architecture model first proposed by Gartner in 2019. It recommends converging networking and security capabilities into a unified, cloud-native service that makes it easier and less expensive for enterprises to safely connect people and offices all over the world. SASE is not a product, but an architecture reference model to help enterprises re-architect secure edge connectivity.
The need for SASE, which is essentially an inversion of traditional network and security stack design patterns, has emerged as digital transformation has evolved in the following ways:
- People now work remotely, from more places than ever before – in many cases, more business now happens outside the boundaries of the traditional enterprise rather than inside. More traditional jobs are expected to be performed remotely, such as software development, IT administration, cloud operations and support using cloud-based applications and services.
- Business data, and applications using that data, are rapidly moving to the cloud, changing how people connect to them. This means old approaches such as backhauling through a central enterprise data center with legacy appliance-based security architecture are no longer feasible.
- To maintain performance, many organizations with multiple sites and remote users are connecting directly to the internet and cloud apps using technologies like SD-WAN, bypassing centralized premises-based security gateways. This evolution in network and cloud access requires a new approach to information security that can work everywhere users need to access and interact with data.
- The focal point of networking and security has shifted from the data center to the cloud. It also means that networking teams now have new opportunities to improve performance, consolidate the number of devices they have deploy and allows security teams a chance to regain visibility and control of data at the user level.
In short, SASE represents a new approach designed to help security and risk management leaders address the changes posed by digital transformation. It also offers security and IT leaders a way to reduce complexity in their environments while ensuring security and connectivity for organizations.
In order for security teams to maintain visibility and control in this new framework, the security and networking infrastructure needs to be re-designed in the cloud. Simply bundling traditional networking and security stack and offering them in the cloud will not suffice. It’s more efficient to create a straight path to the applications for users—a “direct-to-app” approach, which will achieve better performance and user experience.
Solution providers will need to deliver converged security and optimize the cloud for high levels of performance and availability. Only then can it easily be distributed for global scalability.
A true cloud-native approach also paves the way for simplified network and security administration through a centralized management hub providing improved visibility and protection of users and data wherever they’re located. This approach also improves performance since users and branches connect directly to the cloud through a single security layer.
How soon can we expect SASE solutions?
For a big picture glimpse at SASE’s future, here are Gartner’s projections:
- By 2023, 20% of enterprises will have adopted Secure Web Gateway (SWG), CASB, Zero Trust Network Access (ZTNA), and branch Firewall-as-a-Service (FWaaS) capabilities from the same vendor, up from less than 5% in 2019
- By 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018
- By 2025, at least one of the leading IaaS providers will offer a competitive suite of SASE capabilities
As we lay out here, SASE is a new security framework that combines network security functions (SWG, CASB, FWaaS, DLPaaS) with connectivity (SD WAN) all delivered as a service. However, the SASE market is in its early stages; be wary of technology and service providers claiming SASE leadership or offering SASE products today. Many vendors are simply bundling existing technologies as SASE offerings or service chaining the products. These approaches will only result in inconsistency, poor structure, and added latency.
Download the Gartner SASE Paper