The term Secure Access Service Edge (SASE) was coined by Gartner in late 2019, yet it has already gone from obscurity to dominating conversation in 2021. Rapid growth in 2020 can largely be accredited to major changes bought about by the COVID-19 pandemic, with SASE catching the attention of IT, security and network professionals as they map out their post-pandemic strategies.
Secure Access Service Edge (SASE) should primarily be viewed as a framework or philosophy. SASE encompasses a package of technologies, delivered as a service, that are designed to support the secure access needs of modern organisations.
There is no specific list of technologies that can be included within SASE, although Andrew Lerner, VP Analyst at Gartner, suggests that SD-WAN, Secure Web Gateways (SWG), Cloud Access Security Brokers (CASB), Zero Trust Network Access (ZTNA) and Firewall as a Service (FWaaS) comprise the core abilities. However, with no rigid criteria in place for the term, IT leaders may implement any number of relevant solutions for their organisation.
Network as a Service (NaaS)
Cloud Access Security Brokers (CASB)
Firewall as a Service (FWaaS)
Web Application and API Protection as a Service (WAAPaaS)
Cloud Secure Web Gateways (SWG)
Zero Trust Network Access (ZTNA)
Content Delivery Network (CDN)
Domain Name System (DNS)
Network Security Trends
Network security has dramatically evolved over the last two decades. Traditional technologies focused on either securing or enhancing the corporate network, using fixed solutions such as firewalls, Secure Web Gateways (SWGs) and on-premise based software to safeguard the enterprise. For those working outside the traditional office space, remote access tools such as Virtual Private Network (VPN), Virtual Desktop Infrastructure (VDI) and Network Access Control (NAC) were implemented in an attempt to bridge the gap. However, prior to 2020, the relatively small number of remote employees meant that many organisations compromised on user experience.
The explosive shift to remote working has changed network security forever. With many employees working from home, remote working and the security surrounding it has been placed under a microscope. Legacy network security products have highlighted poor user experience, with employees constantly having to authenticate, and unnecessarily complex network connections that are often needlessly routed through the corporate perimeter. The legacy model for securing workers complicates design and puts strain on network performance in a world where employees can work from anywhere at any time – on any network.
SASE places a heavy focus at the edge, securing users locally when possible and routing traffic in the most efficient way possible. It also embraces the idea of zero trust, using context-aware policy conditions to grant access on a ‘deny by default’ basis. SASE, at the highest level, concerns itself with five core principles:
- Cloud Based Service Architecture
SASE solutions must be delivered in the cloud
- Policy Decision Points
SASE solutions enforce policy dynamically and locally
- Central Visibility and Logging
SASE solutions provide detailed insights into activity
- Network Security for Mobile and IoT
SASE solutions need to support far beyond the desktop
- Latency-Sensitive Security Computer
SASE solutions should embrace the edge and minimise latency
To meet SASE framework, networking and security solutions that previously lived in a box in a data centre must now be delivered as a service to the distributed workforce. As a result, the traditional bottleneck of tunnelling everything through one central on-premise ‘hub’ is alleviated. In practice, SASE means delivering identity-centric network security, as a service, in the cloud. SASE sits between agile users and corporate resources.
Survey: To what extent does your organisation currently embrace the SASE framework? (%)
Embracing Zero Trust
In a pre-SASE world, remote workers relied on VPN’s to provide a safe, encrypted connection to corporate resources. As the number of remote workers increased, these legacy VPNs have become a liability. Even with multi-factor authentication (MFA) in place, older generation VPNs lack the ability to understand context, opening the door to anyone holding the correct credentials.
The solution is to remove trust from the process. Zero trust is the concept that, by default, users are denied access until they can prove they are a legitimate user for that resource. It also embraces the concept of ‘least privilege’, meaning users only get access to the application they requested and nothing more – preventing any kind of lateral movement, because connections are to the resource, not the entire network.
As the concept of zero trust gained momentum, it has become the basis for many of the solutions included in the SASE framework, especially ZTNA (also known as Software Defined Perimeter or SDP).
Survey: Has Your Organisation Begun Adopting a Zero Trust Posture When Determining Access To Company Resources? (%)
The SASE Technology Stack
Due to the sheer scale of different options available to IT leaders, creating a comprehensive list of every technology organisations may choose to implement to enable their SASE strategies is almost impossible.
For example, experience monitoring is a crucial means of ensuring a high-quality working environment for distributed workforces and meeting SASE visibility requirements for off-network employees. It is rarely seen in diagrams, however, as these are typically produced by more security-oriented entities. More typically, there are a small handful of network and security products that make up the backbone of most SASE strategies.
Survey: Which of these cloud security solutions does your organisation currently employ? (%)
How Can We Help?
The SASE journey is not a straightforward one, requiring patience, customisation, and agility to truly achieve it. Managing traditional network security alongside SASE is key to achieve success.
Mobliciti can work with its key partners to tailor a SASE strategy to suit the needs of your organisation, delivering solutions that modernise the corporate network. Get in touch to find out more.