Many in IT are familiar with Software-Defined – Wide Area Networks (SD-WAN) or have significant investments in digital transformation. Originally coined by Gartner, SASE: Secure Access Service Edge is the simplification and convergence of wide area networking and security. Delivering both as a cloud service directly to where the end user resides, rather than bringing that traffic back and centralising everything at a corporate data centre level.
What is SASE?
The convergence of Network and Security groups that is driving this newfound SASE requirement. SASE is driven by the need for mobility and flexibility for the end user. It must however, equally secure the legacy hub and spoke architectures of a traditional MPLS network. Enabling the end user at the edge also improves application performance. The end user accesses the nearest point of presence for the application. This means that application latency is minimised vs a traditional, centralised, MPLS network where all of the traffic is brought back to a single point (many times across the globe) before traversing out to the internet.
With many enterprises embracing Cloud-First solutions (SaaS applications, Hyperscale infrastructure, Office365 etc.) there isn’t the need to have traffic route back to the Corporate datacenter over expensive, traditional MPLS networks. Rather, enterprises are looking to enable those end users to directly access the internet at the edge. Reaching those applications and using their more expensive network circuits for internal self-managed applications. This means that many clients can “right size” their MPLS environments. And in many cases replace expensive, dedicated circuits with much less expensive broadband or internet circuits. But how do you ensure that those edge locations and the end users are secure?
The evolution of cloud-based security solutions has grown immensely over the last five years.
Cloud-based next generation Firewalls (NGFW), or inexpensive but feature rich embedded NGFWs into the SD-WAN appliances can offer the same level of enterprise security as traditional premise-based FW technologies. Identity Access, Zero Trust, Cloud Access Services Broker (CASB), and Software-Defined Perimeters are additional security solutions which can be layered onto those edge circuits/end user devices to ensure that enterprises maintain an aggressive security posture. These technologies are cloud-based and can easily scale; important considerations for companies heavily vested in mergers & acquisitions or dynamic application requirements.
SASE is a new acronym to many folks. As digital transformation and secure SD-WAN network transformations continue to take place the convergence of IT’s network and security teams will meld. Expect SASE to become an industry-accepted acronym.
In the next two blog articles, I will look more at the intricacies of the network and then the elements around Security in greater detail.