By Azim Makan
The IT industry has no shortage of buzz phrases. So IT managers can be forgiven if the growing talk around Secure Access Service Edge (SASE) – an emerging enterprise strategy that incorporates multiple solutions to enable secure remote access to on-premise, cloud-based, and online resources – has them wondering if SASE is just the latest fad.
Rest assured, it is not. What makes SASE unique is the vision behind it. In particular, SASE brings networking and security together, enabling them to function as a single, integrated system. This Security-Driven Networking strategy is one that many organizations have been looking to embrace for years. For that reason alone, SASE is worth a careful look.
The best place to start is by assessing where businesses stand today with regards to security and networking. Traditionally, these two elements often functioned as separate systems, with security being added as an overlay once the network was in place. However, as networks are undergoing rapid, and sometimes constant transformation, there is no time to deploy security as an afterthought. In fact, network changes – even the minute-by-minute connectivity changes that occur in things like SD-WAN – need to be led by security to ensure that organizations don’t inadvertently open a door that leads to exposure, to risk and attack.
Virtually every organization requires immediate, uninterrupted access to resources and data, whether it resides on the network or in the cloud. But the onset of mass telework, ongoing cloud migrations, and implications of 5G continues to change consumption patterns and transform the traditional network into a network with many edges. And with that explosion in edges comes a rise in attack surfaces. For security to be effective in such an environment, it needs to be seamlessly interwoven into the network itself.
However, few if any traditional security solutions were designed with these edges – and the underlying changes in user behaviour – in mind. In the interim since the second generation of security was launched, nearly 20 years ago, the demands on security have fundamentally changed. Security is now something that must be delivered anywhere, at any time, and for any device. It has led to the convergence of traditional and cloud-based security, where all security elements function as elements of a larger, comprehensive security fabric, and it requires a deeper integration between security and networking. No security device anywhere can afford to function in isolation any longer.
This is where the true value of SASE becomes apparent. Simply put, it’s a strategy designed to help organizations to not only secure their new distributed networks, but to keep them secure even as they continuously adapt to changing business and network parameters.
However, many organizations may still be confused about what technologies actually comprise an effective SASE solution. Where that confusion lies can be found in the details. Some of those organizations defining SASE have made notable omissions, or even pushed the boundaries of what technologies should be included a little too far. Clarity is essential here, and organizations looking to adopt a SASE strategy should consider the following factors when doing their research.
SASE includes the cloud, but it’s more than the cloud. SASE is generally classified as a cloud-delivered service. However, there are many situations where organizations may need a combination of physical and cloud-based solutions for SASE to work for them. By bringing these elements together under a unified security and networking umbrella, SASE can be easily extended deep into the network, and as a result, deliver incredible results.
SASE must include secure LAN and WAN. Be wary of any talk of SASE that omits discussion of Secure LAN and Secure WLAN, which are essential considerations for any organization. A true SASE solution must include them both to ensure that security is applied consistently across the entire security architecture, and not look at them as separate security components.
SASE must incorporate a flexible consumption model. Regardless of what tools are used or where they are deployed, a SASE solution must have the ability to quickly adapt to evolving network changes and fluctuating business requirements. It’s critical to seek flexible consumption models that allow organizations to develop a long-term solution suited to their specific needs that can easily adapt as their network evolves and the need for certain elements change over time.
SASE starts with the right checklist. By definition, a SASE solution is a strategic approach, not a box, and it is meant to be flexible. That said, at its core it must include non-negotiable security elements. Those include fully functional Secure SD-WAN solution, physical and cloud-based firewalls, zero-trust network access that scans users and devices both on and off the network, a secure web gateway and cloud access security broker (CASB) that allows organizations to take control of their own SaaS applications. And all of this needs to be managed and orchestrated through a central cloud-based platform that can seamlessly interoperate with physical solutions deployed on the ground.
There is significant momentum building around SASE, and for good reason. It reinforces the need for Security-Driven Networking, and underscores how in this age of cloud connectivity and digital innovation, networking and security must converge. While there is no one “right” SASE solution, few would deny that there’s also no going back to outmoded and siloed architectures. For anyone engaged in security planning in this tumultuous time, when networks are undergoing constant transformation, a truly comprehensive SASE solution is worth a serious look.
Learn more about how SASE represents the future of security and networking. From SD-WAN, ZTNA, CASB, and NGFW, the Fortinet platform provides complete readiness for embracing SASE.