SASE: a new class of cyber security solution
Throughout the COVID-19 pandemic, enterprises rapidly adopted remote working models – at a scale and pace never tried before. A significant part of this process is the need to ensure remote access to applications and technology. As enterprises remodel their infrastructure to support this shift – with a heavy emphasis on decentralization – the overall surface area for cyber-attacks increases.
As a result, much time and investment are pouring into innovations in the enterprise security space. One evolving proposition is Secure Access Service Edge, a new style of cyber security solution that combines network and network security capabilities as a service. The service has specific benefits for the many organizations that face a growing need to enable distributed applications for distributed users, in a highly dynamic environment.
Traditional security models under pressure
In the past, applications were selected by decision-makers and deployed in a limited number of locations to fulfil the IT needs of the organization. Irrespective of who made the decisions, most organizations sought to centralize applications as much as performance allowed, to maximize efficiency and keep costs under control. In most organizations, corporate systems were only accessible through corporate networks, and only some of these were enabled for remote access.
For some time, this centralized model has been under pressure, mainly due to widespread adoption of SaaS – the need for large parts of the workforce to access platforms such as Office365, Salesforce, Workday, etc. has put strain on traditional connectivity and security solutions. In response, many vendors have developed Cloud Access Service Broker (CASB) solutions that specifically respond to the need to secure access to and between multiple SaaS, IaaS, and PaaS platforms.
Today, CASB solutions are still evolving, and while they are no longer novel as a category of security solution, they are still gaining traction in the market. In parallel, there has been considerable discussion within the industry of the need for a new class of solution: Secure Access Service Edge (SASE).
SASE: Not new, but now integrated
SASE was first discussed as a potential, slightly theoretical solution to bridge the evolving patterns of network utilization and delivery, together with the need for more broadly distributed security, delivered as a cloud-like service.
However, over the past 12 months, the concept has gained significant momentum in the market. Many vendors have rushed to communicate the availability of their SASE solutions, and there is some risk that a potentially valuable new category of service becomes undermined by excessive hype – many new categories suffer this fate, which does not necessarily help the actual adoption in the market.
What paved the way for the must-have cyber service?
A key driver of changing behavior is the much more decentralized pattern of IT today. The most widely used applications are often delivered as SaaS from multiple locations around the world, from data centers that are completely outside the IT user organization’s control. Internal applications can be delivered from multiple locations, most commonly via a corporate network. Private connections over MPLS are progressively being replaced with cheaper and more flexible software-defined networks.
Even before the current pandemic, there was increasing demand for remote access to applications, and obviously this demand has increased dramatically as staff are required to work from home.
Traditional security increasingly misses the point
All of this undermines the rationale behind traditional heavy investments in securing corporate firewalls, and back-hauling application access to specific locations on the private network. When internal or third-party applications are delivered from the Cloud over the Internet, relying on security concentrated in traditional data centers (whether in-house or outsourced) increasingly misses the point, and really only serves to create artificial single points of failure and performance choke points.
How SASE meets today´s needs
SASE attempts to fulfil current network and network security requirements with an integrated service solution that meets the needs of today’s distributed and mostly home-working workforce. As well as the needs of larger facilities (office campuses, plants, etc.) that are still significantly occupied, and also the snowballing numbers of IoT-connected devices that need secure access to corporate systems. It aims to do this by combining several existing security functions with software-defined networking technologies and delivering them as a cloud-centric service. Typically, SASE offerings combine zerotrust access, CASB, firewall services, network security services, and secure web gateways.
At a glance, here are the key characteristics of the SASE proposition in the modern enterprise:
- SASE combines network and network security as a service, which can suit organizations challenged by dynamic and/or unpredictable network requirements.
- Organizations may also turn to SASE simply because it offers a way out of delivering cyber security in-house, which may suit organizations facing staffing or CAPEX challenges.
- Most organizations will benefit from professional services support in designing and implementing a SASE solution, whether from a vendor or from independent consultants.
- Pilot services delivered on a small scale almost always help to deliver better solutions once they are rolled out throughout the company.
PAC expects to see strong market demand for SASE consulting and solutions over the next 18+ months.
Get more insights
There is a genuine need for enterprises to adopt a new security posture, pushed further by the need for digital workplaces. You can see more of our analysis on the latest trends in the Cyber Security space in our trilogy of InBrief Analysis reports in which we cover the most relevant Cyber Security topics and technologies for users and service providers, explain the pros and cons, who should be interested, and give advice how to handle it.