SASE, Secure Access Service Edge.
SASE, or Secure Access Service Edge.
The rise of remote workers, coupled with the growing push of company data and infrastructure into the cloud, prompted Gartner in 2019 to define a new approach to networking and security: Secure Access Service Edge (SASE).
Introduction to SASE
Secure access service edge, often abbreviated (SASE), is a security framework that converges software-defined wide area networking (SD-WAN) and Zero Trust security solutions into a converged cloud-delivered platform that securely connects users, systems, endpoints, and remote networks to apps and resources.
SASE offers an alternative to traditional data center-oriented security. It unifies networking and security services into a cloud-delivered service to provide access and security from edge to edge — including the data center, remote offices, roaming users, and beyond., a SASE solution can simplify daily management, offer better security protection, and improve network performance.
SASE combines network security functions such as Secure Web Gateway (SWG), Cloud Access Service Broker (CASB), Firewall as a Service (FWaaS), and Zero Trust Network Access (ZTNA), with Wide Area Network capabilities (i.e., SDWAN) to support the dynamic secure access needs of organizations. These capabilities are delivered primarily as a Service and based upon the identity of the entity, real-time context, and security/compliance policies.
Andrew Lerner, Gartner
SASE has four main traits:
1. Identity-driven:
Access is granted based on the identity of users and devices.
2. Cloud-native:
Both infrastructure and security solutions are cloud-delivered.
3. Supports all edges:
Every physical, digital, and logical edge is protected.
4. Globally distributed:
Users are secured no matter where they work.
The main goal of SASE architecture is to provide a seamless user experience, optimized connectivity, and comprehensive security in a way that supports the dynamic secure access needs of digital enterprises. Instead of backhauling traffic to traditional datacenters or private networks for security inspections, SASE enables devices and remote systems to seamlessly access apps and resources wherever they are—and at any time.
Components of a SASE Model
SASE can be broken down into six essential elements in terms of its capabilities and?technologies:
1. Software-Defined Wide Area Network (SD-WAN)
SD-WAN is an overlay architecture that reduces complexity and optimizes the user experience by selecting the best route for traffic to the internet, cloud apps, and the data center. It also enables rapid deployment of new apps and services and helps you manage policies across a large number of?locations.
2. Secure Web Gateway (SWG)
SWGs prevent unsecured internet traffic from entering your internal network. It shields your employees and users from accessing and being infected by malicious web traffic, vulnerable websites, internet-borne viruses, malware, and other cyberthreats.
3. Cloud Access Security Broker (CASB)
CASBs prevent data leaks, malware infection, regulatory noncompliance, and lack of visibility by ensuring safe use of cloud apps and services. They secure cloud apps hosted in public clouds (IaaS), private clouds, or delivered as software-as-a-service (SaaS).
4. Firewall as a Service (FWaaS)
FWaaS helps you replace physical firewall appliances with cloud firewalls that deliver advanced Layer 7/next-generation firewall (NGFW) capabilities, including access controls, such as URL filtering, advanced threat prevention, intrusion prevention systems (IPS), and DNS?security.
5. Zero Trust Network Access (ZTNA)
ZTNA products and services give remote users secure access to internal apps. With a zero-trust model, trust is never assumed, and the least privileged access is granted based on granular policies. It gives remote users secure connectivity without placing them on your network or exposing your apps to the?internet.
6. Centralized Management
Managing all of the above from a single console lets you eliminate many of the challenges of change control, patch management, coordinating outage windows, and policy management while delivering consistent policies across your organization, wherever users connect from.
Why Is SASE Necessary?
Digital business transformation demands greater agility and scalability coupled with reduced complexity and improved security. What’s more, modern enterprises need to ensure their users are getting the best experiences from anywhere.
领英推荐
These circumstances have moved SASE from the category of “nice to have” to “necessity.”
Benefits of SASE
SASE platforms offer significant advantages over traditional on-premises network options. Here are some of the primary reasons organizations may want to switch to a SASE framework:
Reduced IT costs and complexity
Legacy network security models rely on a patchwork of solutions to secure the network perimeter. SASE reduces the number of solutions necessary to secure applications and services—saving on IT costs and simplifying administration.
Greater agility and scalability
Because SASE is cloud-delivered, both the network and security framework are completely scalable. As your enterprise grows, so can the system, making accelerating digital transformation truly possible.
Built to sustain hybrid work.
Where traditional hub and spoke, networks struggle to handle the bandwidth necessary to keep remote employees productive, SASE maintains enterprise-level security for all users, regardless of how or where they work.
Boosts user experience.
SASE optimizes security for users by intelligently managing security exchanges in real-time. This reduces latency as users try to connect to cloud applications and services and reduces the organization’s attack surface.
Improved security
In the SASE framework, SWG, DLP, ZTNA, and other threat intelligence technologies converge to provide remote workers with secure access to company resources while reducing the risk of lateral movement in the network. In SASE, all connections are inspected and secured, and threat protection policies are clearly defined upfront.
How to get started with SASE:
Successful SASE implementation requires in-depth planning and preparation, as well as continuous monitoring and optimization. Here is some advice on how to plan for and implement phased SASE deployment.
1. Define SASE goals and requirements
Identify the problems in your organization that could be addressed through SASE as well as expected business outcomes. Once you know why SASE is essential, clarify which technologies can fill the gaps in your organization’s current infrastructure.
2. Select your SD-WAN backbone
Choose an SD-WAN to provide networking functionality, then layer the SSE provider to create a comprehensive SASE solution. Integration is key.
3. Incorporate Zero Trust solutions
Access control should be governed by identity. Complete SASE deployment by selecting a suite of cloud-native technologies with Zero Trust at their core to keep your data as safe as possible.
4. Test and troubleshoot
Before going live with a SASE deployment, test SASE functionality in a staging environment and experiment with how your multi-cloud security stack integrates with the SD-WAN and other tools.
5. Optimize your SASE setup
As your organization grows and priorities evolve, look for new opportunities for continued and adaptive SASE implementation. Every organization’s path to mature SASE architecture is unique. Phasing implementation helps ensure you can move forward with confidence each step of the way.
?
References: