Network architecture and its protection is a mature world, and one filled with comparisons to architects outside of the data center. After all, doesn’t a castle-and-moat approach to cybersecurity remind you as much of medieval literature as your own IT department? Every time 15th century technology is compared to 21st century technology, there is a new innovation waiting to take over its metaphorical significance. In this example, Secure Access Service Edge (SASE).
The term was first used by two Gartner analysts in 2019. The force is getting stronger and stronger.
What is SASE?
SASE leverages the network edge and works outside of the data center, combining many existing products and services to provide an integrated solution for network security. SASE is typically marketed in the same manner as Software as a Service (SaaS) products.
Some individual components of SASE products include:
- Software-Defined Wide Area Network (SD-WAN): Rather than relying on traditional networking models where routers and data centers interact, SD-WAN routes your web traffic to vetted, existing technology providers, such as Amazon Web Services or MicrosoftAzure. While improving safety and reducing costs, this also reduces Delay. If we extend the medieval metaphor, an SD-WAN is a drawbridge that allows traffic to enter the city that serves as network infrastructure.
- Secure Web Gateway (SWG): The SWG product is the one who asks for the secret password at the door. It inspects all traffic for unwanted elements and requires compliance with the security policies implemented by your company. Its job is to keep your data safe.
- Cloud Access Security Broker (CASB): CASB is a product that manages security protocols, e.g. single sign-onuser authentication and token management. In our little medieval fantasy world, the CASB are a group of squires responsible for ensuring that the community leadership is kept informed of the castle’s defenses.
- Next Generation Firewall (NGFW) and Firewall as a Service (FWaaS): These two products filter incoming traffic and block any malicious behavior. NGFW uses tools like packet filtering and VPN identification to provide deeper, better defense rather than a simple yes or no answer. You can think of it as a battlement, a small section of the castle wall that allows you to look out and identify incoming threats.
- Zero Trust Network Access (ZTNA): Unlike VPNs, which allow users to access a wide range of network environments, Zero Trust Network Access systems only allow users to access one application. Tired of this medieval trope? Well, we can liken ZTNA to the secret passages found throughout many castles, areas that allow servants to enter and exit spaces without being discovered.
One of SASE’s key selling points is its ability to combine various cybersecurity products in a cloud-native environment into a product that can be implemented quickly and easily.
Benefits of SASE
Although SASE communicators offer a variety of benefits, most boil down to four key elements: ease of use, scalability, reliability, and efficiency.
For one, SASE solutions do not rely on a data center-centric approach, instead allowing companies to rely on untethered and lower-cost resources. In a world where time is money, SASE solutions that reduce latency can significantly reduce infrastructure costs compared to other structures.
Second, in a remote work environment where creating additional users, workflows and products is a daily necessity for business, SASE markets itself as an inherently cheaper and faster solution that can keep the business running and growing.
Finally, most companies that sell these products point to the fact that the structure of SASE solutions (covering a lot of network security in one ecosystem) allows you to easily monitor network traffic (and solve problems) without having to work hard Expanded complex security solutions.
Disadvantages of SASE
Given that the term SASE was first coined just five years ago, the technology is still going through the growing pains that accompany any developing technology. One problem is that, apart from medieval comparisons, the whole topic can be confusing and lead to internal confusion when implemented.
Another problem is that SASE can be difficult to add to legacy environments that haven’t been designed specifically for new network security. As with any cybersecurity solution, the cost of a SASE implementation can be Discourage small and medium-sized enterprises It is important for companies to determine which parts of the SASE solution are useful and which parts are not needed for any individual use case.
Some industry experts are also concerned that the nature of a SASE implementation – which combines networking and security – may not be a good fit for individual companies’ current IT staffing choices.