It’s no secret – networking and security have left the building. Even before the major shift to remote working in the first half of 2020, workplaces had already made the transition to a decentralized network architecture, where computing resources are located outside the data center and most enterprise traffic is destined for public cloud services. There are more remote and roaming users than ever before, and as work moves outside the office, so does the need for secure access to enterprise applications and data. To be successful in the cloud era, IT teams need to identify a new approach to control and secure users, apps, devices, and data — anywhere and everywhere they go in the world, and no matter what apps they choose to use.
According to Enterprise Strategy Group research, 32 percent of organizations report that most of their apps are now software as a service (SaaS) based. That number is expected to increase to 60 percent within two years.1 In the past, most organizations would backhaul traffic through MPLS WAN links from remote offices back to the data center to apply security policies before sending the traffic to the public internet.
Today, that centralized approach has become impractical because of the high cost of backhauling traffic over MPLS and the resulting performance issues for both branch locations and roaming users. To overcome these cost and performance issues, some businesses are adopting a more decentralized approach to optimize performance for these users with direct internet access (DIA) paths. But this approach highlights a set of new security challenges.
Gaps in visibility and coverage
Centralized security policies can’t be effectively managed and enforced in a decentralized network. This is because most traffic from branch locations to the cloud and internet doesn’t cross a centralized policy enforcement point. This results in visibility and coverage gaps, which increase the risk of a successful breach or compliance violation.
Volume and complexity of security tools
Security teams already struggle to keep up with cybersecurity threats. Many of them have lots of point solutions that are difficult to integrate and manage. These point products generate thousands of alerts — making it very difficult, if not impossible, for analysts to keep up. As a result, many alerts go untouched.
Limited budgets and security resources
IT and security budgets are already constrained. Deploying multiple, costly point security solutions — such as firewalls, secure web gateways (SWGs), intrusion detection and prevention systems (IDS and IPS), and data loss prevention (DLP) — to multiple locations and remotely managing these solutions with limited security resources is both impractical and ineffective.
Introducing secure access service edge (SASE)
In its August 2019 report, The Future of Network Security Is in the Cloud, Gartner defined the secure access service edge (SASE) concept as “an emerging offering combining comprehensive [wide area network] capabilities with comprehensive network security functions (such as SWG, [cloud access security broker], [firewall as a service] and [zero trust network access]) to support the dynamic secure access needs of digital enterprises.”2
The SASE concept consolidates numerous networking and security capabilities and functions — traditionally delivered in multiple, siloed point solutions — in a single, fully-integrated cloud-native platform. This approach delivers some key benefits that are critical for organizations that need to address the modern networking and security challenges of an increasingly cloud-first, distributed, mobile, and global workforce.
Here are four key characteristics of digitally transformed organizations that are laying the groundwork for this new concept:
Identity-centric
Gartner suggests that “digital business transformation inverts network and security service design patterns, shifting the focal point to the identity of the user and/or device — not the data center.”3
Cloud-native
Gartner describes modern digital enterprises as having “[m]ore sensitive data located outside of the enterprise data center in cloud services than inside” and “[m]ore user traffic destined for public cloud services than to the enterprise data center.”4
Edge computing
To support the SASE concept, Gartner describes a “worldwide fabric/mesh of network and network security capabilities that can be applied when and where needed to connect entities to the networked capabilities they need access to.”5
Globally distributed
Gartner describes the need for an “intelligent switchboard” where “identities are connected to networked capabilities via the SASE vendor’s worldwide fabric of secure access capabilities.”6
Start your SASE journey
Remember: SASE isn’t a product, a company, or a solution. It’s a broad concept that invites you to think differently about how networking and security work together in the cloud era. Two major SASE concepts are consolidation and simplification, so it makes sense to chart a course that includes both networking and security elements from a single vendor.
Are you feeling overwhelmed? Start here to learn more about the SASE concept and how it works, and you can request your free copy of our new ebook, Secure Access Service Edge (SASE) for Dummies. In this ebook, you’ll learn about the benefits of software-defined wide area networking (SD-WAN) and how it can lower your networking service costs and improve performance. You’ll also learn about the best way to secure new traffic flows with cloud-delivered security.
What are you waiting for? If you missed our earlier posts about how networking and security have evolved, you can catch up on your reading with the links below.
- Top 10 networking and security trends and challenges
- How networking and cloud security solutions have evolved to connect and protect users everywhere
1 Enterprise Strategy Group, The Rise of Direct Internet Access, 2018
2 Gartner, The Future of Network Security is in the Cloud, 2019
3 Gartner, The Future of Network Security is in the Cloud, 2019
4 Gartner, The Future of Network Security is in the Cloud, 2019
5 Gartner, The Future of Network Security is in the Cloud, 2019
6 Gartner, The Future of Network Security is in the Cloud, 2019
