DTX Manchester DTX Manchester
  • About Us
Friday, 22 January, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

SASE: A beginner’s guide

In late summer 2019 Gartner first coined the phrase Secure Access Service Edge. Here's what it means

by Derek Granath
December 15, 2020
in Insight
SASE: A beginner’s guide
Share on FacebookShare on Twitter

In what now seems like a lifetime ago, in late summer 2019 Gartner first coined the phrase Secure Access Service Edge. Since then, “SASE”, as it is now more commonly referred, has generated the kind of hype the industry hasn’t witnessed since SD-WAN first emerged around 2014. The promise was simple enough: enable enterprises to realise all of the long-held (but never fully realised) benefits of moving applications and workloads to the cloud and maintaining security.

Now, seemingly every security vendor has a SASE play and marketing message to go alongside it. These messages, however, don’t always align. A wide variety of differing perspectives have emerged from vendors and the media about SASE. Some herald it as a pure replacement for SD-WAN, others say that security is the primary function, with SD-WAN features a minor value add.

This diversity of messaging and positioning can cause additional confusion for enterprises trying to wrap their heads around the SASE topic. At its most basic level, Gartner defines SASE as the combination of SD-WAN and cloud-delivered security services. SD-WAN functions as a core component of the SASE architecture, and the combination of SD-WAN and cloud-delivered security ultimately deliver on the vision for a secure access service edge.

If you want to learn more about SASE, or perhaps you’re looking to implement the framework within your own business, or out of pure interest, in this article I will share the basic principles around SASE, and offer some general, applicable tips for getting started.

The beginnings of a SASE architecture

Typically, when building a SASE architecture an enterprise might start with just one transformational project. However, by the end of the project both WAN and security architectures must be transformed. This is because traditional WAN and security architectures are ill-suited for SASE. Routers and next-gen perimeter firewalls maintain security by backhauling cloud-destined app traffic through their data centres or hub sites (Figure 1). Unfortunately, this adds latency which impairs cloud application performance.

Enterprise security perimeter infographic

To eliminate this latency, SASE transforms both networking and security architecture, connecting branch site users directly and securely to cloud applications and services through the internet alongside cloud-delivered security services.

The Network Transformation

Looking at network architecture, the SASE model pushes for a simplified or thin WAN edge. What this entails is placing only the required network functions at the edge, and in a single unified platform which wraps up: SD-WAN, routing, stateful zone-based firewall, advanced segmentation, WAN optimisation and application visibility and control.

The Security Transformation

As applications are increasingly hosted and accessed from anywhere (a very important point within the current remote working situation), traditional perimeter-base security models are  no longer effective.

In the SASE architecture, rather than hosting security services on complex to manage (and costly) next-gen firewalls within branch offices, it is far better to shift toward cloud-delivered security services. Ensuring that threat detection and mitigation capabilities are updated is far easier when these solutions are centralised within the cloud. In the same manner that SD-WAN replaces routers at branch offices, so too do cloud-delivered security services replace next-gen firewalls.

The Need for Automation

With SD-WAN and cloud-delivered security the necessary base components for SASE, any business looking to implement a secure access service edge will need to invest in SD-WAN first and foremost. SD-WAN is a healthy technology market and there are a lot of options out there. Advanced SD-WAN solutions, which are required to fully enable SASE, should rely on automated orchestration capabilities to ensure the complex infrastructure can run intelligently without too much oversight.

Automation should cover four key areas. Firstly, your SD-WAN solution should have the capability to automatically identify and classify applications on the first packet and dynamically steer them in accordance with centrally defined QoS and security policies. Secondly, it should enable the automation of the orchestration between the SD-WAN and proximity-based cloud-delivered security services from a single console.

Third is the automated reconfiguration of the primary and secondary virtual tunnels to cloud security points of presence if a newer, closer location to the branch is deployed. This helps further minimise application latency. Lastly, and most importantly, any set up should be able to automatically failover to a secondary cloud security enforcement point should the primary become unreachable, so as to maintain application availability.

Don’t put your eggs in one basket

Finally, as SASE is an ever-evolving framework, it is important that businesses avoid vendor lock-in, which provides the freedom of choice to adopt new security innovations as they emerge. Gartner itself predicts that by 2023, 20 per cent of enterprises will deploy a range of capabilities (it cites SWG, CASB, ZTNA and branch FWaaS) from a single vendor. That’s four times as many as we’re seeing today. It’s much wiser to deploy a thin WAN edge platform that incorporates deep cross-vendor integration. This ultimately provides the best of both worlds.  

Contributed by Derek Granath, VP, Product and Technical Marketing, Silver Peak

0 0 vote
Article Rating
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Canon confirms data theft in August’s ransomware attack

Next Post

Why the power to neutralise the threat of ransomware lies within your network

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

Instagram notification symbol in neon lights, with a white heart and a white 0 next to it

Social Media Fails to Monitor Extremist Content

January 21, 2021
The purpose of this image is to portray security through a key attached to what looks like a memory card.

Biden Administration to put Stronger Emphasis on Cyber Security

January 21, 2021
scrabble letters spelling out "Scam Alert"

Phishing Scam Exposes Stolen Passwords

January 21, 2021
Close up image of the sun/a star.

How did SolarWind Hackers evade Detection?

January 21, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept