The past year has seen an uptick in demand for SASE, driven by the huge increase in people working from home … owning their own devices … and using applications in the cloud. (Hot topics even pre-Covid.) With devices, data, and apps far from the corporate HQ, and connectivity taking place on public Wifi and home broadband, it’s no longer sufficient to secure access only to the network—however good a job SD-WAN does of that.
Instead, SASE is about secure access at the application level—with the emphasis shifted to authenticating users and devices on an as-permitted basis at the network perimeter, rather than the once-you’re-in-you’re-in approach of a typical in-house setup.
‘The Secure Access Service Edge is an emerging offering combining comprehensive WAN capabilities with comprehensive network security functions (such as Secure Web Gateway, Cloud Access Security Brokers, Firewall-as-a-Service, and Zero Trust Network Access) to support the dynamic secure access needs of digital enterprises.’ – Gartner Group’s definition*
It’s an approach that spans different security technologies with names like Zero Trust Network Access, Firewall as a Service, Secure Web Gateway, and Cloud Access Security Broking. And just to avoid confusion: it’s pronounced sassy, not “sayze”. With Videns now part of the Expereo family, your networking partner now has best-of-breed SASE smarts too — let’s look at some of the benefits.
Holistic security: more than just perimeter-hardening
A basic concept uniting SASE security is that it’s software-defined. Like SD-WAN, but much more fine-grained in how it grants access to data and applications—and how it validates those gaining access to them. Broadly, SASE implementations put authentication much closer to where it needs to happen: the user and device.
Prior to SASE, it was normal for authentication data to make a round-trip to the corporate datacenter and back since most users enjoyed a direct connection to that corporate network within the firewall. The world doesn’t work like that anymore—so nor should network security. Take the example of ZTNA, Zero Trust Network Access. A device may be user-owned. It may be on public Wifi. It may be shared with the user’s family. All weak points, susceptible to data leakage and compromise—which ZTNA addresses.
Granting access to specific applications rather than the network as a whole, with IP cloaking making that access invisible even to malware on a compromised device, keeps the network perimeter safe. The door’s not merely open or closed; it’s a hidden door—that only opens to people who know it’s there.
Simplified management: less monolithic, more adaptable
Another plus. With authentication happening at the edges, the need to operate a one-size-fits-all security infrastructure at the network core—a pain to maintain, and a single-point-of-failure risk—go away. SASE was born in the cloud and delivers its services there. With security authentication via flexible APIs and protocols rather than a brittle single-sign-in application, there’s no need to constantly upgrade the core.
That matters since it reduces a huge overhead that rarely scales well. And Gartner predicts 30% of all enterprises will adopt cloud-delivered SASE services by 2024, a sixfold increase in 2020.
Cost reduction: security outsourced to the cloud
The cost implications of going cloud-native apply to SASE as much as any other application. By pushing security infrastructure out to the perimeter where the user and his/her device are, there’s less need for heavy security investment in the corporate datacenter. Cloud services expand or throttle capacity based on what the network needs—which means fewer resources spent on maintenance and replacement.
Like much of cloud computing, SASE carries a sound business case. Gartner again: by 2025, nearly two-thirds of corporate organizations (60% or more) will have solid strategies for adopting SASE across their user bases. Up from 10% in 2020.
Hyper-scalability: getting better as it gets bigger
Returning to the corporate model with its central security core again: it doesn’t scale well. It’s not just a case of needing to provision for user demand—it’s that a monolithic security solution needs to be tweaked, adapted, upgraded as new services are added to the network, slowing down implementations every time. SASE meets that problem head-on.
With its emphasis on securing the user and not the network, the model becomes scalable: the organization has a list of resources, each user enjoys a set of permissions to access one or more of them, and no extra resources are needed in the IT Suite no matter how large the user base grows. And with the network itself largely making use of cloud services and public networks (like a work-from-home’s broadband) there’s no extra stress on HQ as it grows. The Gartner statistic here is that the number of enterprises with only software-defined internet WANs (instead of MPLS or leased lines) will double to 30% by 2023. That’s not far away. (If you’re interested in the Gartner report, download it here.)
Performance increase: log jams canceled by the cloud
The cloud is everywhere. At least, that’s how it seems to most users. Their home fiber can reach gigabit speeds; the mobile world is turning 5G; even coffee-shop Wifi frequently exceeds multi-megabit rates. And satellite ISPs now lighting the night sky are bringing the same benefits to rural and off-grid locations.
When your network perimeter isn’t defined by some corporate firewall, but by protocols in the cloud that apply directly to the connected user and device, many bottlenecks improve: you’ll see lower latency numbers, smoother network traffic flows. Because those applications are in the cloud, closer to the user. Wherever that user is.
HOW EXPEREO CAN HELP YOU GET THERE
In a world where the workforce is footloose and the market is mobile, the network perimeter can be a dangerous place. Secure Access Service Edge is the solution. And as for why Expereo is your choice to provide it—well, it’s cultural. We’ve long championed SD-WAN and business internet as fast and flexible alternatives to pricey “fixed in place” technologies like MPLS and T1 lines.
With Expereo, thousands of businesses have discovered software-defined networks connecting cloud services with an internet underlay provides all they need. Why not start right now, by seeing the SASE services Expereo has to offer?