How the Secure Access Service Edge (SASE) can improve performance and security for the hybrid workforce

Today’s business environment is larger than ever — users are accessing the network from point A to point B and everywhere in between.

This has left a lot network security Teams scramble to cover all network points and users, while ensuring that vulnerabilities and silos don’t create an easy path for threat actors.

Expanded physical and virtual environments blur visibility and loosen control, making it difficult to track sensitive data, maintain compliance, and maintain secure configurations among office users and VPNs.

To regain control in this complex landscape, many organizations are turning to Secure Access Service Edge (SASE). This model seeks to mitigate risk by migrating security capabilities from the data center to the cloud and deploying software-defined wide area networks (SD-WANs).

“The SASE architecture is designed to address the problem of limited network performance and security visibility for corporate distributed business systems,” said Keith Thomas, principal architect of SASE. (infrastructure, platforms and applications)”. Cybersecurity AT&T.

“This approach provides better network performance, greater security visibility, and a better overall user experience.”

SASE has determined

Gartner’s analyst coined the term SASE in 2019 and spin it off into its own Magic Quadrant in early 2022.

The company defines it as a “converged network” that includes SD-WAN, secure web gateway (SWG), cloud access security broker (CASB), untrusted network access (ZTNA)firewall as a service (FWaaS) and data loss prevention (DLP).

“SASE supports branch offices, remote workers, and secure access use cases on-premises,” according to Gartner. It is “primarily delivered as a service and enables untrusted access based on the identity of the device or entity, combined with real-time context and security and compliance policies”.

Global SASE market to reach $665.9 million in 2020, according to an estimate from Grand View Research; The company predicts it will continue to expand through 2028 at a compound annual growth rate (CAGR) of 36.4%. Another projection from Markets and Markets says the market will reach $4.1 billion by 2026, achieving a CAGR of nearly 27%.

Top companies in the development space include Netskope, Zscaler, Palo Alto . Network, Fortinet, Cisco, circumference 81, cathode network And force.

“Because many users and applications no longer exist and operate on the corporate network, access and security measures cannot depend on devices,” said Robert Arandjelovic, director of solution strategy at Netskope. common hardware in corporate data centers.

With SASE, instead of delivering traffic to a device for security, users connect to an intermediary service “to access and use web services, applications, and data securely with consistent enforcement of privacy policy,” he said.

Increase security, reduce complexity

SASE architectures are typically based on a single-vendor service providing networking and security together, or a dual-vendor model that integrates SSE with SD service, Arandjelovic said. – WAN.

And, while each vendor is different in how they deliver SASE, they generally follow this process:

• Users wishing to access services, applications, or data connect to the nearest SASE point of presence (POP) and authenticate.
• Depending on the location of the resource (on a website, in an application, in a private application hosted in a data center or infrastructure as a service), the SASE architecture uses an integrated service. appropriate and allow users to access authorized resources.
• While this is happening, SASE applies consistent data protection and data protection controls. Ideally, these take advantage of a “one-pass” approach to minimize user disruption.

The best SASE tools, Arandjelovic said, ensure “pervasive, fast connections” while adhering to the principles of no-trust and least-privileged access, adjusting based on risk context.

Ultimately, SASE reduces cost and complexity through consolidation, thus allowing companies to “end the cycle of frequently making large investments in separate security appliances and services.”

Important questions to consider

There are many questions to consider when evaluating SASE tools, says Bruce Johnson, senior director of product marketing at SASE. cradle point. The important things are:

• Does my existing infrastructure support SASE?
• Do my current IT staff receive the necessary training to deploy, manage, and support SASE environments?
• Does my environment include technologies like 5G that warrant additional capabilities?

He recommends that subsequent testing and troubleshooting should be conducted in the sandbox to protect the production environment before configuring hybrid workforce devices.

As he noted, “geography becomes less important” with SASE because critical services are independent of employee and resource location.

For example, “a company that supports a global workforce that includes hybrid workers can provide protection and networking for workers anywhere in the world.”

SASE’s modular capabilities

Arandjelovic agrees that, like many comprehensive frameworks, “SASE can appear overwhelming if considered all at once.”

But because it is modular, organizations can adopt it gradually based on their own pace and priorities.

The first step, he said, is to collaborate across the entire “IT department,” with the infrastructure and security teams forming a common set of requirements. Once agreed, the next step is to identify and prioritize key projects — whether it’s securing access to web and cloud apps, modernizing VPN connections, or implementing data protection across the Internet. whole enterprise.

Organizations can then develop policies and controls, and deploy follow-up projects as needed — a process simplified thanks to the unified SASE platform.

A thoughtful, sensible approach

Indeed, many analysts recommend deploying ZTNA first, and then expanding its use “bit by bit,” said Klaus Gheri, Vice President of Cybersecurity at. Barracuda.

This is the most “thoughtful and sensible approach” as long as organizations consider questions like:

• Does the solution provide agents for all required platforms?
• Does it mandate the flow of any and all traffic through the SASE service, or does it allow access to other functionalities such as Microsoft 365?
• Does it allow access to apps other than web apps?
• Does it allow extension to apply additional functions?
• Does it enable the deployment of devices or sensors for IoT or industrial use cases?

SASE tools must ultimately aim for consistent security — everywhere — with zero trust, he said.

“This ensures that every employee gets fast, reliable, and secure application access without the VPN concentrator bottlenecks we’ve ever seen,” he said.

“Changing an existing company’s network and security infrastructure can sound intimidating — and it often is,” he admits. “So the benefits need to outweigh the risks and the effort is pretty quick.”

Complicated, but an investment that pays off

Ultimately, business leaders must be aware that there are multiple possible ways when deciding how and when to implement SASE, said Mary Blackowiak, AT&T Cybersecurity’s top product marketing manager.

She points out that some choose to source SD-WAN from their security provider, while others prefer to stack security on top of their existing network infrastructure.

Another option is technology acquisition and outsourcing to a managed security service provider (MSSP). This can be especially compelling in the context of the ongoing security industry lack of skillsshe pointed out.

Additionally, it is important to develop a roadmap for upcoming network and security transformation initiatives, and to start the proof-of-concept process early.

“This can help position businesses for increased productivity, less risk and simpler management,” said Blackowiak.

The bottom line, Thomas of AT&T said, “SASE is a complex and resource-intensive strategic initiative to execute, but ultimately, can be a transformative and cost-effective strategy for an organization.”