In my last article, I discussed how secure access service edge (SASE) extends security to the client and the cloud. In this final article in the series, I will discuss how companies can capitalise on using SASE.
Chief information officers (CIOs) of modern enterprises need exemplary client-to-cloud experiences that are secure, reliable, scalable and simple. That’s exactly what SASE delivers.
SASE enables enterprise-wide digital transformation with client-to-cloud security, a cloud-native approach and horizontal elasticity, as shown in Figure 1.
Traditional IT infrastructure is unsuitable to support and secure cloud-hosted applications, direct internet access, non-IT-managed user devices, work-from-anywhere (WFA) / mobile users, bandwidth-intensive and delay-sensitive voice and video applications, and unsecured internet of things devices. Organisations seeking to employ these technologies and architectures must make the leap into digital transformation.
Transforming networks and the business environment demands modern-day capabilities, such as multi-cloud readiness, comprehensive embedded security, scalable advanced routing, traffic-steering optimisation and remediation, and sophisticated visibility and analytics.
Software-defined wide area network (SD-WAN) / SASE architectures that integrate all these functions are the only viable approach to support the trends and technologies inherent in the modern era of digital transformation.
Multi-cloud environments have become increasingly common by encompassing multiple software-as-a-service, infrastructure-as-a-service, public clouds and on-premises clouds. This network model provides benefits, such as avoiding vendor lock-in, minimising costs and enhancing disaster recovery options. But it comes with challenges of security and data protection.
A SASE solution is cloud-native, built on cloud principles for flexibility and automation.
SASE infrastructure eliminates these multi-cloud interconnectivity challenges by automatically discovering − and seamlessly establishing − dynamic overlay connectivity for both the data and control planes to each cloud.
The connectivity topology is automated and ready in minutes − fully secured with encryption − and the control plane across the disparate clouds is normalised by the tunnel mesh to provide complete global visibility of the network.
A SASE solution is cloud-native, built on cloud principles for flexibility and automation. Cloud elasticity allows users to enjoy highly-consistent, predictable quality of experience (QOE) without the risk of services slowing down, failing, or becoming unavailable.
Resources are automatically provisioned − with the end-user unaware of the process. This significantly simplifies IT tasks to allow staff more time to focus on the core business.
SASE operates from the cloud to deliver all network and security capabilities in a single unified framework. An SD-WAN with SASE removes the administrative burden of procuring, installing, configuring and managing individual appliances, enabling security teams to streamline management of all network and security operations through a single solution and a cohesive policy.
Some of the management benefits SASE provides:
Faster administration and deployment time: With the right SD-WAN-with-SASE architecture, most of the deployment and monitoring is automated. After comprehensive policies are set, the network’s configuration and deployment activities happen automatically.
Single pane visibility: SASE architecture offers user, application and device views across the entire enterprise: on-premises, in private and public clouds, or internet-connected, as shown in Figure 2.
Complete control over users, applications and devices: The system automatically classifies application traffic to provide QOE and filters out unsanctioned applications. This readily available application security information helps IT staff make appropriate policy changes, minimise security risks, derive critical insights, troubleshoot faster and make better-informed decisions, as shown in Figure 3.
SASE enables security teams to bring cloud platforms, data centres, branches and WFA / mobile users under one umbrella and protect them with a coherent security policy pushed to every user on any device, anywhere. SASE security policy focuses on the dynamic identity-and-access context rather than old fixed trusted / untrusted network boundaries.
Some of the ways SASE can help protect assets:
Better security and compliance: SASE enforces compliance with keeping track of what sensitive information is held about customers and then developing rules to guard access to that information by ensuring only individuals with the right credentials can access secure systems and databases with sensitive customer data. Role-based access control policies are consistently applied, and user and entity behaviour analytics systems track access and actions within the system with logs and audit trails.
Inline encryption: Leading SASE solutions include options for software- and hardware-accelerated encryption that provides faster processing and tamper-resistant key storage.
Isolation and segmentation: A SASE solution delivers security through network isolation, segmentation and multitenancy. Segmentation slows a data breach, because the attacker must break out of one network segment to access resources in other segments.
Driving down costs: Installing disparate, proprietary point products in branch locations is costly, results in sprawl, is complex to manage, and neither enables WFA nor optimises cloud access. A SASE architecture − with all network and security capabilities embedded in a single software stack − reduces capital investment, allows IT staff to focus on strategic work and enables a coherent security policy deployment.
Cost savings delivered with a SASE architecture include:
- Bandwidth cost savings.
- Network management and IT staff cost savings.
- Security cost savings.
- Scalability costs savings.
Share