Subscribe

Cometh the hour, cometh the technology

Paul Stuttard
By Paul Stuttard, Director, Duxbury Networking.
Johannesburg, 29 Jul 2020

Security has come under increasing scrutiny since the adoption of the “new normal”. With so many more employees working from home, the often-questionable security of their connections to the cloud has resulted in a rapidly expanding threat perimeter for their organisations.

This has given rise to a growing shift in corporate emphasis from on-premises users, to remotely located and mobile employees. And it has firmly placed the spotlight on new “outward-facing networks” powered by software-defined WAN (SD-WAN) technology and cloud networking solutions.

While SD-WAN’s role in the development of more powerful, responsive, efficient and intelligent networks remains undiminished, a new technology partner has emerged in the search for solutions to support networks in which the majority of connections are remote.

Dubbed SASE or Secure Access Service Edge, it is an enterprise networking technology aimed at converging SD-WAN and a range of network security services into a unified, cloud-native, globally distributed platform.

The platform connects all network entities, including internal and remote/mobile employees, groups of employees (in branch offices), devices, applications, services, Internet of things devices, and all edge computing locations, into a seamless service in support of the dynamic, secure access requirements of the modern digital enterprise.

Introduced by Gartner in 2019, SASE was designed to “find sensitive data or malware, decrypt content and monitor risk and the trust level of sessions”. It has seemingly remained under the radar, perhaps because it is essentially a combination of existing technologies and separate security policies related to mobile, cloud and site access, many of which have been individually deployed by organisations over time.

However, according to industry watchers, many network and network security architectures currently deployed are cumbersome and rapidly approaching their “sell-by date”. They were designed for an era that is now waning.

SASE’s hour has arrived and its policies are destined to redefine the enterprise network and remodel the security landscape.

SASE can be expected to be a catalyst for enterprises to support broad-based digital business transformation initiatives.

In essence, SASE facilitates the secure connection of remote users to their applications, data and services on an “anywhere, anytime access” basis, at the same time maintaining multi-branch and multi-cloud network security.

SASE effectively re-contextualises the corporate network and its security architecture, giving organisations a distinct solution with one policy to provide the broadest spectrum of protection against cyber attacks and other threats.

While SASE’s primary function is to assist organisations grappling with the challenges posed by remote employees and secure networking in the cloud, one of its most appealing aspects is its transformational effects on multiple IT domains.

When an object, such as a policy in the networking domain, is created on a SASE platform it becomes available within other domains too. Therefore, a policy assigned to a user (or a group of users) is irrevocably associated with the user(s), irrespective of the location of the network or IP addresses. This obviously minimises management complexity across multiple locations, users and types of devices.

Significantly, SASE technology is being adopted by service providers that are developing it as a cloud-based service to deliver a wide range of functions associated with reducing user complexity and overhead. Generally, this is achieved through the consolidation of technology stacks while increasing application performance within the bounds of a secure SD-WAN solution.

Offered as a managed service, these SASE-based solutions frequently include segmentation techniques through which applications can be directed to the Internet at the client or a specific cloud gateway. This is geared to expedite the delivery of an assured, scalable experience to organisations whose business applications are underpinned by SD-WAN technology.

As a result, organisations will be able to leverage remote access services directly on their employees’ end-devices, delivering the benefits of a secure SD-WAN together with an industry-validated, cross-platform security suite.

Looking to the future, at least 40% of enterprises will soon have a SASE-adoption strategy in place, according to a respected research organisation. Most certainly, SASE can be expected to be a catalyst for enterprises to support broad-based digital business transformation initiatives.

These initiatives should also assist in minimising operational overhead and permit single-platform management of both the network and its policies. Trouble-shooting, for instance, will be streamlined as there will be no need to source normalised data from a variety of appliances or obtain data from multiple solutions for transfer to a database for detailed investigation.

In addition, there are cost benefits to consider: Because a SASE platform is able to consolidate services into a single provider, the opportunity arises to reduce or limit the number of vendors, agents and clients associated with end-user devices.

In this vein, organisations may well be able to specify and define the costs coupled to specific levels of performance, reliability and security associated with individual network sessions.

Because a SASE platform expedites the adoption of new capabilities by increasing the agility and simplicity with which new network and security services are deployed, there are also a number of important commercial advantages to contemplate.

With more than 80% of workloads now running on public clouds, the SASE platform − as a digital business enabler − is able to boost remote employee productivity by removing the risks and bottlenecks associated with inflexible, unpredictable, legacy virtual private networks.

The platform is also able to monitor network degradation and take appropriate action to limit data packet loss by automatically switching to an alternative gateway, or moving to different WAN connectivity such as WiFi, cellular or wired.

Organisations may well see these and other benefits translate into a reduction in the time needed to develop new products, deliver them to the market, and respond to changes in the business environment as it evolves in a post-COVID-19 digital age.

Share