A little about securing the edge

January 28, 2020

Tweet This:
Share on LinkedIn:

By Kevin Prater, Kovarus, Practice Manager Collaboration / Network Edge

Like everything in technology today, things are evolving at a breakneck pace due to ever changing business and user requirements and never has this been more evident than in the security space. Here’s a bit I wanted to put on your radar if you haven’t been exposed to it yet and it’s sassy! SASE (Secure Access Service Edge) to be exact, pronounced “sassy.”

For years we’ve built security architectures around the fact that users all came back to the data center for core services. We’ve secured these assets and communications with stateful and NGFW (next-generation firewall) services, sprinkled in WAFs (Web App Firewall), CASB (cloud access security brokers) and maybe ZTNA (zero trust network access) services for remote users and business partners, and life was relatively good.

But now we’re pushing everything to the cloud. It’s misty and spooky up here and the boundaries are getting squishy. Our core apps likely don’t live in the data center any longer; they could be in this cloud or that cloud. They’re anywhere and everywhere! With this shift in application consumption our approach to network security needs to be reevaluated. If our applications are indeed everywhere, we need an approach to secure well, everywhere.

What is SASE

To do this we’ve got to take a fresh look at our security architecture. We’ve got to position these services where our users and their applications are doing their thing now. We’ve got to make our security model as flexible and ubiquitous as our users have become.

To be clear, SASE is not a product but more of an architecture or concept that’s still very much emerging as the industry evolves to this new model. At its core, SASE will converge network and network security services. So, your WAN (SD-WAN) and security services like NGFW, CASB, and ZTNA will all be packaged up in a cloud-delivered service model.

Following the industry trend of centralized SDN architectures, the SASE model allows organizations to identify users and devices, then apply and enforce secure access through centralized policy, delivering a consistent, secure user experience wherever the end user may be.

Gartner is predicting in a recent report, “The Future of Network Security is in the Cloud,” that “by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE and by 2025, at least one of the leading IaaS providers will offer a competitive suite of SASE capabilities.”

Benefits of being SASE

The approach promises to be as big a shift in thinking as SDN and SD-WAN was to traditional networking. SASE delivers the ability to enable dynamic access and secure access requirements to protect users, devices, applications, and data of distributed users and the cloud-based services they’re consuming.

Some of the benefits organizations may see include:

  • Improved security — If you’re doing any kind of content inspection, you’ll now be able to push these services out and inspect any access session not just sessions originating from within your network.
  • Simplification — Reducing the complexity of your security environment helps ease the administrative burden of managing and maintaining multiple technologies throughout the organization.
  • Cost Reductions — Leveraging a packaged cloud-delivered security service instead of multiple point products saves money across the board, from hardware/software to maintenance and manpower for administration.
  • Zero Trust Network Access (ZTNA) — Access to the network is based on the user identity, the device and the application. This approach allows for a consistent application of policy regardless of where the user finds themselves.
  • Performance — SASE vendors will be positioned to provide optimized routing potentially through their own backbones for sensitive, mission critical applications like voice, video and collaboration.
  • Ease of use — The beauty of centralized policy is easing the administrative burden and dramatically increasing efficiency and scalability. The entire architecture is transparent to the end-user as well. They’ll all be enjoying a great, consistently secure experience.\

Gettin’ SASE

We saw similar shifts in thinking when SDN came down the pike forcing us to rethink the way we architected and maintained the network. Likewise, SD-WAN had us rethink the way we utilized our wide area network resources and re-tool that into a more robust, efficient and resilient design.

To be sure, the big players will be addressing, adapting to, or creating their own flavor of a SASE type offering. It’s an inevitable shift and it’ll be interesting to watch it develop.

I’d love to chat more! Connect with me on Webex Teams! You can find me at kprater@kovarus.com

Looking to learn more about modernizing and automating IT? We created the Kovarus Proven Solutions Center (KPSC) to let you see what’s possible and learn how we can help you succeed. To learn more about the KPSC go to the KPSC page.

Also, follow Kovarus on LinkedIn for technology updates from our experts along with updates on Kovarus news and events.