Home > IT Monitoring > Have you heard of SASE?
SASE, nice to meet you! For those unfamiliar, SASE is a concept designed by Gartner in 2019 with a new approach to network connection and security. The analyst firm’s report describes a set of technologies called Secure Access Service Edge (SASE) that aims to meet the organizations’ evolving demands for secure access in a world that is increasingly in the cloud.
According to Gartner, the growing digital businesses, the adoption of cloud-based services and the emergent edge computing platforms have ended up reversing the access demands, with more users, devices, applications, services and data now being located further outside than inside the corporate environments. What solution can keep up with this trend? As the report’s title suggests, the The future of network security is in the cloud – and based on the SASE model. The idea behind this concept is providing an access control and security stack for networks from the cloud itself.
Many existing technologies have not been developed to deal with all types of network traffic or cybersecurity threats. The result is that many IT environments are required to adopt specific solutions for each type of demand, such as firewalls, VPNs, and SD-WANs (Software-Defined Wide Area Networks used to create high-performance WANs through low-cost connections). In addition, companies find themselves at a crossroads, having to choose from performance, security, and cost savings.
The SASE approach combines WAN features with network security functions, such as SWG (Secure Web Gateway), CASB (Cloud Access Security Broker), FWaaS (Firewall as a Service), and ZTNA (Zero Trust Network Access; “never trust, always check”), among others, can be seen as the convergence of different access methods and security functions for networks.
This concept is based on a cloud architecture that allows organizations to guarantee secure access, regardless of where users, applications, or devices are located. It focuses on the user, instead of the connection and protection mechanisms.
The SASE model aims to eliminate the required juggling do to route traffic to and from corporate data centers in the current scenario when users need very little of what is still located in those environments. Rather than forcing traffic towards the inspection mechanisms at data centers, SASE provides these mechanisms for users, devices, applications, or services – which we can call entities – from the cloud.
These entities’ identity is one of the most significant parts in this context. However, there is other relevant information to be known, such as location, time, assessment of risk or trust of the user’s device, and application or data criticality. Based on these criteria, technologies available in the SASE stack can be chosen to be applied in each situation.
Below are examples of the use of the SASE technology stack for three fictitious entities are described:
What will change in other situations is the secure access policies to be applied.
The SASE model provides a set of access and security services for networks in a consistent and integrated manner. As a result, it can bring the following benefits:
For Gartner, SASE will be as disruptive for network access and security architectures as Infrastructure as a Service (IaaS) has been for data center design, by reducing the acquisition of hardware and software and associated complexities while allowing secure access regardless of users and devices are located. However, there are those who think differently.
One side states that SASE does not appear to be a new market, let alone a new technology or product. In addition, most companies are unlikely to want to acquire everything from a single vendor. The IDC research and consulting firm, as highlighted in the Five Key Enterprise Networking Trends to Watch in 2020 report, believes that SD-Branch, (Software-Defined Branch) will be the natural evolution of SD-WAN, an extension with resources for other networks aspects. SD-Branch, for example, can enable implementation of software-defined versions of devices, such as routers, switches and firewalls, but there are challenges related to the chaining of these applications. The Gartner report itself warns that the chaining practice should be avoided when it comes to SASE.
Some of the first companies to join the SASE market are Cato Networks, Infoblox and Palo Alto Networks. VMware stated in 2019 that its VeloCloud SD-WAN would become a SASE platform. More players have taken the field over the months. Despite being a big name in the IT universe and having expertise in both networks and security, Cisco took a little longer to demonstrate its ambitions in the SASE market, doing so only in mid-2020.
The current outlook includes expansion for this market that combines security and vendor consolidation. The statement is part of a 650 Group report, released in February 2021, affirming that this market is expected to grow five times in the 2020-2025 period. Another study released in October 2020, this one by Dell’Oro Group, made growth forecasts for this market, highlighting a compound annual rate of 116% in 2019-2024 and an estimated value of US$ 5.1 billion at the end of the period.
On the customer side, Gartner predicts that at least 40% of companies will have explicit strategies to adopt SASE by 2024, compared to the share of less than 1% at the end of 2018.
Gartner recommends that organizations looking to move forward on this path exercise caution. Many companies have different teams for matters related to network and information security. Each one may impose restrictions on the SASE adoption or even may want to take the lead to manage this new architecture. To resolve this impasse, the initiative is expected to have a value proposition including different silos and be led by professionals at the CISO and CIO levels.