What is SASE? The Ultimate Guide to Secure Access Service Edge

What is SASE? The Ultimate Guide to Secure Access Service Edge

 

Graphic (1)

 

Cloud computing has expanded rapidly in recent years, drastically changing how businesses foster productivity while maintaining a fast and secure network. This shift, combined with the recent influx of remote workers, has urged a new architecture to best protect workers and their data while on the move. Secure Access Service Edge (SASE) is a relatively new concept, but one that has taken the network and security worlds by storm. Gartner has previously coined terms in the network and security world that have regressed to meaningless buzzwords rather than an actionable strategy or technology, but SASE has already gained a solid foothold in its infancy. Gartner has tracked interest in the SASE space, noting that by 2024, 30% of enterprises will adopt SASE frameworks. This figure is up from a mere 5% in 2020. But what are the components of SASEThis concept is best split into three pillars, each contributing vital services to the overall SASE architecture.   

Pillars of the SASE Architecture

The first pillar of the SASE architecture is Security as a Service. Legacy security architectures focus the security stack on premise, but that drastically increases latency for remote end users. The solution is to adopt cloud-centric security, moving the security services away from the restrictive perimeter in company office buildings, and to the cloud edge. Security products that fall under the Security as a Service umbrella include Secure Web Gateways (SWGs), Cloud Access Security Brokers (CASBs), and Firewall as a Service (FWaaS). These are the core components of the security stack for SASE, but some vendors may offer additional security services such as API protection, DNS, DLP, RBI, and more. Those core components of SASE centralize security for a cloud-based organization: this is vital to ensure policies are enforced, traffic is inspected, and visibility is maintained across the entire organization.  

The second pillar of the SASE architecture is Secure Access. The term “zero trust” has become commonplace in the cybersecurity world but until recently it was grandiose and intangible strategy for most organizations. That changes with Zero Trust Network Access, or ZTNA. ZTNA enables enterprises to provide a seamless and frictionless remote working experience, while protecting company data first and foremost. It becomes the first line of defense, granting access to private applications on a least-privileged basis while never connecting to the open internet and still providing a seamless experience for the end userTo function as a seamless service, ZTNA connects to identity and Role Based Access Control (RBAC) products to determine risk and to authenticate users. ZTNA is also called a Software Defined Perimeter, joining the software defined networking solutions that are part of the third pillar of the SASE architecture. 

The third and final pillar of the SASE architecture is essential to ensure a productive and seamless user experience: Network Optimization. Many technologies in the Security as a Service component of SASE degrade performance for the end user. Increased latency and poor network quality are the result of the new complex network architecture as well as solutions such as SSL inspection and CASB. Network optimization circumvents this issue by developing dynamic routes that reduce latency while maintaining the same Quality of Service (QoS) attainable in a legacy environment. With modern remote workers constantly using VOIP such as Zoom or Teams, Quality of Service is critical for an effective workforce.  Network optimization uses a host of technologies, most notably Software Defined Wide Area Network (SD-WAN). SD-WAN incorporates the legacy MPLS network lines into an intelligent network that uses software to route users, instead of costly proprietary MPLS hub-and-spoke network devices. Cost, performance, and reduced maintenance are driving factors pushing enterprises to adopt SD-WAN over traditional MPLS. 

Why is SASE gaining so much traction lately? 

The network perimeter has been shifting to the cloud for some time now. The reality is that most organizations are already operating in the cloud and have at least one component of the overall SASE architecture, whether it be SD-WAN, CASB, SWG, or FWaaSThe shift from 10% of enterprises adopting an explicit SASE strategy in 2020 to 60% in 2025 is a strong indicator that SASE is the accepted standard for cloud computing and edge networking for the foreseeable futureSASE is the centralization of cloud technologies, effectively adapting an enterprise’s legacy network to the cloud to enforce policies, monitor traffic, and provide gapless visibility into cloud applications and usage. Many organizations with partial SASE architectures find that they are missing key components that make their network usable from an end-user perspective. This can cause users to evade the company's network to get their work done, exposing the business to unnecessary risk.

Until recently, building a SASE architecture internally using multiple vendors has been cumbersome and difficult to operationalize. Due to a large influx of acquisitions in the SASE space, vendors are expanding their capabilities to offer the full suite of core SASE features bundled into one product or service. This approach to the market will increase the overall adoption of SASE, providing better time to value than previously possible. 

How can K logix help navigate the SASE space? 

While the market is growing with SASE becoming a popular buzzword and vendors are merging to expand service offeringsthere is more confusion now than ever in the space.  Vendors tend to overstate their actionable services, alluding to services gained through acquisitions even though they have a long road of product development before the service is ready for their customers.  There is currently an arms race to obtain the most technologies as part of an overall SASE service offering.  From marketing materialsone would assume most SASE vendors already have a full stack of technologies to offer.  That is far from the case, as Gartner notes At the start of 2021, less than 10 SASE offerings provide all of the core capabilities [of SASE].

The varied immaturity of SASE vendors and their disjointed offerings will lead to confusion and dissatisfaction for the next 5 years as the market consolidates and establishes a market standard for SASE.  logix can help navigate the confusing and misleading marketing jargonwhile helping prioritize the needs of the customer. With many moving parts included in this complex decision, K logix’s Internal Research and Consulting department can evaluate your environment, interview stakeholders within the organization, and make an informed, requirements-driven recommendation based upon the results of the engagement. 


Contact us for more information on how we can work together to strengthen your program. 

Written By:

Brian Rosmus May 10, 2021