SASE is the newly emerging concept in Cybersecurity...
In August 2019, Gartner published a report "The Future of Network Security in the Cloud".
This report brought a strategic roadmap for SASE convergence. And the term SASE came into being as a new emerging cybersecurity concept.
SASE (pronounced โsassyโ) = Secure Access Service Edge
Before you want to learn more about SASE, you need to sit back and think a thought with some deliberation.
Here is that--
The existing networking approaches & technologies are not able to provide the right levels of 'Security'
and 'Access Control' any longer that are actually practically needed by most modern organizations.
๐ Why it is so?
* It is so because modern organizations (like yours) need immediate & uninterrupted access for their users --
regardless of where they are located. Remote users and work-from-home employees are a reality you cannot close your eyes to.
* Adding to this is another reality that there is very high adoption of 'SaaS' applications by all.
What is happening here is that -- A huge amount of data is moving from data-center to cloud services.
* And more & more of 'Traffic' is first going to public cloud services and branch offices of these organizations,
than the data that is going back to their data-centers.
Briefly speaking, so much data & traffic is happening between cloud services and your users that is bypassing (to a large extent)
your own data-center & security implementations, that you need a fundamentally new approach for networking and network security.
๐๐ WHAT IS SASE?
Palo Alto describes that--
SASE is the convergence of wide-area networking or WAN, and network security services like CASB, FWaaS, and Zero Trust, into a single cloud-delivered service model.
Gartner throws a little more light on SASE, as it mentions that SASE capabilities are delivered as a service-based upon the followings:
* The identity of the entity
* Real-time context
* Enterprise security/compliance policies
* Continuous assessment of risk/trust 'throughout' the sessions
A small explanation:
------------------------
Identities of entities can be associated (read, defined) in terms of people,
groups of people (branch offices), devices, applications, services, IoT systems or edge computing locations.
SASE is a kind of dictum that --The future of network security is in the cloud! Because in a cloud-driven
world, your security needs to be unified, fully integrated, and consistent and should be delivered from the
cloud that itโs chartered to protect.
โThe secure access service edge is an emerging offering (solutions/services) combining comprehensive WAN
capabilities with comprehensive network security functions (such as SWG, CASB, FWaaS, and ZTNA, etc) to
support the dynamic secure access needs of digital enterprises.โ
The BIG logic is staring back into our eyes. That as applications are moving to the cloud, the old method
of forcing all branches', all users', and all partners' TRAFFIC back through the corporate headquarters or
data centers no longer makes sense. It makes much more sense if you deliver the same network security stack from the cloud,
in such a way that this traffic destined for the cloud does not have to hit your corporate network,
and less traffic needs to go to corporate data centers.
SASE is the solution going ahead...
Regardless of the current state of affairs in the cybersecurity industry where companies have been forced to work with dozens of
vendors and use dozens of point products and technologies. Yet the future of network security is in the cloud,
and security vendors would have to evolve in order to effectively secure organizations anywhere and everywhere.
๐๐๐ What are 10-Tenets of an effective SASE Solution?
By removing multiple point products and adopting a single cloud-delivered SASE solution, your organization can reduce complexity;
rapidly deploy and scale-out remote workers and branch locations; and enforce consistent security no matter where your users are,
all while saving significant technical, human, and financial resources.
Here are 10-Tenets of an effective SASE Solution, as identified by Palo Alto:
But the problem is that many ZTNA products are based on software-defined perimeter (SDP) architectures, which do not provide content inspection. It creates a discrepancy in the types of protection available for each application.
Using a SASE service, you would build upon the ZTNA's key principles and applies them across all the other services within a SASE solution. You would be identifying your users, devices, and applications no matter where they are connecting from. It greatly simplifies your policy creation and management. SASE removes the complexity of connecting to a gateway by incorporating your networking services into a single unified cloud framework.
As an essential component of SASE, FWaaS will offer you the same firewall functionality of an NGFW as a cloud-based service. It would help you greatly to manage your firewall deployments from a single platform.
Since a cloud SWG is an integral part of SASE, it would give you complete VISIBILITY and CONTROL over your entire network, regardless of where your users are located. Scaling is never an issue with SASE.
In a SASE solution, all these point-based tools and services would come totally integrated with a single cloud platform. This would provide you with simplified management and oversight of all threats and vulnerabilities across your network and cloud environments.
Machine learning capabilities should be included in SASE, allowing the prevention of other unknown threats in near-real-time and extending visibility and security to all devices, including never-seen-before IoT devices.
With SASE, IoT security should be integrated into the platform to secure remote branches, sites, and workers from the cloud. By utilizing the cloud, SASE is able to accurately detect devices for full visibility and enforce policies to ensure security across the network, eliminating the need for additional IoT security solutions.
But most DLP solutions come pre-loaded with many features, disjointed policies, configurations, and workarounds. DLPs have become very complex, difficult to deploy at scale, and too expensive.
In the SASE architecture, DLP is not a standalone solution anymore. It is embedded in the organizationโs existing control points, thus eliminating the need to deploy and maintain multiple tools.
DLP becomes one cloud-delivered solution centered around the data itself, everywhere. You could apply the same policies consistently to your sensitive data, at rest, in motion, and in use, regardless of its location.
A SASE solution should embrace the integration of third-party services too (regardless of who is the vendor offering them) and simplify the process for administrators by providing a platform that easily integrates other services. In order to help companies do that SASE provides needs to give them full support.