Secure Access Service Edge: Breaking It Down

It’s said that Gartner coined the term “secure access service edge (SASE)” in 2019; it could hardly have been timelier. Just six months later, SASE took on new relevance as aging security stacks housed in data centers started creaking under the weight of massive disruption.

It turns out that data center perimeters fortified by security appliances could no longer sufficiently address the needs of organizations driven to the cloud practically overnight and workers who fled home to work en masse.

The businesses that survived emerged as modern digital businesses with remote and distributed workforces. But the overnight digitalization calls for a new kind of security — software-defined, cloud-delivered with anytime access and anywhere, any device protection. In other words, meet employees wherever they are.

Secure access service edge defined

According to Network World, SASE is a “network architecture that rolls software-defined wide area networking (SD-WAN) and security into a cloud service that promises simplified WAN deployment, improved efficiency and security, and to provide appropriate bandwidth per application.”

At a very high level, network access services combine with security services to form the secure access service edge, enabling users to work from any location using any device. In other words, you get the same hardened security while working away from the office as you would have in the office.

And because it’s a cloud service, SASE can be easily scaled on demand and billed monthly based on usage, making it an ideal way to accommodate fast-changing business conditions.

The two faces of SASE in one mirror

“Perimeter-based approaches to securing anywhere, anytime access has resulted in a patchwork of vendors, policies, and consoles creating complexity for security administrators and users,” says Gartner. Having multiple point products not only creates a management nightmare but also opens up security gaps that can put organizations in the crosshairs of cyber attackers.

As one expert explains it, the networking side relies on “capabilities supplied by entities including SD-WAN providers, carriers, content delivery networks, network-as-a-service providers, bandwidth aggregators and networking equipment vendors.”

On the security side, they go on to say, there are cloud-access security brokers (CASBs), cloud secure web gateways, zero-trust network access, firewall-as-a-service, web-API-protection-as-a-service, DNS and remote browser isolation.

SASE brings both sides together to simplify management, enable governance and compliance, and close security gaps. In the long term, you’ll have fewer subscriptions and licenses, reducing management and cost burdens while providing a consistent end-user experience no matter where they are or which device they’re using.

The value of SASE for cloud-driven, work-from-home environments

But SASE is not just a pie-in-the-sky concept to be fed to early adopters. Gartner predicts “by 2025, at least 60% of enterprises will have explicit strategies and timelines for SASE adoption encompassing user, branch and edge access, up from 10% in 2020.”[1]

The reasons are clear. In this new cloud-driven, work-from-home environment, SASE offers significant benefits:

• For end-users: A better, faster experience
• For IT teams: Tools and integrations for improved security, visibility and management
• For organizations: Increased compliance and productivity and lower costs

Even better, you’re no longer restricted to the MPLS network from your ISP that forces traffic to go through your data center and back out to users and back to the data center. Instead, end-users can choose the provider that makes sense for them. That helps you speed provisioning of new services, optimize costs, and simplify management while enabling faster throughput for users.

Transitioning to SASE: It’s a journey, not a race

Transitioning to a SASE model will take time, according to Gartner, particularly for organizations with considerable hardware investments and existing software contracts. This is mostly due to the longer refresh cycles at remote locations and staff familiarity with that hardware and/or relationships with hardware vendors. In addition, larger enterprises often have separate network security and operations teams.

Your best bet is to find a knowledgeable service provider who can help you perform a gap analysis and build a strategic roadmap and migration plan that leverages your existing assets and enables you to transition to a SASE model over time.

[1] “2021 Strategic Roadmap for SASE Convergence,” Gartner.com, 03/24/2021.