Secure Access Service Edge (SASE) is a framework introduced by Gartner in their 2019 report, The Future of Network Security is in the Cloud, defined as “an emerging offering combining comprehensive WAN capabilities with comprehensive network security functions to support the dynamic secure access needs of digital enterprises.” Since SASE has been introduced to the industry, different interpretations have emerged which can quickly make it sound a little complicated. In this article we will attempt to cut through these complexities.
THE PROBLEM WITH HOW ORGANISATIONS CURRENTLY OPERATE
How organisations currently operate is reasonably uncomplicated. We have users and applications with data that flows between them that allows us to function successfully. Where it becomes complicated is when the users and applications become dispersed across multiple environments and locations. In a modern enterprise, users and applications have undergone substantial transformation. Most of our users are now working outside of the traditional network perimeter. At the same time, the majority of our applications have migrated to the cloud and Software as a Service (SaaS) environments. This transformation has caused various complex connections between users and applications slowing down the flow of data between them. As a result, it quickly becomes difficult for the security team to gain visibility across these multiple connections. To gain the required visibility into what is happening inside of our applications and what data is being accessed, the security team is forced to apply different controls with different functions for each connection between users and applications. Practically this creates a network environment in which we have distributed policy enforcement points. The glaring problem with having distributed policy enforcement points is that none of them are communicating with each other effectively. In summary, it is now extremely difficult and complex for organisations to provide secure and uninterrupted access for users to applications and critical services regardless of the location and device the user is utilising to perform their work functions.
THE SOLUTION: SECURE ACCESS SERVICE EDGE (SASE)
The primary aim of Secure Access Service Edge (SASE) is to simplify networking and security during this digital transformation period we are currently experiencing. To achieve this aim we need to first surround our data with a centralised policy enforcement point in the cloud. This provides the opportunity for us to guide all our user traffic to this centralised policy enforcement point, giving us visibility into all the applications users are accessing regardless of where they are located or which device they are using. Now that we have this new platform in the cloud, we can start adding security functions and integrate them with networking functions to augment this platform into a true and comprehensive SASE platform. For secure access, we can start by implementing Zero Trust Network Access (ZTNA) to grant access based on the identity and risk profile of our users regardless of their location. Because users will be communicating over the internet, we can add a Secure Web Gateway (SWG). However, because users are now accessing applications, it needs to be combined with a Cloud Access Security Broker (CASB) to understand what applications are being accessed and what users are doing inside of these applications with the data. The platform should also have robust Data Loss Prevention (DLP) capabilities which allows us to apply controls to all our sensitive data. We can then extend our next-generation firefall capabilities to the cloud by implementing Firewall as a Service (FWaaS). Finally, we can integrate all these core security functions with our networking functions such as Software-Defined Wide Area Network (SD-WAN), delivered and managed as a service from the cloud for reduced cost and complexity. This is what the industry is now calling Secure Access Service Edge (SASE).
HOW CYBERLINX SECURITY CAN HELP
At Cyberlinx Security, we can assist you to design and develop a strategic roadmap and migration plan along with implementation services for your SASE adoption.
Please connect with us at https://cyberlinx.cloudcard.co.za/lets-connect/
Link to PDF version:
Written by: Lee Crous & Dane Stoltz