E-Handbook: SASE model aims to boost network security, performance Article 2 of 4

rvlsoft - Fotolia


Get to know the elements of Secure Access Service Edge

Cloud services use cases continue to expand, but implementation challenges remain. Discover Secure Access Service Edge, or SASE, offerings and how they can simplify connectivity.

The use cases for cloud services continue to expand rapidly, and access scenarios are shifting. Organizations are increasing software-as-a-service use, hybrid cloud infrastructure deployments, and multi-cloud deployment and interconnectivity. Whether oriented toward end-user access to applications and services or traditional data center access to branch offices and other remote locations, the need to make traditional data centers the hub of connectivity is more of a hindrance than ever before.

To address these challenges, Gartner has named a new service model, Secure Access Service Edge, or SASE (pronounced "sassy"). This model combines different elements of cloud services and security into a unified fabric.

Elements of Secure Access Service Edge

The Secure Access Service Edge model is oriented toward network access, control and architecture. Software-defined networking and security now include software-defined WAN (SD-WAN). This enables interconnectivity between on-premises environments and cloud provider infrastructure through a singular backbone service or vendor tool. These networking services often provide common networking capabilities, such as routing, bandwidth shaping, and quality-of-service and core content delivery network (CDN) services, that can set priorities on specific content and service access and transmission.

Cloud security as a service is the second convergence category in SASE. This includes services provided by cloud access security brokers (CASBs) -- for example, data loss prevention, content filtering, malware detection and response, cloud provider reputation scoring and user behavior monitoring. Secure Access Service Edge also combines additional security-as-a-service offerings, including VPN replacement technologies, web application firewall (WAF) and traditional firewall filtering, and network intrusion detection and prevention, as well as remote browser isolation.

This emerging cloud networking and security category will prompt some cloud security service providers to change and update their offerings to include new features. The SASE space attempts to take advantage of the cloud brokering model associated with CASB, CDN and even identity as a service. It aims to include more networking capabilities and control, as well as combined security services in one brokering model that could simplify the current networking and security controls stacks.

Benefits and implications of Secure Access Service Edge

There are distinct opportunities that may result from Secure Access Service Edge implementation. One architectural advantage is the unification of backbone and edge services that are traditionally broken out into specific vendors and service providers.

Today, core backbone providers, including telecommunications companies, data center and colocation facilities, and core cloud service providers, such as Amazon, Microsoft and Google, are solely responsible for backbone carrier and API capabilities. Secure Access Service Edge would enable one defined backbone to be combined with edge services, like CDNs, CASBs and VPN replacement or edge networking services. A single provider could offer cloud services and internet access to end users, data center services and platforms, and IoT and other distinct devices through a combined networking and security fabric. The fabric would be jointly defined and administered by networking and security teams -- likely with input from mobile, application development and systems administration teams as well.

For organizations considering Secure Access Service Edge implementation, there are some key considerations. First, decide whether a unified strategy with a single provider for numerous critical services makes sense for the business. The primary benefit would be operational simplification and a smaller list of vendors and providers. The tradeoff could be a massive single point of failure or exposure. Second, scrutinize the capabilities offered. Most SASE vendors originated as SD-WAN, CASB or VPN services and are now bolting on other capabilities through acquisitions or scrambling to develop them quickly -- sometimes with mixed results. Finally, operational and financial costs are a major factor in decision-making.

Secure Access Service Edge is a new category that likely has some significant maturing to do. If an organization already has most or all of the capabilities it needs, it should not rush into this space just yet without a compelling reason. This service fabric convergence is occurring naturally in the cloud space and will come together organically.

Dig Deeper on Compliance

Enterprise Desktop
Cloud Computing