Things to Know About SASE
Secure Access Service Edge (SASE) solutions can be complex. We have the answers to the questions you have.
What is SASE?
SASE stands for Secure Access Service Edge first defined by Gartner in 2019. SASE is the convergence of Software Defined Wide Area Networking (SD-WAN) and enhanced security functions such as CASB (Cloud Access Security Broker), Firewall As a Service (FWaaS), and Zero Trust Network Access (ZTNA) into a single cloud delivered service offering.
What are the benefits of SASE?
The benefits of SASE include greater network performance and efficiency, greater levels of security, ease of management, centralized control and visibility from a single GUI management interface, and minimal to low touch implementation and deployment.
What problem does SASE solve?
SASE solves the modern day challenge of maximizing network performance and efficiency by leveraging cloud security that is integrated with SD-WAN. This allows network traffic to take a direct path to applications on the internet (i.e. Cloud, SaaS, Web apps). Today, more than 80% of enterprise network traffic requires going out to the internet to access the required applications needed to run the business. Legacy networks like MPLS or other “hub and spoke” designs traditionally require traffic to tunnel from the edge back to the data center to meet security requirements, before then going out to the internet. Legacy designs are inefficient because the network path takes a much longer path to internet applications, and it creates latency and “bottlenecks” within the network when accessing the internet which degrades performance and the end user experience.
What is the difference between SD-WAN and SASE?
SD-WAN is a wide-area network technology that has been around for several years. SD-WAN provides multiple circuits that are continuously monitored by an edge device (usually a router) that can determine the best path for data traffic based on criteria the data requires. SASE is the next evolution of SD-WAN that has an increased emphasis on security.
Do I need SASE and SD-WAN?
SD-WAN and SASE are not competing technologies. SD-WAN provides secure connectivity regardless of the underlay network (broadband, MPLS, fiber, cellular etc) over multiple circuits, selecting the circuit that can best service the data traffic being forwarded. SASE is the next evolution of connectivity technology which adds security functionality that can be especially important over traditionally unsecure networks like the Internet.
What are the best SASE solutions?
Cisco is currently leading the way in terms of SASE based technologies, however, the solution with still require a MSP like Pomeroy to design, deliver, and manage the service on going. The MSP’s capable of delivering a true SASE solution must be able to provider the underlying network connectivity and additional Network as a Service components that combine with the Security as a Service components in order to deliver the entire SASE solution.
What are the components of SASE?
The major components of SASE are Software Defined WAN (SD-WAN). Cloud Access Security Broker (CASB), Next-Generation Firewall Services, Zero Trust Network Access and Secure Web Gateways.
What is zero trust?
Zero trust is a strategic initiative to help prevent data breaches. The main principal in zero trust is “never trust, always verify”. Zero trust identifies protect surfaces which are made up of the critical data, assets, applications, and services. Each organization will need to determine which components are considered critical. Policies are then defined to identify who, what, where, when and how devices are permitted to access the critical protect surfaces.
What is the service edge?
The Service Edge is the area closest to the data endpoints, either branch locations, data centers, cloud, remote users etc.
How can I secure my network edge?
The network edge can be secured by leveraging on-premise based security solutions or cloud based security solutions.
How do you implement SASE?
To implement SASE, you start by implementing SD-WAN. Once SD-WAN is implemented, you then implement an integrated Cloud Security solution. An organization would generally work with a single MSP to implement and manage the entire SASE solution.