The revolution of SASE solutions for the cloud

Increasingly, companies are trying to grow rapidly through cloud computing, but as is well known, it involves an ever-increasing volume of data, applications, services or users working from outside the company’s secure perimeter, distributed across multiple locations.

Despite this, cloud computing works in such a way that all data passes through the central perimeter and then leaves it, i.e. employees interact with the corporate network, often through technologies that are not sufficiently secure. This is where a major challenge arises with respect to performance, services and productivity.

The goal for companies is to have instant and uninterrupted access for their employees and users with a high level of security. As a result, SaaS applications have grown to help manage data moving through the cloud and user traffic growth, but there has come a time when a new approach to network security is needed.

At this point, the Secure Access Service Edge (SASE) architecture has emerged that prevents environment coverage, visibility and control from being lost when users create and store data from anywhere.

What is SASE?

SASE is a security architecture that facilitates the establishment of security and connectivity technology conversions from a network to a platform that is delivered through the cloud, generating a fast and secure cloud transformation.

Essentially, its architecture is able to combine VPN and SD-WAN capabilities with cloud-native security functions such as secure web gateways, firewalls or zero-trust network access, all of which are delivered from the cloud via the SASE provider.

This SASE model has emerged as a complete architecture, providing for a policy-based, location-independent creation of an access service perimeter independent of the location of the requesting companies and, in turn, location-independent of the network capabilities to which they request access.

In a more detailed way, SASE is the convergence of WANs together with CASB, FWaaS or Zero Trust security services, within a fully integrated cloud model. Thus, SASE represents the unification of data protection and threat protection capabilities, and is based on low latency with continuous presence, close to the users’ location wherever they are.

As a result, it is expected that by 2024, at least 40% of enterprises will have clear strategies in place to adopt SASE, up from 1% at the end of 20181. The adoption of SASE has been fully accelerated due to the pandemic that has forced the creation of a multitude of telework positions.

How does SASE work?

This architecture works by combining network traffic and security priorities, along with data and pervasive threat protection, while also providing high-speed, direct connectivity to the cloud.

In 2018, at the beginning of its rollout, SASE adoption meant that speed was lost, but control was gained. Today, this has changed and speed and control is being facilitated, as the architecture is designed to give security professionals the ability to define the exact level of performance, security, reliability and cost that the company is looking for for each user on the network.

As a result, companies that make use of SASE will gain greater scalability in the cloud, increased speed and the ability to address the security challenges that arise in cloud environments.

For example, a computer may require more efficiency through data mobility, but using the internet over public Wi-Fi can be dangerous to a company’s security. However, having a SASE architecture enables access to enterprise applications and data quickly and securely by providing the basis for higher access speed and performance while providing tighter control over users, data and devices browsing a network, regardless of location.

Advantages of SASE

Having the SASE architecture in place would imply the following advantages for companies after implementation:

  • Flexibility: Having a cloud infrastructure means you can deploy different security services for threat prevention, sandboxing, credential theft prevention, web filtering, DNS security, next-generation firewalls, etc.
  • Cost reduction: Having a single network security provider means a consolidation of services that reduces cost and complexity. Using a single platform will reduce the IT resources required, while simplifying the infrastructure by minimising the number of security products a company requires.
  • Ease of use: means fewer agents per device. This translates into less application and agent overhead, providing a consistent application experience, reduced operational costs and policies that do not involve using device-specific hardware or software.
  • Increased performance: using the cloud makes it easy to connect from anywhere. Access to applications or corporate data is available in all locations.
  • ZTNA: this involves access based on user, app or device identities, rather than IP address, providing effective protection whether or not they are connected to the network, i.e. end-to-end encryption is provided. For example, it extends endpoints to protect connections over public networks.
  • Threat prevention and data protection: With the comprehensive content review integrated into the SASE solution, there is an increased benefit of network security, while implementing protection policies within the service. This prevents unauthorised access or denial of access to confidential data.
  • Centralised management with local enforcement: a centralised cloud-based policy emerges with centralised enforcement and decision-making.

Some solutions on the market

Large service providers are already providing SASE services in the market. These include MMVISION Unified Cloud Edge and Prisma SASE.

MVISION Unified Cloud Edge sees itself as the first cloud-native and cloud-delivered category solution as well. It ensures centralised and unified policy management for shared data protection and incident management, without incurring higher costs. It provides protection from the device to the cloud and ensures integrated data loss prevention, device and user control, web filtering, endpoint management and cloud control.

MVISION Unified Cloud Edge makes sure to employ common cloud-based management systems to share information using various parameters. This, coupled with policy enforcement and data protection, creates network protection from the time data leaves the device until it reaches the cloud or vice versa, including its movement, creating a new secure cloud perimeter for any company. Thus, this service stops previously undetected cloud-native leakage attempts.

On the other hand, there is Palo Alto Networks’ Prisma SASE, which believes that SASE should merge new security capabilities with SD-WAN in the cloud and thus generate new user experiences while reducing security risks. It features autonomous management of the digital experience in a single cloud service.

Prisma SASE ensures to uniquely deliver uncompromised convergence with natively integrated best-of-breed security and SD-WAN, consistent protection of all deployed applications through hybrid workforce regardless of location, and a unique user experience with integrated autonomic digital experience management.

Conclusions

The post-pandemic digital transformation has presented a huge opportunity for SASE, causing companies to execute new digital transformation strategies, as the transition to the cloud was imminent with the adoption of SaaS, PaaS and IaaS. Typically, as IT infrastructures advance and progress, so too must security systems.

This has led to the emergence of SASE adoption that integrates and enables the security and agility that enterprises need in the cloud. This SASE architecture is deployed on SD-WAN wide area networks, integrating full cybersecurity capabilities. It also enables management of all cloud services.

Finally, enterprises should be aware that acquiring a SASE model will be a slow and gradual process, as the IT department must consider how to employ a remote workforce to the distributed information resources required by the company. MMVISION Unified Cloud Edge and Prisma SASE are some of the services available in the market to start implementing this architecture.