- Technical contribution
- Data Center Security, Identity and Access-Management
SASE is All About Delivering Security Everywhere
Secure Access Service Edge (SASE) is an emerging enterprise strategy that incorporates multiple solutions to enable secure remote access to on-premises, cloud-based, and online resources. Unfortunately, there has been a lot of hype that has left some organizations wondering what exactly SASE is. Understanding the basic concepts and components of SASE is important, as the benefits can be significant for many organizations. Fortunately, getting to the bottom of this is easy, as many of the fundamentals of SASE – such as bringing networking and security together– are trends that customers have been gravitating to for years. However, it is still critical to properly define SASE up front in order to avoid adding complexity or worse, missing the true value of SASE at all.
Today’s organizations require immediate, uninterrupted access to the network and cloud-based resources and data, including business-critical applications, no matter where their users are located. The reality is that consumption patterns are changing due to the implementation of 5G, cloud migrations, sustained work from home, and similar outcomes from digital innovation efforts. This has transformed the traditional network to a network of many edges.
At the same time, these dynamically changing network configurations, and the rapid expansion of the attack surface, means that many traditional security solutions no longer provide the level of protection and access control that organizations and users require. In this environment, security has to be delivered anywhere from any place, at any time, and for any device – the WAN Edge, Cloud Edge, DC Edge, Core Network Edge, Branch Edge, and Mobile Remote Worker Edge. This requires the convergence of traditional and cloud-based security, as well as deep integration between security and fundamental networking elements.
Accurately Defining SASE
SASE is designed to help organizations secure these new distributed networks. However, as with any emerging technology category, there is still some uncertainty about what precisely a SASE solution means—and what technologies are included. In addition, vendors are attempting to redefine this market in ways that best reflect their current offerings – which means that some elements are being overemphasized and others, often essential elements get overlooked. Unfortunately, some market definitions of SASE already include important omissions that are leaving some organizations confused about how to best select, implement, and manage the right sort of solution for their unique environments.
Not Just Cloud
SASE is generally classified as a cloud-delivered service, providing secure access to cloud-based resources, secure communications between remote users, and always-on security for devices off-premises. However, there are situations where organizations may require a combination of physical and cloud-based solutions for SASE to work effectively. This may include supporting a physical SD-WAN solution in place that already contains a full stack of security, or the desire to provide protection at the edge when processing confidential or sensitive information rather than shuttling it out to the cloud for inspection.
By combining physical and cloud-based elements, the role of SASE can also be easily extended deep into the network, rather than simply handing off security to an entirely different system at the edge. This ensures that a secure SASE connection is seamlessly integrated with critical solutions that also rely on hardware, such as network segmentation and compliance requirements that a strictly cloud-based security approach can’t address, to provide end-to-end protection.
Secure LAN and WAN
Some SASE definitions also omit things like Secure LAN and Secure WLAN that are essential considerations for many organizations.
To continue reading, please visit https://www.fortinet.com/blog/industry-trends/sase-is-all-about-delivering-security-everywhere