Companies engaged in digital transformation efforts already understand that security and network services are converging. Providing these formerly separate functions as services from the cloud can help increase both network performance and security. Now that convergence has a new name: “secure access service edge”, or SASE (yes, pronounced ‘sassy’).
SASE is Gartner’s name for a combination of SD-WAN capabilities with a number of security services that are primarily delivered through a cloud-based delivery model. Gartner introduced this new category late in 2019 in a research note titled “The Future of Network Security Is in the Cloud.”1
What is SASE then? Gartner defines the service edge as an offering that supports the access needs of digital enterprises by combining SD-WAN functions with network security services such as secure web gateway (SWG), cloud access security broker (CASB), and cloud-based firewall. To keep this alphabet soup of tech acronyms from becoming an unholy mess, a SASE offering helps simplify management by offering highly customizable policy-based control that can be tailored by user identity, session context, and application needs for performance and security.
Gartner notes that users are not solely located within the enterprise LAN, secured behind a corporate firewall. Mobile devices, IoT data flows, and branch access to enterprise applications have resulted in more traffic moving back and forth across that formerly well-defined enterprise network boundary. These changes in access expose performance issues with the traditional hub-and-spoke network architecture. The reality is that the enterprise datacenter is no longer at the center of the universe, at least not if IT wants to stop hearing complaints about application performance from users.
The SASE model helps by placing access control closer to the user. IT teams, on the other hand, get tightly integrated services that are easier to manage because there is less software complexity and control that is policy driven and delivered across several formerly discrete functions. The cloud delivery model means that there’s less operational complexity in terms of managing a widely distributed set of hardware systems.
How does the magic happen in this new category of services? Some of the key technical requirements include:
- A reduction of multiple agents required on a device or customer premises equipment (CPE) to a single agent or device while automatically implementing policy without a need for user interaction.
- A use of latency-optimized network paths, meaning providers have to invest in points of presence and network peering relationships around the globe. Also, vendors need network capacity and technology to manage DDoS and other attacks on their infrastructure.
- Breadth of services – Gartner lists some 23 network related capabilities by our count along with in-depth user identity and access control functions.
- Ideally built on a microservices architecture with multi-tenancy in mind.
- Single pass traffic inspection, including the ability to deliver in-line inspection of encrypted traffic.
Such is the promise of SASE offerings that by 2024, Gartner forecasts that at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018.
Helping with lift and shift
SASE model is an interesting concept. Many companies will be able to see the logic of deploying cloud-based security in tandem with SD-WAN services. However, enterprises with a significant investment in traditional hardware-based security have a lot of inertia behind the current network and security deployment model that will keep them going down that track for some time. They’ve been given budget to buy and maintain systems, and have personnel managing these systems. Moving to a SASE vendor changes the operational model for the company and creates a need to re-skill employees; it can also introduce risk in the form of offerings that are not as scalable as promised or have weak integration between functions.
This is where we believe a provider of managed network and security services can help with that “lift and shift” into the cloud. Apcela enables the distributed network architecture of a SASE offering- our AppHubs are part of a network overlay that enables a customer to move into multiple carrier-neutral datacenter locations. The app hubs offer the capability to move security functions to the network edge in a phased approach that’s appropriate to each customer’s requirements.
To learn more about the Apcela AppHub model, check out our Data Sheet here.
Download a complimentary copy of the Gartner report “The Future of Network Security Is in the Cloud”
Published: 30 August 2019 ID: G00441737
Analyst(s): Neil MacDonald, Lawrence Orans, Joe Skorupa