Network Transformation: Taking Security to the edge

The ongoing digitisation of the workplace and the rise of the distributed workforce is forcing companies to redefine the security of their IT infrastructure. Secure Access Service Edge, or SASE, is a holistic security architecture combining both network and security services in a software-defined cloud architecture which may provide the answer to these challenges.

Large enterprises still operate huge data centres. These contain not only local SaaS (Software-as-a-Service) applications, but also network components such as firewalls, load balancers, intrusion detection and prevention systems, routers and switches. Just a few years ago, it was common to design networks for branch offices that were connected directly to the data center, where internal applications were hosted and Internet traffic could be filtered. But with working from home becoming an option for many employees, apps and data need to be dispersed across locations. IT teams face the challenge of providing secure, authorised access while maintaining quality of experience across any device and location.

Network Security Meets Security at the Edge

The Secure Access Service Edge, or SASE model is becoming increasingly important for many large organisations. Already, 24 percent of enterprises plan to develop strategies to implement the SASE approach outlined by Gartner, a consultancy, by 2024 at the latest.

SaSe facilitates a better response to internal and external changes.
_{Sebastian Ganschow, is Director Cybersecurity Solutions at NTT Ltd.}

SASE is a cloud-centric architecture that represents a convergence of software-defined wide area networking (SD-WAN) and high security in a strategic edge-to-cloud service that adds neither hardware cost nor complexity. In other words, SASE describes an architecture that delivers network services and security functions as cloud services where they are needed: On end devices and at the edge, where a permanent connection to networks is not possible or even necessary.

The End of Point Solutions: SASE combines the functions of network and security point solutions in a unified, global cloud-native service, with a profound impact on several IT areas at once.

Although each company is taking a different path, a strategic SASE vision includes both a fundamental shift in access controls to where they are needed – the end user and the cloud edge – and the search for less complexity. Convergence of security functions in an efficient as-a-service model are a good way to achieve these goals. In addition, SASE can focus on supporting business agility to respond to all internal and external changes, while at the same time simplifying deployment, management, and enforcement of policies across the board. SASE as a “secure-by-design” interface for network and cybersecurity aims at breaking down silos in order to deliver seamless, scalable, and secure Internet and cloud access anytime, anywhere.

The Quickest Route to SASE: Decision makers seek a faster, more efficient high road to cloud and network transformation without compromising security. The need for speed and scalability is crucial, but corners cannot be cut when it comes to maintaining data and threat protection.

Adopting SASE requires a convergence of skills and capabilities and a new level of collaboration between a range of professionals – network engineers, application developers and security specialists. For some organisations, this means requiring a common working language be-tween IT and security departments for the very first time. In addition, organisations need to include strategic stakeholders such as human resources, access management and compliance officers in the conversation. Only then can they define advanced policies for data loss prevention (DLP), cloud access security brokers (CASBs) and zero trust network access.

New New Path Forward: SASE includes the ability to be delivered to enterprises as a managed cloud service, as well as to shift away from a traditional box-heavy branch (i.e., next-generation firewall, branch routers, etc.) to a thin branch (with SD-WAN) and a heavy cloud model.

A SASE approach requires the integration of multiple security and IT services from an organisation’s first line of defense, to a DNS layer, to a secure web gateway for zero trust that enables deeper inspection, to a cloud firewall that protects web and non-web traffic.

Centralised Management with less Complexity

Many organisations begin their SASE journey by introducing a centralised way to manage policy creation and monitoring. In the next step, they implement advanced security services from the data center to each cloud required by the site, user or IoT device. By combining multiple security capabilities into a single cloud-native service, CIOs and CISOs can build greater centralised management capability with less complexity. Thus, SASE effects more than just technology convergence – it’s where business value is created and protected.

Simplification and security are the two big drivers for network modernisation. One of the key benefits of this new approach is centralised network monitoring and management. Regardless of data centre or network perimeter monitoring, convergence lowers costs and in-creases cross-tier visibility in hybrid environments.

Fast, but Just not Fast Enough: Conventional hub-and-spoke architecture cannot keep pace with the escalating demands of edge-centric computing.

A common framework for analysing users, applications, and data provides a comprehensive understanding of all issues and allows for faster resolution. The unified interface provides far more detailed and consistent analysis and reporting, ensuring more expeditious decision making and efficient performance management. SASE builds on the connectivity benefits of SD-WAN and includes optimised MPLS, Internet, and hybrid connectivity, as well as an integrated security system. It simplifies branch office networking by replacing the multitude of network devices found in many enterprises with a simple system that provides access to a wide range of services.

Getting the Work Done: FasterCutting the time needed to configure, monitor and trouble-shoot network security functions is a great benefit.

This approach significantly reduces the time and effort required for configuration monitoring and troubleshooting of network and security functions. Finally, new applications or services can be deployed much faster. This is not just another argument for automation, but rather a leap forward in speedy, granular policy definition to meet rapidly changing business needs.

READ MORE ARTICLES