Cloud services and networking are driving the concept of digital businesses, yet traditional networking and cybersecurity architectures are far from meeting the demands of the digital business.
Gartner's "The Future of Network Security Is in the Cloud" report spells out the potential for the transformation of networking and security in the cloud, built upon a new networking and security model. That model is called Secure Access Service Edge (SASE), a term coined by Gartner's leading security analysts Neil MacDonald, Lawrence Orans, and Joe Skorupa.
Gartner claims that SASE has the potential to invert the established networking and security service stack from one based in the data center into a design that shifts the focal point of identity to the user and the endpoint device.
SASE addresses the numerous problems that have been discovered with traditional cybersecurity methods used in the cloud. Many of those problems have roots with the ideology that network security architectures must be placed at the center of connectivity in the data center.
Those legacy applications of network security cannot efficiently support newer networking ideologies and use cases, such as the shift to dynamic services, software as a service (SaaS) applications, and the growing trend of enterprises needed to work with distributed data.
Traditional network and network security architectures were designed for an era where the enterprise data center was the physical center of access requirements for users and devices. A model that worked relatively well until the push for digital transformation drove new requirements.
With enterprises embracing digital business processes, along with edge computing, cloud services, and hybrid networks, it became evident that traditional networking and security architectures were beginning to fail on multiple fronts.
The overall complexity of traditional architecture introduced problems such as latency, networking blind spots, excessive management overhead, and the need for constant reconfiguration as services changed. The SASE model eliminates those problems by reducing networking complexity and shifting the security process to where it can do the most good, the network edge.
As an emerging, disruptive technology, Gartner has doubled down on the importance of SASE, as evidenced by Gartner's "Hype Cycle for Enterprise Networking, 2019" report, which presents SASE as so strategic that the technology earned the label "transformational." The report also establishes sample vendors and the critical elements of SASE.
As defined by Gartner, the SASE category consists of four main characteristics:
Ultimately, the goal of a SASE architecture is one of making secure cloud enablement easier to accomplish. SASE provides a design philosophy that eliminates the traditional methods of stitching together SD-WAN devices, firewalls, IPS appliances, and numerous other networking and security solutions. Instead, SASE replaces that mish-mash of difficult to manage technology with a secure, global SD-WAN service.
Gartner acknowledges that the SASE market is in flux, with no one vendor offering the entire SASE portfolio of capabilities. Some vendors, such as ZScaler, offer firewall as a service but lack the SD-WAN capabilities (and other security capabilities) required by SASE. Other vendors offer security as an appliance but not in a cloud-native, global network.
About the closest to a functioning SASE service that I've seen is from Cato Networks. Cato Networks provides a global private backbone (50+ points of presence (PoPs) at last count). The PoPs run Cato's own cloud-native architecture that converges networking and network security. The Cato software is a single-pass, cloud-based architecture. All network optimizations, security inspection, and policy enforcement are done with rich context before forwarding traffic onto its destination.
Cato connects various "edges," in Cato parlance, by establishing encrypted tunnels to the nearest Cato PoP. The platform connects locations via Cato's SD-WAN device, the Cato Socket; mobile users via Cato's client- and clientless access; and cloud resources via Cato's "agentless" integration. Even third-party devices can be connected by establishing an IPsec tunnel to the nearest Cato PoP.
Identity and access are unified into an easily managed paradigm. That paradigm allows enterprises to focus on security policies, instead of security and networking components, while also supporting the move to a global, distributed architecture, which securely connects all network edges.
SASE is much more than a security framework and a new model of networking that flattens the access stack into an easily managed fabric of connectivity with security at its core. That makes a SASE Cloud much leaner since all functions are converged together.
SASE processes traffic faster with less latency while incorporating more context than other networking and security methods. As a software-defined platform, SASE can quickly adapt to change, such as scale or agility driven reconfigurations. SASE also introduces additional network protections, such as the concepts of business continuity, load distribution, and improved uptime.
You can learn more about SASE, by joining to a Gartner-featured webinar, hosted by Cato Networks. In this webinar Gartner analyst Neil MacDonald, one of the creators of the SASE category will cover:
Click here to register.
Gartner's "The Future of Network Security Is in the Cloud" report spells out the potential for the transformation of networking and security in the cloud, built upon a new networking and security model. That model is called Secure Access Service Edge (SASE), a term coined by Gartner's leading security analysts Neil MacDonald, Lawrence Orans, and Joe Skorupa.
Gartner claims that SASE has the potential to invert the established networking and security service stack from one based in the data center into a design that shifts the focal point of identity to the user and the endpoint device.
SASE addresses the numerous problems that have been discovered with traditional cybersecurity methods used in the cloud. Many of those problems have roots with the ideology that network security architectures must be placed at the center of connectivity in the data center.
Those legacy applications of network security cannot efficiently support newer networking ideologies and use cases, such as the shift to dynamic services, software as a service (SaaS) applications, and the growing trend of enterprises needed to work with distributed data.
Traditional network and network security architectures were designed for an era where the enterprise data center was the physical center of access requirements for users and devices. A model that worked relatively well until the push for digital transformation drove new requirements.
With enterprises embracing digital business processes, along with edge computing, cloud services, and hybrid networks, it became evident that traditional networking and security architectures were beginning to fail on multiple fronts.
The overall complexity of traditional architecture introduced problems such as latency, networking blind spots, excessive management overhead, and the need for constant reconfiguration as services changed. The SASE model eliminates those problems by reducing networking complexity and shifting the security process to where it can do the most good, the network edge.
As an emerging, disruptive technology, Gartner has doubled down on the importance of SASE, as evidenced by Gartner's "Hype Cycle for Enterprise Networking, 2019" report, which presents SASE as so strategic that the technology earned the label "transformational." The report also establishes sample vendors and the critical elements of SASE.
What Exactly is SASE?
As defined by Gartner, the SASE category consists of four main characteristics:
- Identity-driven: User and resource identity, not simply an IP address, determine the networking experience and level of access rights. Quality of service, route selection, applying risk-driven security controls — all are driven by the identity associated with every network connection. This approach reduces operational overhead by letting companies develop one set of networking and security policies for users regardless of device or location.
- Cloud-native architecture: The SASE architecture leverages key cloud capabilities, including elasticity, adaptability, self-healing, and self-maintenance, to provide a platform that amortizes costs across customers for maximum efficiencies, easily adapts to emerging business requirements and is available anywhere.
- Supports all edges: SASE creates one network for all company resources—data centers, branch offices, cloud resources, and mobile users. For example, SD-WAN appliances support physical edges while mobile clients and clientless browser access connect users on the go.
- Globally distributed: To ensure the full networking and security capabilities are available everywhere and deliver the best possible experience to all edges, the SASE cloud must be globally distributed. As such, Gartner noted, they must expand their footprint to deliver a low-latency service to enterprise edges.
Ultimately, the goal of a SASE architecture is one of making secure cloud enablement easier to accomplish. SASE provides a design philosophy that eliminates the traditional methods of stitching together SD-WAN devices, firewalls, IPS appliances, and numerous other networking and security solutions. Instead, SASE replaces that mish-mash of difficult to manage technology with a secure, global SD-WAN service.
Available SASE Services
Gartner acknowledges that the SASE market is in flux, with no one vendor offering the entire SASE portfolio of capabilities. Some vendors, such as ZScaler, offer firewall as a service but lack the SD-WAN capabilities (and other security capabilities) required by SASE. Other vendors offer security as an appliance but not in a cloud-native, global network.
About the closest to a functioning SASE service that I've seen is from Cato Networks. Cato Networks provides a global private backbone (50+ points of presence (PoPs) at last count). The PoPs run Cato's own cloud-native architecture that converges networking and network security. The Cato software is a single-pass, cloud-based architecture. All network optimizations, security inspection, and policy enforcement are done with rich context before forwarding traffic onto its destination.
Cato connects various "edges," in Cato parlance, by establishing encrypted tunnels to the nearest Cato PoP. The platform connects locations via Cato's SD-WAN device, the Cato Socket; mobile users via Cato's client- and clientless access; and cloud resources via Cato's "agentless" integration. Even third-party devices can be connected by establishing an IPsec tunnel to the nearest Cato PoP.
Identity and access are unified into an easily managed paradigm. That paradigm allows enterprises to focus on security policies, instead of security and networking components, while also supporting the move to a global, distributed architecture, which securely connects all network edges.
SASE: It's a Lot More than Security Done Right
SASE is much more than a security framework and a new model of networking that flattens the access stack into an easily managed fabric of connectivity with security at its core. That makes a SASE Cloud much leaner since all functions are converged together.
SASE processes traffic faster with less latency while incorporating more context than other networking and security methods. As a software-defined platform, SASE can quickly adapt to change, such as scale or agility driven reconfigurations. SASE also introduces additional network protections, such as the concepts of business continuity, load distribution, and improved uptime.
You can learn more about SASE, by joining to a Gartner-featured webinar, hosted by Cato Networks. In this webinar Gartner analyst Neil MacDonald, one of the creators of the SASE category will cover:
- What is SASE and why is it emerging today
- What does SASE mean for networking and network security products
- What are the building blocks of a true SASE architecture
- The use cases and capabilities that are part of SASE
Click here to register.