The cybersecurity world is no stranger to acronyms, from DLP and APT to VPN. But there is one in particular that has been rising in popularity and importance over the past year due to the pandemic: SASE (Secure Access Service Edge).
The cyber security threat landscape is changing faster than ever before—you just need to read Sophos’ 20-year retrospective of cyberthreats to realise how quickly—from the worm era of the early 2000s with ILOVEYOU to the rise of cybercrime as a business in 2005-2012 and then finally to the ransomware era of today.
This awareness of security, plus forgetting everything you know about security perimeters, is important to understand what SASE is. SASE (pronounced “sassy”) is best understood as a new approach or a “philosophy” that asks you to ditch a lot of assumptions.
This approach was coined by Gartner in its August 2019 report The Future of Network Security in the Cloud. It’s the convergence of wide area networking, or WAN, and network security services like SWG (Secure Web Gateway), CASB (Cloud Access Security Broker), FWaaS (Firewall-as-a-Service) and Zero Trust, into a single, cloud-delivered service model.
According to Gartner, “SASE capabilities are delivered as a service based upon the identity of the entity, real-time context, enterprise security/compliance policies and continuous assessment of risk/trust throughout the sessions. Identities of entities can be associated with people, groups of people (branch offices), devices, applications, services, IoT systems or edge computing locations.”
Quite hard to follow, isn’t it?
To get a better grip on the SASE security model, the best is to look at some of its significant benefits and why organisations should embrace it:
- Cost savings: Instead of buying and managing multiple point products, utilising a single platform dramatically helps reduce costs and IT resources.
- Data protection: Implementing data protection policies within a SASE framework helps prevent unauthorised access and abuse of sensitive data.
- Flexibility and increased performance: With a cloud-based infrastructure, organisations can implement and deliver security services such as threat prevention, web filtering, sandboxing, DNS security, credential theft prevention, data loss prevention and next-generation firewall policies. They can also easily connect to wherever resources are located. Access to apps, the internet and corporate data is available globally.
- Threat prevention: With full content inspection integrated into a SASE solution, organisations can benefit from better security and visibility into their network.
- Reduced complexity: By simplifying their IT infrastructure by minimising the number of security products an IT team has to manage, update and maintain, by consolidating the security stack into a cloud-based network security service model.
- Zero Trust: A Zero Trust approach to the cloud removes trust assumptions when users, devices and applications connect. A SASE solution will provide complete session protection, regardless of whether a user is on or off the corporate network.
To continue supporting long-term work-from-anywhere workforces, organisations need to invest in solutions that enable them to keep up with the changing networking and security needs of their team. One of the most important advantages organisations have is not having to manage networking and security as two separate entities. The SASE framework can help do just that. No wonder why nearly all organisations surveyed by ESG Global have some plans to implement it and more than a third (37%) have already begun implementation.
However, designing and implementing a SASE structure requires organisations to invest time and money into adopting new skill sets—perhaps explaining the gap between those planning implementation and those who have begun. Given the current shortage of not only security specialists but cloud specialists too, combining the two is taking the skills shortage challenge to a new level. The future implementation of SASE will depend on how organisations deal with this.