Digital transformation and technology evolution has effectively removed the physical boundaries that previously constrained IT systems. As it has done this, the perimeter of organisations has been pushed closer to the edge, driven by cloud adoption, the Internet of Things (IoT), and the accelerated adoption of a work from home model.
By Simeon Tassev, MD and QSA at Galix
The traditional security approach of locking down the perimeter is no longer possible. Organisations need to ensure users and devices have access to applications, data and services, while simultaneously reducing vulnerabilities and enhancing security posture. The Secure Access Service Edge (SASE) has emerged as a framework to help enterprises achieve just this.
Existing tech, new frame
SASE is a security framework that combines various security technologies and concepts to provide a higher level of protection in a world without the traditional boundaries. Typical SASE architecture uses multiple technologies to provide optimal performance and security. Each one of these technologies is used to identify the identity requesting access, provide context, enforce the applicable security policies, and identify any potential risks for each session.
The main components are:
- Zero trust network access (ZTNA)
- Cloud access security broker (CASB)
- Secure web gateway (SWG)
- Firewall as a service (FWaaS)
- Software-defined wide area networks (SD-WAN)
- Domain name system (DNS) layer security
In itself, SASE is not a new technology, but a new framework that combines existing technologies in innovative ways to address changing security requirements. For example, ZTNA can complement CASB, SD-WAN and FWaaS, among others. It is the way that these technologies are combined and implemented, in line with the SASE framework, that makes it ideal for today’s security challenges.
Works for different environments
Because it is a combination of various existing technologies, SASE is relevant for all types of different environments. Depending on the organisation and the specific requirements, SASE can be implemented as a cloud-only model, on-premises model and hybrid model. The most common deployment combines on-premises and cloud model to enforce the various security policies across the entire organisation.
SASE enables organisations to optimise networking and security capabilities into a single-service cloud-native model. This allows for easier management and a higher level of security. SASE provides visibility across hybrid environments and is suitable for any organisation with a hybrid environment and users accessing systems and data remotely.
The right solution, the right partner
The one sticking point around SASE is that it requires a point of presence and establishing this can be a costly exercise. However, the right partner will provide various options to simplify the adoption of SASE architecture, and there are existing points of presence solutions available from established public cloud providers like AWS and Azure. Leveraging this through the right partner, in combination with reputable SASE vendors, is the key.
As both technology and the threat landscape continue to evolve, the way we secure organisations must also change. Safeguarding organisations in a borderless world can be challenging, but a trusted technology partner and the right combination of technologies using an appropriate framework go a long way towards solving some of the complexity.