What is SASE (Secure Access Service Edge)?
SASE (Secure Access Service Edge) is a cloud-native technology that establishes network security as an integral, embedded function of the network fabric. SASE supplants legacy services offered by single-purpose point-solutions located in location-locked corporate premises such as data centers.
Gartner’s “The Future of Network Security Is in the Cloud” research reports that in the digital economy security focus shifts from the data center to the identity of the user/device in conjunction with the data context of the communication session. Legacy security overlay solutions fail to provide the agility, flexibility, connectivity and security required in the network fabric that weaves together the digital economy: cloud-native, mobile, everything-connected.
Gartner expects that by 2023, 20% of enterprises will have adopted SWG, CASB, ZTNA and branch FWaaS capabilities from the same vendor, up from less than 5% in 2019. And by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018.
Legacy Network Design Attributes Have Shifted
Hub-and-spoke network designs worked well when the data center was the core of your business and the outlying branch offices accessed the core. Historically, sites were stationary and branch offices a manageable and known number. Your data center hosted applications. Only a small fraction of employees worked from off-premises locations. Security-sensitive work remained on-premises.
Corporate network security hinged on the network perimeter: sophisticated firewalls in the data center; bouncing all Internet traffic via data center firewalls, incurring latency; intrusion-protection appliances in branch sites; VPN tunnels for limited off-premise access.
Digital Transformation Trends Upend Network Designs
The rigid networks of yesterday do not work in the digital economy. Numerous trends have commingled in a digital transformation that upturned every tenet of legacy network designs and traffic patterns.
- The core of your business is now “the network”: private and public clouds of interconnected peer networks.
- Applications float around these clouds. They are accessed—and accessible—from everywhere.
- Internet connectivity is cheap, ubiquitous and instantly available on cellular networks. MPLS link “security” is no longer affordable or practical.
- Business applications and data live in the cloud on scalable virtual platforms that grow or shrink on-demand to accommodate your business climate. Their physical location is immaterial.
- The death-march of hardware product-cycles has been superseded by usage-based subscriptions for cloud-native virtual resources when and where needed.
- An explosion of devices (IoT) are connected everywhere: sensors, cars, livestock, inventory, monitoring, tracking, surveillance, AI workers, home appliances. These devices often lack even rudimentary security features.
- User devices are Bring-Your-Own-Device (BYOD): mobile; personal (not controlled by IT); always connected; running user-choice software, applications and network connections; and are used interchangeably for personal and business purposes.
- Traffic patterns are meshed, any-to-any, wholly unsuited to VPNs.
More Than Networks are Changing
In an assessment of industry trends, Zeus Kerravala, principal analyst at ZK Research, finds that 51% of CxOs do not know what their industry will look like in 2023; 48% fear their company could be obsolete within 5 years; 55% of the Fortune-1000 in the year 2000 are now gone; and expects a 50% turnover in the S&P in the next five years.
Worldwide COVID-19 social distancing directives resulted in momentous changes in the work-from-home, video communications and distance learning landscapes. Internet, service provider and enterprise traffic patterns are permanently altered.
Cloud-Native SASE SD-WAN Architectures
The agility to address these changes is key for survival in the digital economy. A Gartner blog by Andrew Lerner defines SASE as the convergence of wide area networking (WAN) and network security services like CASB, FWaaS and Zero Trust (ZTNA) into a single, cloud-native service model.
SASE Delivers Key Capabilities
SASE delivers attributes to address to digital transformation:
- You have complete flexibility in where and when security services are applied when security is integral to the network fabric. Meshed traffic patterns are handled with efficiency.
- Security is policy-driven, independent of location, and largely independent of device. This enables security services based on the user’s identity instead of an IT-controlled device, network access point (Internet, cloud, corporate, VPN) or location.
- SASE applies security based on the communication session and can therefore take into consideration the identity of both the user and the device as well as the data context of the transaction.
- SASE is a purely software-defined service and does not rely on any hardware appliance or location.
- SASE can be applied at the ever-shifting, logical edge of the network (a communication session), rather than at the physical “edge” (an IT-controlled device or corporate office).
- Many IoT devices have little to no local security capabilities. SASE, with security in the network fabric, can safely connect these devices.
Secure Access Services (SASE) with Versa Secure SD-WAN
Versa offers a unique converged SASE and SD-WAN solution in an integrated single-stack, hardware-agnostic software-only offering that scales to the needs of any network.
- The Versa Operating System (VOS™) - is a multi-service, multi-tenant software platform built on cloud principles to deliver scale, segmentation, programmability and automation. It provides integrated networking and security functions in a single software stack.
- Versa Director simplifies and automates orchestration of network and security services.
- Versa Analytics provides visibility, correlation and predictive analysis for network, application usage and security events.
Let Versa’s core capabilities help you implement a SASE and Secure SD-WAN..
- Multi-Service with Layered Security: Integrated L3-L7 network services with multiple layers of robust security.
- Cloud-Native & Elastic: Built on cloud principles for elasticity and automation.
- Segmentation: Multi-tenancy enables complete isolation.
- Context-based Policy: Network and security policies based on user and application context.
Versa security capabilities bring together the benefits of SASE and SD-WAN with simplified deployment and operation of multiple security services. Ongoing operations are orchestrated through the Versa Director management platform which provides a single console and set of policies across all Versa security functions. More details are given in the NSS Labs recommendations and report on Versa Secure SD-WAN.