In recent years, service providers and businesses alike have come round to how important Network Security really is. As more businesses rely on applications based in the cloud, especially with more people working remotely, more and more security options must be set up, all of which need to be working together to operate most efficiently.
The crossover between WAN, networking, and security has always existed, but has gained more importance lately. It’s fairly standard nowadays for networking solutions to offer security options – antivirus and IPS is a good example. This is also true vice versa – many companies who offer security are starting to offer networking solutions.
Seeing network security as something crucial to networking is something that companies need to start doing – and companies which deal in networking need to also view security as important. If they don’t, they should expect customers to go with competitors – once they realise the competitors are offering an all-in-one solution.
Gartner – the tech company – defines SASE as meaning Secure Access Service Edge. This is due to the fact that it’s the result of two services converging in the market – network as a service, and network security as a service. These two functions combined, result in SASE – and they are built from numerous features.
‘Network as a service’ is referring to carriers, SD WAN, and CDN & WAN optimisation, whereas ‘security as a service’ refers to things such as WEB Security (DNS), firewalls, Cloud Secure Web Gateway, and Zero Trust Network Access.
Is SASE a new idea?
The ideas behind SASE have actually been around for a while, despite the fact that the term may sound alien to many. One particular SD WAN provider has only started to use the term SASE, referring to network as a service and security as a service as a package, quite recently – even though they have supported the concept of bringing security and SD WAN together for some time. Cisco – the networking company – has actually offered SD WAN with Secure Web Gateway for a fair amount of time.
It’s a lot more usual than it used to be for service providers to offer SASE as a single package, and it seems that it will only become more common. SASE is also predicted to develop further when it comes to platform accessibility.
Companies are constantly developing the networking options that they provide. It’s fair to say that MPLS was eventually superseded by SD WAN, and it seems rather likely that SASE will become the future of networking, as more businesses start to recognize how crucial security really is.
Why are people interested in SASE
The drive for SASE is the result of a multitude of slight alterations to the world of business networking. Some of these alterations are to how companies have been developing and discovering apps, and also to how these apps are actually accessed. Here we’ll breakdown some of the key changes to business networking, speaking in terms of an enterprise/medium-size company, which is using a WAN based in MPLS:
Reliance on remote work
During the recent lockdowns, reliance on remote working increased exponentially. A key component to this being successful was the internet itself – which witnessed more and more traffic, a lot of which was not being looked over by a security system or datacentre.
It’s common for employees working from home to not have to use a business’ VPN, since the apps they use are not located inside the corporate firewall. Employees who are using apps on the corporate network are able to use a VPN, which routes the specific traffic they need directly to them, using split tunneling technology.
Businesses using SD WAN
When businesses adopt SD WAN, their primary circuit receives a direct connection to the internet. This allows their network’s performance to be greatly enhanced, as the traffic they use for applications in the cloud can be sent through the internet directly. If a Datacentre’s applications utilise an MPLS circuit to receive traffic, they can continue to do so – and the bandwidth used by the circuit can be lowered since the amount of traffic is reduced.
SD WAN prevents failure and traffic congestion, but since the data passes through the internet, security is a must.
Businesses using Datacentre applications
Generally a business’ network relies on a primary circuit, but also has a backup – though this is not used often. The traffic from each site in the network passes through the datacentre/HQ. The majority of that traffic simply moves within the network, but about 20% travels to the internet.
It’s common for a business’ backup to rely on the internet – as in the case of a failure in the system, the internet provides a route to the datacentre/HQ. Since most businesses rarely use the backup circuit, this route generally isn’t utilised.
Gaps in network security
These changes have resulted in gaps in the security. A large amount of traffic is not being overseen by a datacentre/HQ – it’s not guarded by in-house security. Also, many services, such as emails, are based in the cloud – this also necessitates security.
This can be fixed with SASE and its Secure Internet Gateway – businesses making use of SASE have access to web security, as well as a cloud-based firewall.
What comes next for SASE?
One issue with SASE is that since it gathers various security features, all of the notifications and information they present can be overwhelming for IT workers. To fix issues, context is required, generally provided by a correlation.
For example, imagine you wake up, and want to check your emails on your laptop. You go to find it, but it’s missing. You go to see if it’s in your car, only to find you left the front door unlocked overnight. On their own, each of these things might not mean so much – but together, they provide a worrying context.
With SASE, you are presented with information on its own – but further integrated security can reveal correlations. A system with further integrated security could detect a threat, let’s say a possible phishing email, and address it automatically, quickly blocking further emails from the sender’s domain, as well as stopping your browser’s traffic to that location.
These kinds of features are about to make the world of networking much more intelligent.