Author - Sivakumar RR
During the pandemic most of the companies adapted to their remote working mode. It helped them to keep up with their deliverables during the pandemic and improved productivity in most cases. It influenced the post pandemic work culture to shape into a “hybrid” work model where the employees can work from office as well as remote locations based on the flexibility. This triggered an imbalance in security controls which pre-existed in the “on site” setup of the organizations. One of the most substantial challenges introduced by this is accessing the company data through unsecured connections, public WiFi's etc. Company data which travels through unsecured connections can be vulnerable and can be tampered to perform malicious activities, adding point to point security tools and controls became very complex and cost oriented.
For enterprises which were planning to switch to Zero Trust Architecture, this became a fuel to their thoughts and companies started evaluating their maturity model to adapt to the same. Where SASE (Secure Access Service Edge) became a cost effective adaptation choice to most of them. Zero Trust is a security strategy that requires verification for every access request within a network, whereas SASE is an integrated network architecture that combines comprehensive security services, including Zero Trust principles, within a cloud-based infrastructure.
What is SASE?
 |
| Picture Credit - Palo Alto Blog |
Secure Access Service Edge is an architecture which is cloud-native and combines lot of security capabilities into SD-WAN (Software Defined WAN) like SWG (Secure Web Gateway), CASB (Cloud Access Service Broker), FWaaS (Firewall as a Service), ZTNA (Zero Trust Network Access). This is a new architecture that is designed to deliver secure and reliable network connectivity to distributed organizations.
Concept of the same has been introduced by Gartner in 2019 to address the challenges of modern network security and connectivity. SASE helps the organizations to reduce the need for many vendor tools by combining the network and security operations into a single platform. Unlike the traditional network security architecture, this requires more stringent preparations and coordination to transition to the new architecture.
Key factors that makes SASE transformational
Cloud Native Architecture
Since SASE is based on cloud-native architecture this is designed to build up on the cloud based architecture. These platforms are built in a way to act like a SASE as a service to run all the capabilities in the single platform.
Network & Security Convergence
SASE helps to merge the network and security functions together which improves the managing of these very efficiently. Since the functions of security and networks are handled together here, it eliminates the need for having separate vendor solutions for the same which helps in reducing the cost of securing your systems.
User Centric Security
SASE is designed to function in the way that it provides secure access to the user considering the factors like their identity, device type, location and context. This implements the Zero Trust Model that enforces the right level of access to the right level of user at the right time.
Zero Trust Security
Like mentioned in the above factor SASE helps to authenticate and authorize the user to restrict the user access to the right level of usage.
Global Network
SASE provides a global secure network to access the resources for the distributed users across various locations for the distributed workforce. Having advantages of low latency & high bandwidth connectivity helps the operations to be smoother in this way.
Flexible Deployments
Unlike the traditional solutions where the deployment environment became a constraint during the implementation. SASE boosts the adoption by providing the flexibility in deployment by providing options like cloud, on premise or hybrid model to meet the organization requirements.
Automation
SASE can be highly automated and orchestrated which helps the organizations to easily adapt to their dynamic requirements. Also having the automated setup helps the organization to scale up or down the resources on a need basis.
SASE Components
SWG (Secure Web Gateway)
SWG providesURL Filtering
- SSL decryption
- Application Control
- Threat Detection & Prevention
FWaaS (Firewall as a Service)
FWaaS helps onAdvanced Layer 7 inspection
- Access Control
- Threat Detection & Prevention
CASB (Cloud Access Security Broker)
CASB helps on
- Oversees sanctioned and unsanctioned applications
- Malware & Threat Detection
- Visibility & Control on sensitive data
ZTNA (Zero Trust Network Access)
ZTNA enables
- Continues verification and inspection capabilities
- Identity & Application based policy enforcement
SD-WAN (Software Defined WAN)
SD-WAN provides secure communication between sites and the internet without exposing the underlying hardware details.
Benefits of SASE
SASE helps in providing the visibility across the enterprise network which consist of distributed devices, data centers, head office and branch offices. This helps the security teams to have a control on what's happening in the network so that they will be able to fine tune it to the business requirements.
Better control over users, data & applications by having the Layer 7 or the application layer monitoring which helps in achieving the security goals on identifying the nonstandard use of applications.
Since one platform handles monitoring and controls, this has a very good advantage in the reporting aspect. Security teams do not need to go through multiple vendor applications to correlate an event during the anomaly, everything will be in the single platform.
Single platform approach also helps in the cost as well as logistics part of the problem where on the other hand multiple point systems require cycles of patching, updating and policy controls.
Data protection is another advantage of SASE where in the traditional systems multiple data locations need to communicate with the center point of control to gather policy standards and creates a single point of failure as well as bottleneck. SASE handles it differently by enforcing the control uniformly across all locations.
Benefits on SASE goes long like cost effectiveness, lower administration efforts, better network performance etc.
Comments
Post a Comment