Network based systems

New secure network requires SASE

In in recent months, the concept of the network has changed dramatically. The rapid push for businesses to digitally transform and embrace the cloud, primarily due to the COVID-19 pandemic, has resulted in greater demands than ever on networks. The resulting “new network” of organizations must seamlessly connect any user to any app on any device. It must do this regardless of time and geographic location. And it all has to happen safely. This is where Secure Access Service Edge (SASE) comes in.

SASE is a new model that combines cloud networking and security functions to provide secure access to applications, wherever users work. What makes SASE so important is that it includes basic functions like Software Defined Wide Area Network (SD-WAN), Secure Web Gateway, Firewall as a Service, Security Broker cloud access and zero trust network access.

SASE is a framework as opposed to a solution that must be installed. This has seen skeptics claim that SASE is just a new name for things that have been around for a while. And while the likes of SD-WAN, Secure Web Gateway, and others exist, SASE consolidates them all into one integrated cloud service. It represents the convergence of all their capabilities in the cloud and offers them as a unified service.

The hybrid world

As more employees return to their offices, business and technology leaders must balance the needs and demands of on-site workers and those who are still part of the distributed workforce. Attention then shifts to the existing network infrastructure and the efficiency of managing a hybrid user base.

Part of this means reinventing your office connections to ensure that wired and wireless networks can effectively support employees who are back in the office. Strengthening network security and redefining the IT experience by incorporating innovations like automation and artificial intelligence-based analytics should ideally be done now.

The move to this hybrid environment and the accelerated shift to cloud and edge applications means that the network must also handle the demands that SASE will place on it. How businesses manage cloud-based security with existing on-premises solutions should be a priority.

Overcome the obstacles

That’s not to say that the transition to a SASE-compatible network environment doesn’t have other challenges to consider. But what SASE does well is bridge the historical divisions between technology and security. Some companies might not be comfortable handling this on their own. To this end, a managed service provider approach could be used until the skills of the team and the budget are available to self-manage.

And then there is the not insignificant issue of dealing with the existing infrastructure and how to manage that. Businesses don’t want to waste the existing investment they made in network architecture before the pandemic. A hybrid approach can help facilitate this and give organizations the best of both worlds. However, SASE must be implemented at the policy level to ensure that businesses remain aware of what is required throughout the network reimagining process.

New opportunities

Additionally, SASE gives businesses the ability to identify end users, devices, IoT systems, and advanced computing locations. It also provides direct and secure access to applications hosted anywhere, including cloud-based data center services.

Adopting this platform-centric approach to security enables organizations to connect users to the applications and data they need to access. They can also control access and apply the appropriate security protection wherever users work. SASE converges networking and security functions to provide secure connectivity as a service. And with today’s businesses planning a cloud-first transformation by consolidating vendors and adopting integrated, cloud-centric solutions, that consolidation is being done entirely through a SASE platform.

With SASE, organizations gain greater control over every user and any application, on any network – with no degradation in performance or user experience.

Agility in implementation

One of the main value propositions of SASE is that it can be provided as a business service. This requires a solid cloud infrastructure on the backend. However, it’s not just about the number of data center locations, but also how well the organization connects to other vendors through relationships and peering sessions.

It would be very difficult for a company to build and maintain this on their own, which is why it is extremely beneficial to consume a complete SASE architecture from a single vendor. As mentioned, a managed service provider can help significantly in this regard, ensuring that the organization can use SASE as a subscription service while remaining focused on achieving its core business goals.

For example, an American multinational aerospace company needed to improve the networking performance of its 78,000 users based at more than 900 sites in 70 countries. An SD-WAN solution that provided the required level of consistency evolved into a comprehensive SASE approach that effectively integrated its network and security requirements.

Another example where SASE provided the best option to bring integration between security and networking was a European company with around 78,000 employees in over 100 countries that needed to improve end-user and data security. SASE provided the ability to unify multiple network and security use cases from a single vendor while enabling a bond of trust between on-premises data and cloud-based data.

Perfect future

But it’s not just about using security and networking products delivered or managed in the cloud. There are already thousands of different products that offer this. Instead, networking and security functions should be fully integrated into a single service.

SASE’s ultimate vision is to provide seamless and secure access to any application, over any network or cloud, anywhere users work. This can be done by combining the best networking, client connectivity, security and observability capabilities in a single subscription service. And by following this path, businesses can easily source, configure, and use SASE from a single cloud-based dashboard.

  • Arashad Samuels, Cisco SecOps Lead – Africa

Source link