There’s a new tech acronym in town, and it’s causing quite a stir. By now you’ve probably heard of SASE, pronounced ‘sassy,’ which stands for secure access service edge.
SASE is such a new concept that Gartner only coined the term (and the acronym) this past summer. SASE is causing a stir because of the ways it could change network architecture, network security and even the IT vendor landscape as we know it today.
Gartner predicts at least 40 per cent of enterprises will adopt specific SASE deployment strategies by 2024, an explosive increase from the less than one per cent adoption rate estimated at the end of 2018.
What is SASE?
As stated in one of two summer Gartner notes, there are now “more users, devices, applications, services and data located outside of an enterprise than inside.” As all of this moves to the cloud, the argument goes, so must network security. In this model, the data centre is no longer the focal point of security.
“Instead of forcing various entities’ traffic to inspection engines entombed in boxes in the data centre, we need to invert our thinking to bring the inspection engines and algorithms closest to where the entities are located,” Gartner suggests.
Cloud is the key
In SASE, cloud supersedes hardware.
“The software stack should have no specific hardware dependency and be instantiated when and where needed,” Gartner argues. “SASE offerings must be able to deliver in-line encrypted traffic inspection … at scale, ideally delivered from the cloud and without the use of proprietary hardware.”
The key concept of SASE is to completely converge and integrate network operations with network security in a cloud-native architecture. It can’t just be disparate tools or services, chained together and simply hosted or managed in the cloud. We’re talking about an integrated system built in and for the cloud, designed to work cohesively from birth, so to speak.
Identity is everything
“Network gymnastics to route traffic to and from the enterprise data centre makes no sense when very little of what a user needs remains in the data centre,” Gartner posits. “Identities are the new centre for access decisions, not the data centre.”
Instead of trying to secure traffic running to and from the data centre, Gartner says SASE security is based on “the identity of the user, device and application, not on the IP address or physical location of the device … Identities of entities can be associated with people, groups of people (branch offices), devices, applications, services, IoT systems or edge computing locations.”
Key ingredients for SASE
On the networking side, a core element required for SASE is cloud-based network optimization, especially SD-WAN.
On the security side, being cloud-based allows SASE to provide security that is flexible and scalable in ways the data centre cybersec model simply isn’t. Gartner envisions “an infinitely tailorable network fabric in which enterprise security professionals can precisely specify the level of performance, reliability, security and cost of every network session based on identity and context.”
‘Context’ could include the entity’s location, time of day, trust assessment of the device and sensitivity of the data being accessed. This necessitates continuous risk assessment and real-time adaptive response to those risks, as defined by the enterprise’s own specific cybersec policies.
“The enterprise perimeter is no longer a location; it is a set of dynamic edge capabilities delivered when needed as a service from the cloud,” Gartner summarizes.
To achieve all that, SASE requires cloud-based network security via services such as:
- secure web gateway (SWG)
- cloud access security broker (CASB)
- firewall-as-a-service (FWaaS)
- cloud-based DNS
- zero trust network access (ZTNA)
Benefits of SASE
Aside from the scalability and flexibility it might provide for network security, SASE would conceivably lower latency because it employs edge computing. Traffic would be inspected in ‘one single pass’ closer to the user rather than between multiple endpoints and the data centre.
For example, data could be scanned in Facebook, Salesforce or other cloud applications using a policy consistently applied no matter where the device and user are located.
By relegating hardware to the sidelines in favour of a cohesive cloud-native architecture, it could potentially reduce costs and integration headaches. In addition, cloud-based architecture, applications and software would involve continuous updates, removing the need to schedule and apply upgrades and security patches.
One of the most buzzed about aspects of SASE, however, revolves around its potential impact on the vendor landscape.
Gartner isn’t just describing SASE as a model that essentially leaves hardware behind. It’s also arguing that SASE can only really work if you use one cloud-native SASE system—from one single vendor, not various components supplied by multiple vendors. And that’s what has people talking.
Is SASE the death of network optimization hardware? Will it only be delivered by cloud-based networking vendors and security-as-a-service vendors, cutting all other vendor channels out of the market?
Clearly, SASE isn’t going to evolve overnight. Gartner itself says there’s no vendor currently offering a solution that meets its definition of SASE (despite a handful of vendors already using the SASE acronym in their marketing materials).
In Network World, here’s how Lee Doyle, principal analyst at Doyle Research, sizes up the potential impact of SASE on vendors of …
- SD-WAN: “Leading SD-WAN platforms, over time, will be able to deliver SASE-like functionality.”
- Network security: “Leading network security providers are adding network functions including routing and SD-WAN. Over time, leading network security platforms with these improved technology capabilities will start to offer SASE functionality.”
Light Reading editor Mitch Wagner foresees major SD-WAN providers partnering with notable network security vendors to develop SASE service suites in one branded product. He doesn’t expect traditional telcos to be left out: “Telcos are going to start hearing demand for SASE and need to be prepared to meet it.”
Fortunately, there’s time to see how this all shakes out; Gartner doesn’t expect to see a full SASE suite hit the market until 2025 at the earliest.
To learn more about Allstream’s SD-WAN product, click here.