The adoption of cloud services has benefited organizations tremendously, but also has revealed how complex network security really is. This comes at a time where network security is top of mind, with 86% of organizations expecting to be impacted by a cyberattack within a year.1
Traditional network security models were designed to accommodate employee devices and systems that were located within the corporation’s direct perimeter. But these traditional assumptions no longer hold true.
A majority of the workforce now takes place outside the office and organizations have become more reliant on systems that operate outside of an official office structure. Enterprises are turning to Secure Access Service Edge (SASE)—an emerging “as a Service” framework enabling secure and reliable cloud adoption.
SASE allows organizations to deliver protected networking and security services by providing all workers full access to company applications and resources alongside a much simpler connectivity model for cloud-first enterprises, with security functions wherever they’re needed.
Since SASE is still in its early stages, the definition is still fluid. We can start by describing SASE as more than a single technology; it has five main components that embed networking and security capabilities into a single-service, cloud-native model. Here we will outline each of these components and why they are significant when approaching SASE for your own organization.
Component 1: Software-Defined Wide-Area Networking (SD-WAN)
SD-WAN is an architecture of connectivity that decouples networking hardware from a physical control layer. It benefits businesses by increasing network performance by offering a resilient and agile solution that enhances and simplifies WAN performance and management. SD-WAN reduces costs while supporting new applications and services resulting from digital transformation. The combination of SD-WAN with advanced security functions lays the foundation for businesses undergoing a SASE transformation.
Component 2: Zero Trust Network Access (ZTNA)
ZTNA is based on the premise that nothing is trusted: not users, devices, data, workloads, locations or the network. ZTNA’s purpose within a SASE solution is to authenticate users to specific services or applications. It recognizes that in today’s environment users and sensitive data are located in an office, at home, in the cloud or on the road. ZTNA works within the framework of SASE to better secure remote and hybrid workforces in both cloud-based and on-premises services.
Component 3: Cloud Access Security Broker (CASB)
The SASE architecture often includes CASB, because it provides visibility between users and their cloud services to apply security policies as they access cloud-based resources. This data security identifies and controls sensitive content using data loss prevention (DLP). CASBs offer threat protection using adaptive access control (AAC) to provide user and entity behavior analysis and mitigate malware. In short, CASBs are a way for organizations to protect against cloud security risks, comply with data privacy regulations and enforce corporate security policies.
Component 4: Secure Web Gateways (SWG)
SWGs protect online devices from infection and enforce company policies in order to filter unwanted malware from user-initiated Internet traffic. A SASE solution that includes a SWG can offer cloud protection through a unified platform for complete visibility and precise control over web access while enforcing these security policies that protect users from harmful websites using URL filtering, application control, DLP, antivirus, sandboxing and SSL inspection.
Component 5: Firewall as a Service (FWaaS)
FWaaS is a firewall solution delivered as a cloud-based service. It provides hyperscale, next-generation firewall (NGFW) capabilities such as web filtering, advanced threat protection (ATP), intrusion prevention system (IPS) and Domain Name System (DNS) security. FWaaS can be built into a SASE platform to deliver a wide range of network security features, whenever and wherever businesses need it.
Connecting the fabric with SASE
As the cloud era continues to redefine the business network, SASE (through its five core components) will enable organizations to deliver protected networking and security services in a consistent way as the landscape continues to evolve in an unceasing movement toward digital business transformation and, ultimately, workforce mobility. Distinct opportunities can result from adopting SASE, but it helps to first understand which elements make up this unified solution and which features you already have implemented or considered. Learn more about what SASE can do for you.
Resources
- Liu, Nancy Chenyizhi. “Trend Micro: 86% of Orgs Expect a Serious Cyberattack.” SDXCentral. August 4, 2021.
- SASE & ZTNA for Dummies—VMware Edition (2020).