Current networking and security solutions are incompatible with the cloud-centric and mobile-first digital business. The network is rigid and static, and security is heavily fragmented across multiple domains. Together, networking and security are slowing down the business instead of enabling innovation and agility.
Secure Access Service Edge (SASE) seems to be the hottest buzzword in networking and security today. Gartner has gone as far as giving SASE a benefit rating of “Transformational”, a label even SD-WAN, a trending topic in its own right, never achieved.
SASE is the convergence of networking and security that optimizes access performance, reduces operational complexity, and enhances security posture on a global scale. To meet these criteria, a true SASE solution must be built on a cloud-native and cloud-based architecture; distributed globally across many Points of Presence (PoPs); and support all edges (locations, users, clouds, and applications).
Want to learn more about SASE? Download the Cato Networks SASE eBook.
Legacy remote access appliances often fail to deliver security functions such as IPS, NGFW, and SWG. Enterprises often end up deploying additional security point solutions to fill the gap, but that approach still doesn’t lead to truly holistic security and visibility. For example, point solutions are inherently optimized for securing a single location, making mobile and BYOD a challenge. Similarly, many cloud platforms require separate security solutions that reduce network visibility.
SASE solves this problem by building security features such as URL filtering, anti-malware, IPS, and firewalling into the underlying network infrastructure. This means all edges, from sites to mobile to the cloud, receive the same level of protection.
Sourcing, provisioning, monitoring, and maintaining a variety of point solutions across an enterprise network drives up both Capex and Opex. With SASE, enterprises can do away with a patchwork of physical and virtual appliances and instead leverage one cloud-native solution. This eliminates not only the cost of the appliances, but reduces network complexity by abstracting away upgrades, patches, and network maintenance.
SASE can do for WAN infrastructure what platforms like AWS, Azure, and Digital Ocean did for application delivery: enable hyper scalability and elasticity. Spinning up or down sites with traditional point solutions is time consuming and often requires a lot of hands-on IT work.
A cloud-native multi-tenant SASE solution minimizes the manual labour and streamlines provisioning times. In many cases, sites that may have taken weeks to spin up with traditional point solutions may take minutes or hours with SASE. Additionally, spinning down sites is less costly and time consuming given the absence of physical hardware and wasted software licenses.
One of the main SASE benefits is that, unlike point solutions, cost and complexity do not grow at the same rate as the network.
The SASE platform brings together network and security point solutions into a unified global cloud-native solution. The individual technologies and services that make up a SASE solution include SD-WAN, Firewall-as-s-Service, bandwidth aggregation and zero-trust network access.
Managing SD-WAN, SWG, NGFW, and VPN appliances across multiple locations within an enterprise network requires significantly more IT labour than a single location. However, with SASE management complexity doesn’t grow in lockstep with the network because a single cloud-based management application can provide control of the entire service, and IT doesn’t need to worry about maintenance tasks like patching or hardware replacements.
Like with any hot buzzword, many marketers will look to slap the term SASE on to any solution that delivers some SASE benefits. However, SASE isn’t about a subset of features achieved by multiple point solutions, it’s about a single converged platform. The convergence and ease of use is what got industry experts like Gartner excited in the first place, and it’s what a true SASE solution should deliver.