SASE has established itself as the de facto standard for future-proofing business networks. Gartner developed the term “secure access service edge methods” in 2019. They come in many forms and sizes. Now that many organizations (and investors) have adopted SASE, it is time to assess if it lives up to its big boasts of cost-effective security, agility, and adaptability.
As a long-time cyber researcher and instructor, I’ve learned that throwing together parts and pieces for the goal of promoting SASE isn’t the solution. Much of what passes for SASE will not help you achieve SASE’s primary aim of future-proofing your network.
Future-proofing your IT infrastructure is a terrific concept since it implies your IT infrastructure is ready to manage new requirements and problems that arise unexpectedly. If your traffic flow increases, for example, you won’t have to rush to update your infrastructure, which is a costly operation. If you need to expand into other locations or go global, your network is ready to go without the need for further assessments or contract negotiations. Network integration isn’t anything to be concerned about. Everything has already been set up. Your network will simply react to the new conditions if anything unforeseen happens (such as a pandemic) or if a new zero-day threat surface. This is what future-proofing implies, and SASE is designed to help with that.
What Is SASE And Why Is It important?
SASE is a software-as-a-service application that runs in the cloud. It routes traffic via its global points of presence (PoPs) (points of presence). When the time comes to grow, SASE may link new sites to its existing backbone and cloud services. It already has security and remote access. All of this may appear to be a lot, but it’s just one product that allows you to add and remove capabilities as needed without the need for additional technology or connectivity.
With SASE, businesses should be able to develop and promote new services and products more easily, expand into new markets without increasing IT expenditures, and adapt quickly to changing market demands or unanticipated interruptions.
This cannot be accomplished by simply affixing the SASE label to existing services. It necessitates a fundamental architectural shift from how we’ve previously approached networking and security. If you don’t address the major architectural requirements of SASE first, you might not be able to accomplish the kind of future-proofing that seems so fantastic on paper.
The Fundamentals of True SASE
To understand why, despite the excitement, SASE deployments may fail to deliver. Let’s go over some fundamental architectural requirements that determine what SASE should include:
- Convergence: To satisfy the expectations of simpler management and widespread security, SASE combines network and security capabilities in a single platform.
- Cloud-based: For agility and flexibility, SASE is developed on a cloud-native, cloud-based architecture that offers all of its features over the cloud.
- Distributed: A real SASE strategy is based on a global, private backbone of geographically dispersed PoPs. It ensures scalability and minimal latency.
- Edge Support: It securely connects all edges – branches, users, clouds, and applications – to support mobile users and off-site resources.
Now, let’s look at what SASE isn’t:
- Discrete Product Chaining: Some people characterize SASE as a collection of standalone goods linked together by virtual machine service chaining. This means that consumers will have to integrate and manage multiple point solutions on their own. The complexity of adding capabilities as needed in a standard SASE will increase with each new demand. It diminish the simplicity of adding capabilities as needed. Chaining separate goods will not allow your network to be future-proofed for expansion and changing business needs.
These appliances combine SD-WAN and security but cannot deploy these functionalities from the cloud edge. On-premise boxes must be configured in each branch, increasing costs and complexity with each additional site. There is no global backbone without cloud-native architecture. It does not cover all edges, therefore end-to-end traffic optimization between users and cloud apps is not available out of the box. Because traffic must flow via the on premise equipment, remote users will continue to experience backhaul-based latency. Such approaches are incapable of serving mobile workforces and, as a result, will not provide future-proofing for your network.
Some packages’ points of presence are hosted on third-party cloud platforms. This is in direct conflict with SASE’s requirement for a private global backbone. For mobile users and latency-sensitive applications like VoIP and video conferencing, relying on the global internet and backhauling traffic to cloud computing centers would not be sufficient. These models are incapable of controlling traffic routing or swiftly expanding into new territory. For this, they rely on third-party cloud services. You will want a private global backbone of PoPs capable of route optimization, dynamic path selection, and packet loss mitigation. Otherwise, your network will be unfit for the future.
Because telco bundles are integrated point solutions, the cost and complexity will rise as the number of persons and commodities increases. Telcos and service providers rely on on-premise boxes rather than the cloud. They also lack critical networking and security expertise, which must be provided by OEMs. The scalability and agility of the cloud-based convergent SASE paradigm are lacking in these telco-managed systems. Technically, they check every box for ways that your network will be vulnerable in the future.
SASE’s main value is its adaptive and dynamic service approach. It integrates all network and security procedures while allowing businesses to scale up features as needed. These features are available to all organizations, regardless of their location. SASE promises to handle today’s difficulties while planning for future loads. The possibilities they may offer once architectural criteria are satisfied.