In July 2019, Gartner coined the term Secure Access Service Edge (SASE) to define what it believes is the future of network security. SASE technology is designed to meet the needs of the modern and evolving enterprise by allowing security to catch up to the infrastructure it is supposed to protect.
Since Gartner defined the term, SASE has become a buzzword in security marketing. However, some of this marketing is designed to stretch the term to fit a vendor’s existing products rather than building capabilities to fit the vision of SASE.
What is SASE?
Organizations’ security teams are struggling with several significant challenges. These include:
- Distributed Infrastructure: With the rise of the cloud and remote work, an organization’s IT infrastructure is spread over many different platforms. This makes it challenging to enforce consistent security across the entire enterprise environment.
- Dissolving Perimeter: As part of the increasing distribution of IT infrastructure, the traditional network perimeter is dissolving. This is a problem because most legacy security solutions are designed to be deployed at the network perimeter.
- Cloud Flexibility: The move to the cloud means that IT infrastructure can adapt and scale much more quickly than it could in the past. This creates security challenges because legacy, appliance-based solutions are unable to keep up.
- Security Complexity: Many organizations rely on an array of point security products designed to address specific use cases and challenges. This disconnected security infrastructure is difficult to monitor and manage, slowing threat detection and response.
SASE is designed to modernize security and address these challenges. Some of the key features of SASE include:
- Cloud-Hosted Security: SASE is designed to be a cloud-native security solution. This enables it to be more easily distributed geographically and take advantage of the benefits of the cloud.
- Security Integration: SASE integrates a complete network security stack into a single solution. This simplifies security and enables it to take advantage of optimizations that are unavailable for standalone solutions.
- Network-Layer Protection: SASE integrates SD-WAN capabilities for network optimization. This not only improves performance but also allows security inspection to be applied to all traffic flowing over the corporate WAN.
These SASE capabilities directly target the major challenges that security teams are facing. This is why Gartner says of SASE that the future of network security is in the cloud.
Don’t Fall for Fake “SASE” Marketing
As companies start looking for SASE solutions, the term is increasingly showing up in marketing. However, some vendors try to argue that certain SASE features are not necessary in an attempt to make their solutions look like what customers want.
Service Chaining is “Good Enough”
Many organizations are struggling to configure, monitor, and maintain an array of standalone security solutions. One of the main benefits of SASE is that it integrates multiple security functions into a single solution.
Some solutions claim to offer SASE via service chaining. Service chaining links multiple different standalone products together rather than integrating them natively into a single solution. This approach to SASE has several shortcomings, including:
- Increased Complexity: Service chaining doesn’t eliminate standalone solutions; it just repackages them under a single label. Security teams will still need to configure, monitor, and maintain multiple solutions that are not designed to work together.
- Inconsistent Services: Building a solution from multiple discrete solutions creates the potential for gaps in coverage and capabilities. This means that these solutions will provide inferior protection compared to a genuine SASE product.
- Decreased Optimization: With SASE, the various security functions are designed to work together as a single solution. This enables them to take advantage of optimizations that are not possible with multiple solutions daisy-chained together.
Service chaining enables a security vendor to offer “SASE” with minimal effort by gluing together multiple existing solutions. However, such a slapdash solution provides inferior performance and protection compared to a SASE solution.
Non-Cloud Solutions Will Work
SASE solutions are solutions deployed as virtualized, cloud-based appliances. This deployment model is necessary to allow security to keep up with the rapid evolution of the infrastructure it protects.
For vendors that specialize in physical security appliances, making the shift to SASE is not easy. Instead, they are likely to claim that certain physical appliances – such as a next-generation firewall (NGFW) – are the “right choice” for certain use cases, like protecting an on-prem data center.
However, even if true, this is a short-term approach to security. IT infrastructure is increasingly moving to virtualized, cloud-based services instead of on-prem data centers. Organizations are better served by planning for the future now rather than investing in solutions that are increasingly obsolete and unsuited to their needs.
Selecting a True SASE Solution
SASE represents the future of network security, and Gartner recommends that companies start the process today to ensure that their security infrastructure keeps up with business needs. When starting your SASE journey, don’t fall for marketing that redefines “SASE” to fit the vendor’s current product line. Choose a true SASE solution to take advantage of the full benefits of SASE.