Transforming Network Security With SASE: Hype or Hope?


As organizations rapidly expand beyond the traditional boundaries of what is considered the “perimeter,” existing network security approaches no longer hold up. To address this challenge, Gartner introduced the Secure Access Service Edge or SASE model in 2019. Essentially, SASE converges the different components of enterprise connectivity and network security into a singular cloud-based architecture. 

In 2018 (just before Gartner authored its seminal reportOpens a new window ), SASE adoption was less than 1%. Before the crisis hit, Gartner predicted that by 2024 at least 40% of enterprises would put SASE adoption strategies in place. Now, as we approach 2021, IT experts posit SASE is well on its way to becoming the enterprise standard for security over the next two years due to the rise of distributed enterprises. 

Learn More: Positioning Yourself for a SASE Future 

SASE Use Cases  

Before we outline key use cases for SASE, let’s first understand what the concept means. 

SASE can be defined as a cloud-based architecture where security services such as cloud access security brokerage, zero trust policies, firewall software, and others are delivered alongside connectivity services like SD-WAN in a converged manner. SASE opts for real-time, contextualized security policy enforcement (instead of static variables like device-based or user-based security), continually assessing risk and trust privileges throughout all active sessions. 

SASE rethinks traditional security models in several ways: 

    • It decouples security from the device/client used for access 
    • It is entirely cloud-based 
    • It aims to achieve a single vendor environment 
    • It bundles security with networked connectivity 

Here are three use cases where SASE could play a transformative role: 

1. Migrating from MPLS to SD-WAN

Multi-Protocol Label Switching (MPLS) or lease line-based networks are commonly used for enterprise connectivity. It is a hardware-heavy model, employing devices like physical firewalls and other security appliances to ensure safe browsing activity. Companies migrating from MPLS to software-defined wide area networks can no longer stay with their existing hardware-based security measures. In this scenario, a SASE approach could work well with your SD-WAN services, securing the network without adding to the hardware footprint. 

2. Industrial IoT (IIoT) implementation

IIoT devices, like sensor-embedded equipment, smart transportation, etc., are packed with little to no security. Their form factor and UI makes it almost impossible to install your out-of-the-box security software. SASE fits seamlessly into edge computing-based network environments, overcoming the lack of on-device security measures for IIoT. For example, you could stream sensor data from a set of smart wind turbines to an AWS survey for analysis while obscuring the turbine location for security. 

3. Increasing reliance on unmanaged apps and devices 

A major challenge in the post-pandemic world will be shadow IT. Remote workforces are likely to use devices and applications that are “unmanaged” under your existing core-and-perimeter security model. But SASE doesn’t let activity in unmanaged environments go unprotected. Its cloud service-based architecture means that it can assess network activity in any location, understanding the usage context, and enforcing security policies if necessary. 

Learn More: Can SASE Edge Out VPNs for Secure Remote Access? 

SASE vs. Traditional Network Security Models

The primary advantage of SASE is that it streamlines digital transformation. Whether you’re switching to remote work or deploying IoT at scale, ditching legacy hardware, or increasing investments in SaaS — any initiative leveraging connectivity can gain from SASE. 

This is due to the following benefits: 

    • Low latency and high performance: SASE relies on latency optimized routing, where your security vendor utilizes strategically placed points of presence (PoP) around the world. Latency-sensitive applications such as video calling platforms and collaboration tools perform better in a low latency environment.
    • Reduced Opex: You can now upgrade your security infrastructure at the same pace at which cyber risks evolve. There is no need to upturn existing investments or tear through your hardware. New security policies can be added at lower costs, lesser efforts, and shorter timelines, thereby bringing down your operational expenses or Opex.
    • Zero trust by default: Zero trust access is a key tenet of SASE, as network access is based on user identity, the nature of the device, and the application in question —  NOT static variables like the IP address or physical device location. And beyond the device itself, SASE encrypts entire browsing sessions and data traffic through APIs to ensure zero trust access.
    • Centralized management meets localized control: Security policies are provisioned and managed centrally through a cloud-based control hub, even as points of presence (PoP) close to the device/client look after localized enforcement. For example, the SASE vendor would ensure that there is PoP near the wind turbine location to make security decisions locally — without sharing the data with an unauthorized entity or losing out on latency.
    • Less intrusive user experience: Unlike traditional cybersecurity software, SASE works on a cloud service, making it primarily agentless. In most scenarios, users won’t have to interact with a security agent on their device and can simply go about their work without any intrusion.
    • New business opportunities – Ultimately, the hype vs. hope debate around SASE comes down to its business-enablement potential. It opens up pathways for secure cloud adoption, secure third-party integrations, secure remote work,Opens a new window secure edge computing, and secure remote infrastructure — all of which add up to new business opportunities. 

The above benefits make a very compelling case for SASE, particularly as enterprises strived to complete years of digital transformation in a matter of months. 

Learn More: Zero Trust Networks: Guide to Implementing Trusted Architecture in Remote Work Era 

Evaluating SASE Solutions: Top Considerations 

Now, for companies looking to embrace SASE in 2021, there are two key considerations — how does one choose a vendor, and what could be the potential challenges on the way. 

Interestingly, nearly every leading vendor with a comprehensive set of cybersecurity offerings has started to put together SASE-oriented products. 

For example, Cisco UmbrellaOpens a new window is now at the heart of the company’s SASE architecture, McAfee has launchedOpens a new window its unified cloud edge for SASE, and Zscaler’s SSMA technology for contextualized assessment as well as its PoP investments are anticipatory of the SASE modelOpens a new window . 

So, if you already have an entrenched relationship with a cloud-based security vendor, make sure to check out its future roadmap for potential SASE synergies. Some of the other parameters to note when considering a SASE vendor are: 

      • The physical location of PoPs 
      • The breadth of services (both network and security) 
      • The option to have a physical customer premise equipment (CPE) 
      • Support for IoT/edge computing 
      • Licensing model (bandwidth-based or entity-based) 

Also, the transition to SASE could bring a few complexities. First, it completely reimagines the IT security culture from a siloed to a converged approach, where network and security are effectively part of one team. Also, it might be difficult to consolidate so many varied services under one vendor — at least until there is a greater degree of cloud-based technology maturity. 

Further, some industries like healthcare or BFSI might continue to insist on on-premise control, which gets increasingly difficult under SASE. 

These risks do have a slightly sobering effect on discussions around SASE. There is no doubt that a converged, cloud-based architecture that’s purpose-built for IoT could be the future of enterprise security. But there’s still a long way to go, as security vendors bolster their cloud-based service stacks, enterprise networks modernize towards software-defined operations, and IT teams leave behind the legacy culture of silos and walled gardens. 

Do you believe that SASE is the future of enterprise network security? Comment below or let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!