Skip to main content

Demystifying what SASE really means

Network
(Image credit: Image Credit: Flex)

In today’s world, many organizations are considering what shape the future of work should take for their operations. Some are embarking on or have already adopted a fully remote way of working, some may be opting for a hybrid working arrangement, and others may return to the office full-time. 

Wherever your employees are working from, they will need the same level of access to tools, services and applications. Employees potentially accessing the network from a variety of locations means changes to the corporate network perimeter – and with that comes a new set of security considerations. 

Having appropriate cybersecurity measures in place is becoming even more critical for IT teams, as the possible attack surface for an enterprise’s network increases with remote working. Secure Access Service Edge (SASE) is an emerging concept that aims to better address the security needs of enterprise organizations needing flexible workforce arrangements. SASE achieves this by deploying a range of security features into a single cloud-delivered platform. Network connectivity is also seamlessly integrated into the platform enabling the best possible application performance for end-users. As SASE is still relatively nascent, there are currently many different interpretations of what SASE means in the marketplace, making it potentially difficult for enterprises to decide what solution they really need. 

The rise of SASE 

Let’s cast our minds back to the start of the pandemic where our main focus was adapting the IT platform to a remote work environment. This rapid pivot triggered the increased need for secure access to vital data resources, as protecting against corporate network vulnerabilities became a higher priority for IT leaders.  Now, organizations are turning their attention towards the latest trend in strengthening secure network access, Secure Access Service Edge (SASE). But what does SASE really mean?

SASE was first coined by Gartner in 2019, defined as a cloud-based offering that combines the functions of SD-WAN with performance-enhancing and security features, such as cloud access security broker (CASB) and zero-trust network access (ZTNA). Since the term first emerged, the market has been gradually expanding, but the final industry definition of what a SASE deployment should look like is still evolving. There are several approaches to deploying SASE, each with inherent benefits and challenges. 

The theoretical ideal is the single source approach, with one technology provider delivering a full SASE solution. Unfortunately, this approach is hindered by the fact that most vendors in the market today cannot provide the full spectrum of the key SASE components, as most organizations that are deploying SASE find themselves needing to select several vendors. To mitigate complexity, a two-vendor solution offers a fair compromise, with one provider focused on SD-WAN and network functionality and another on the various security features. Deployments featuring three or more vendors are also common, with multiple providers for the security components of the solution. However, some of the leading vendors are on a roadmap to delivering a complete solution, and. industry analysts predict that most organizations will look to consolidate vendors as the market continues to mature.

For many organizations, this has made SASE a new frontier to explore, with myriad features, functionality and limitations to understand and navigate in order to optimize their secure network management.

The state of SASE today

Despite the somewhat sprawling look of the nascent market landscape, SASE is poised to become the next big thing for enterprise network security, as it promises to reduce complexity and costs, improve network performance and latency, and enable businesses to adopt a zero-trust network access approach. But the problem is that because everyone in the industry has their own interpretation of what SASE means, it’s difficult to define what a true SASE provider looks like.

Users gain access to the network based on their identity, device and application – rather than the IP address or physical location. The advantage of this is that it will support new ways of working as we come out of the pandemic and employers and employees choose between working in the office, from their homes, or at a nearby café.

Organizations must strike the right balance between user access management and effective, secure remote access to corporate resources. By working with a managed service partner, who can help define and implement policies aligned to a business’s specific security requirements, enterprises are able to flexibly adapt their networks to the right security posture as hybrid work becomes the guiding convention. 

We see the principal security perimeter shifting from a highly secure yet inflexible corporate LAN environment to being end-point focused as part of a Zero Trust Network Access (ZTNA) approach under the SASE paradigm. This approach relies on the principle of risk-appropriate trust that is continuously assessed and adapted to comply with the objectives of an enterprise’s security posture. This approach is better suited to enable secure access to cloud applications used by employees working at the office, home or other environments. What enterprises need to be aware of, however, is that as this remains a new technology, providers are still refining their solutions. Today’s path towards SASE should reflect this – enterprises shouldn’t rush and jump at the latest technology trend but instead, take a step back and consider what their needs are.

SASE is the future

According to Gartner, by 2025, at least 60 percent of enterprises will have explicit strategies and timelines for SASE adoption encompassing user, branch and edge access, up from 10 percent in 2020. As business leaders start thinking carefully about how they implement this technology in the best way possible, a few key questions can help guide the decision-making process. 

Naturally, they should first ask themselves whether the considered solution helps to solve their business challenges. Furthermore, does the solution meet their needs for stable connectivity and user experience? Does the service align to its risk management strategy? Will it provide the level of security robustness that they expect and want? 

Businesses will need to look at their network more holistically. Rather than assembling a myriad of networking and security solutions, they’ll seek solutions that are more integrated and help reduce complexity while also improving their security posture. All of these new technologies and practices will better equip businesses to adapt to a more flexible distributed enterprise and workforce model that will continue to influence networking and security requirements for the foreseeable future. 

Going forward, SASE networking will become popular as IT can manage their network and security seamlessly at the same time. If in doubt, always consider working with a trusted advisor that can demonstrate a keen understanding of the relevant technologies, and is able go through each stage of the network development and protection process to help an organization determine the security solution that is right for them.

Samir Desai, Director of Managed Security Services, GTT global network

Samir is responsible for the global portfolio of managed services including next-generation enterprise WAN solutions, SD-WAN, Cloud Connectivity and Security Services on the GTT global network.