Security Think Tank: SASE will become operational reality

Uninterrupted business operations are fully dependent on the timely receipt of data that has not been compromised. The result of this is that most organisations are heavily invested in the quality of their networks, particularly for business-critical applications.

Splitting traffic between multi-protocol label switching (MPLS) networks and a software-defined wide area network (SD-WAN) allows organisations to manage their network traffic. Critical systems need low latency and high availability, while less crucial ones can use “normal” internet services, such as email.

Secure access service edge (SASE) technology is the evolution of this idea. It is based on the recognition that, because the confidentiality, integrity and availability (CIA) of data is fundamental to the organisation, it is not sufficient to rely on infrastructure that may not be fit for the purpose of transmitting critical data around the world. In short, SASE provides a more secure, lower-latency networking protocol for one of the enterprise’s most valuable assets.

Also, SASE plays a key role in organisational compliance by ensuring that data is transmitted securely. Traditional networks can also be used, but this can be a costly and time-consuming option because of the number of endpoints and local security services that need to be configured.

SASE adoption is also being driven by the move towards cloud-based services, which is resulting in enterprise architecture becoming more decentralised and increasingly reliant on the wider internet, rather than internal networks. 

Traditional centralised networking architecture forces traffic between the corporate network and the wider internet through “gateways”, which must prioritise these “packets”, and this can cause bottlenecks. Managing these gateways is expensive because it requires duplication of the configuration across multiple gateways, firewalls and routers. And with working practices changing, it becomes less tenable, as the users could be dispersed around the world and no longer in offices wired into local area networks (LANs). 

SASE gives users more direct access to the internet via secure, dedicated routes. However, this makes it essential to secure these internet connections – a challenging task because access could be from a variety of sources, including the organisation’s headquarters, a regional office, or single roaming users. 

Positioning security for each of those entities together is difficult. Centralisation of this governance allows security controls for web traffic at the point of entry to the wider internet to be standardised, rather than there being multiple access points from the firewalled local gateways.

These cloud security services can be built up so that the traditional centralised security stack starts to be replaced with a similar security stack at the cloud edges. An advantage of this is the ability to diversify the security technologies easily and react to changes in the threat environment more efficiently and at reduced cost.

However, SASE is not a silver bullet and challenges remain. For example, IT teams forfeit certain benefits of multi-sourcing, such as ensuring that different system elements are supplied by the best providers for each individual function. Single point of failure (SPOF) is also a risk because SASE delivers all networking and security functions together as a single service – technical issues on the provider side can potentially result in entire system shutdowns.

Overall, a move towards SASE will benefit network and security approaches by ensuring these concepts are not considered in silos as organisations progressively rely on a variety of internet-based services accessed from an increasing number of employee locations.

While SASE may be considered something of a buzzword today, it is becoming the operational reality for a number of organisations, with Gartner predicting that at least 40% of enterprises will have explicit strategies to adopt SASE by 2024. And the increased pace of change in corporate networks and IT and operational technology (OT) systems means it is certainly worth considering.