Cloud-based SASE solutions offer improved security for distributed computing environments.
Cloud services, mobile technologies, edge computing and distributed workforces have effectively erased the traditional network perimeter. While these innovations enable a host of business benefits such as increased agility, flexibility and productivity, they also make a mess of conventional network security practices.
The events of the past year illustrate the dilemma. The accelerated adoption of cloud services, edge computing and other digital technologies allowed companies to support mass numbers of remote workers, but it also created a dramatically expanded attack surface with millions of new vulnerabilities. Security analysts detected an average of more than 500,000 new malicious programs every day during 2020 — a number that is simply overwhelming short-staffed IT security teams everywhere.
Securing modern networks requires a new approach. An increasing number of organizations are adopting an emerging cloud-based service known as Secure Access Service Edge, or SASE. According to a new global study by Sapio Research, nearly two-thirds of businesses are adopting or planning to adopt SASE (pronounced “sassy”) in the next year.
SASE combines a variety of networking and security tools into a unified, cloud-native service that delivers secure access for the data center, remote and home offices, mobile users, and beyond. It simplifies the security of distributed computing environments by allowing IT administrators to centrally set and manage security policies for all areas of the network.
By consolidating disparate network and security policy enforcement tools into a single cloud-based offering, SASE ensures that policies are consistently applied. Policies regarding data and malware inspection, application access, web security, intrusion prevention and more are able to follow users, endpoint devices and applications across all points of network access.
Centralized policy control addresses two of the major security issues confronting organizations today. More than a third of respondents to the Sapio study cited the inability to enforce security policies across the remote workforce (37 percent) or to spot new threats facing users (34 percent) as significant challenges. More than 40 percent said the ability to improve the security of devices and applications used by remote workers is the biggest reason for adopting SASE.
“SASE orchestration provides the means to maintain a single security policy throughout a distributed environment for control, inspection and monitoring,” Gartner analyst Richard Bartley noted in a recent research report. “Gartner expects SASE will provide the agility to cope with rapidly changing network and security conditions.”
SASE solutions generally comprise the following major components:
- Software-defined wide area networks (SD-WAN). Using a virtual WAN allows companies to use any combination of transport services — including MPLS, cellular and broadband — to securely connect users to apps and locations.
- Domain name system (DNS) layer security. More than 90 percent of all malware uses DNS to communicate with command and control sites for data exfiltration. DNS-layer security blocks malicious DNS requests before a connection to an IP address is established.
- Secure web gateway (SWG). Gateways log and inspect web traffic in real time, detecting and filtering malware from user-initiated Internet traffic. They also provide SSL decryption to protect against stealth attacks.
- Firewall as a service (FWaaS). A cloud-delivered firewall service provides visibility and control of Internet traffic across all ports and protocols — without the management burden of an on-premises solution.
- Cloud access security broker (CASB). CASBs provide visibility into traffic moving to and from the cloud, and they control access to cloud services by blocking unauthorized users or endpoints. Most also come with additional security functions such as zero-day threat protection, data loss prevention and encryption.
- Zero trust network access. Zero trust security assumes that everyone and everything accessing network resources is a threat until their identity has been verified and validated. With SASE, administrators can easily extend zero-trust principles from the data center to the cloud.
In addition to the obvious security enhancements, SASE enables several other business benefits. It simplifies the IT infrastructure and cuts costs by reducing the number of individual security products organizations must purchase, deploy, manage and maintain. Optimized routing improves performance and reduces latency by automatically finding the best path for network traffic. Additionally, the cloud-native design contributes to highly scalable security capabilities.
Today’s anytime, anywhere computing models deliver tremendous operational benefits, but they also create a wide range of potential vulnerabilities. Traditional perimeter-focused security measures provide limited protection for growing numbers of remote workers, devices, applications and services. SASE offers an elegant solution by extending key security services beyond the perimeter while also reducing cost and complexity.
