The cloud is becoming increasingly integral to businesses worldwide, particularly as many employees continue to work from home. SASE (Secure Access Service Edge) helps keep users protected, whether they are working on-site, from home, or on the go while simultaneously simplifying the protection process.
In one of our recent Live with Larry weekly webinars, we met with Jason Morris, a Senior Solution Engineer from PlanetOne, to discuss what SASE is and how it empowers organizations to embrace the cloud securely.
“With more mobile users, data, and services that take place outside of the protection of the traditional security layers that we have in place, it’s really hard to keep up. With work from home initiatives that have been happening lately… depending on how you are set up, there may be less security for those users than you had in the past.” – Larry Hoehn
From Traditional Firewalls to SASE: Improving Security & Reducing Latency
Traditional firewall configurations are only typically able to protect users on site. As such, companies with multiple offices or users who worked from locations other than the office required individual firewalls to monitor their work-related traffic and keep the users and the data safe. While this solution worked from a security perspective, it was incredibly expensive, so it was clear that a better, more cost-effective solution was needed.
The next step in this security evolution was a hub and spoke configuration, where a company would deploy one firewall in a central location and then have other locations (like satellite offices or home VPNs) route all their traffic back to that firewall. This could work well if users were close together, but if your firewall was in LA and you had a user in New York, all of that user’s traffic would have to be routed back to LA, causing substantial latency issues. This model was also less than ideal for mobile users since the system didn’t adjust when users moved away from their typical workspaces.
“We’ve got a Dallas user whose VPN client on his laptop is hardcoded, so it knows to come back to the Dallas PoP (Point of Presence) – that is where he is authenticated to go onto the network. However, what happens if that user has to go to London? Well, now that same laptop user has to home all the way back to Dallas since it’s hardcoded. Whereas with SASE, they use an any cast IP which says ‘look, no matter where I am in the world, I’m going to home back to that nearest SASE provider’s PoP so that I can make sure that I can get onto the network as quickly as possible.’” – Jason Morris
Reducing Security Complexity (& the Gaps That Come With It)
Traditionally, companies relied on a patchwork of firewalls and other security programs, which could lead to unintentional security gaps. By centralizing everything with SASE, these gaps are eliminated because all security is handled from one location by one solution. By simplifying your network with SASE, you can both eliminate potential security gaps while also ensuring that all users have the immediate access they need to complete their work, regardless of where they are working, where their home base is, or what device they are using to connect to your network.
Why Protecting the Edge Matters
The edge of your network is your first line of defense against malware, DDoS attacks, and other harmful activities. Much like a fortress with a hole in its outer wall, lax edge defenses leave your entire network vulnerable. Adopting a comprehensive and flexible solution like SASE can help ensure that users and their devices are protected no matter where they are accessing your network from.
SASE Core Components
Advanced WAN networking functions, including dynamic path selection, self-healing WAN capabilities, a consistent user experience, and support for demanding, high-performance applications make up the core of any good SASE solution.
Zero-Trust Network Access (ZTNA)
Zero-trust network access is also a core component of SASE and involves several technologies working together seamlessly. ZNTA’s main job is to authenticate users and applications, and advanced context and role-based identity combined with MFA (multi-factor authentication) ensure users and devices remain secure both on and off-network.
A NGFW (physical) or FWaaS (cloud-based) Firewall
One of SASE’s main benefits is how flexible its security offerings are at the edge of your network. Cloud delivered offerings protect your network’s edges, but internal firewalls can also be used to enable network segmentation and prevent guests or IoT threats while also enforcing consistent security policies for off-network users.
A Secure Web Gateway
A secure web gateway is necessary for protecting users and devices from online security threats by enforcing internet compliance and security policies and filtering out suspicious or malicious traffic. This gateway may also be used to enforce acceptable use policies for web access, ensure users remain compliant with relevant regulations and prevent data leakage.
A CASB Service
A CASB (Cloud Access Security Broker) service allows organizations to take control of their SaaS applications, secure application access, and eliminate Shadow IT challenges. By combining CASB with on-premises DLP into an integrated system, you can further protect critical data.
How Consolidating Security Tools Benefits Businesses
Requiring one solution instead of several to achieve the same goals is a great way to cut down on unnecessary spending, dramatically reducing your costs. This also improves efficiency as maintaining one system requires less time and effort than maintaining a variety of systems and ensuring they are working together smoothly to eliminate security gaps.
Simplifying your IT infrastructure by minimizing the number of products your security team has to manage, update, and maintain and consolidating your security stack into a cloud-based network security model. This saves both time and money by allowing your IT team to focus on other tasks.
Cloud-based infrastructure like SASE allows organizations to implement and deliver security services, including threat prevention, web filtering, sandboxing, DNS security, credential theft, data lost prevention, and next-generation firewall policies using one solution.
Threat Detection & Prevention
SASE allows for full content inspection, giving you more security and visibility on your network.
One of the biggest benefits is that it allows users to quickly and easily connect to any resources (including your network and the wider internet) regardless of where they are located. This reduces latency, improving both worker and network performance.
SASE employs a zero-trust approach to security, which removes trust assumptions when users, devices, and applications connect to your network. This approach provides complete session protection, whether the user is on or off your corporate network. With many employees still working from home, this added layer of security is particularly vital.
Your network is the backbone of your business, keeping your teams connected, and giving them access to the tools and resources they need to keep your business running smoothly. SASE can help ensure that your network remains secure regardless of where workers are located. This feature is more critical than ever as more work moves out of the office and into coffee shops, employee kitchens, home offices, and spare bedrooms.