Secure Access Service Edge (SASE)
In my previous article, I have explained Zero Trust Architecture and how it is being used by organizations. Due to the increase of cyberattacks and threats, organizations are constantly looking for more secure models. As many organizations are migrating to the cloud due to diversified services by cloud providers, it became very difficult for organizations to stick to or maintain the ZTA. It did not mean that companies left the ZTA model but they have come with an upgraded model by considering the Cloud deployment i.e., SASE
What is SASE?
SASE stands for Secure Access Service Edge, an architecture model introduced by Gartner in 2019, which fills the gap between traditional SD-WAN and Cloud Security. SASE combines the traditional SD-WAN capabilities and comprehensive cloud-native security solutions like CASB, WAF, ZTA etc.. which become a unified security model for an Enterprise.
Why SASE was required?
Historically, Organizations have their own architecture security model which protects their traffic between their offices and data centers and also provides security across remote locations in the form of VPN.
But, Eventually with the adaption of IAAS, SAAS and PAAS services, Traffic between Organization and Internet observed a huge spike . Moreover, Users are working across the globe over the VPN or using the cloud applications directly accessing the Internet. This made organizations vulnerable as the cloud-hosted applications are a soft target to threat vectors. Hence organizations started working on a model where we can manage and secure organizational data while using the cloud services.
The best way to implement is by securing the Edge is what they have proposed. Since we cannot control the internet, we can secure the edges where the incoming/outgoing traffic runs. This involves Securing the organization, Security the applications hosted and cloud and most important thing i.e., the traffic flows between them.
How SASE can be implemented?
SASE can be implemented by combining both functionalities and provide enhanced Security at cloud-native applications and also at traditional Architecture. Best way to start by deploying an SD-WAN across the network and also introducing the optimized VPN solutions for Secure Network access. Then we need to create a ZTA and implement Zero trust policies. Cloud-Native applications required diversified security solutions such as Secure Web Gateway, DNS Security, Ransomware Protection, Web Application Firewall, ZTA, Cloud Access Security Broker ( CASB), and these are deployed based on services provided by cloud ( IAAS, PAAS, SAAS). Below are some of the vendors who provide these services.
- SD-WAN: Cisco, Checkpoint
- SWG: Zscalar, Cisco Umbrella, NetSkope
- CASB: Symantec, McAfee, TrendMicro, NetSkope
- WAF: Fortinet
- Unified SASE solution: Akamai, Zscalar, Cisco
Multiple Vendors have come-up with a solution to provide a Unified SASE Model to provide a Complete Security by satisfying the SASE requirements. But it also requires beating the competitors who provide their expert security solutions for Cloud Native Applications. Hence we also need to look at the pros and cons associated with it.
Pros:
- Unified Security across the organization network
- Ease to Manage and less complexity
- Reduce Administrative tasks
- Ease of Operations
Cons:
- Involves certain amount of cost and expenses.
- Dependencies on Legacy networks and systems associated with it.
- Involves heavy migration and implementation issues.
- Risk of Having one Vendor for a complete Security Solution
Finally, I would like to conclude this in this way.
Every Solution/Architecture was designed and proposed by a long and in-depth research. When it comes to Implementation Phase it will have many challenges and constant upgrade cycle exists as per the experience. Due to the change of technology, increase of risk, adaption to new technologies and cutting down the dependencies on Legacy Devices and solutions are important.
Thanks for reading … I am attaching some resources which provide detailed Information on this model.