There has always been a strong need to support distributed workforces in an agile and cost-effective way, and 2020 has proved this to be truer than ever.

The rising remote workforce has been a tremendous accelerant to digital transformation and we are witnessing a tectonic shift in which organizations are transitioning users, applications and data from on-premises to the cloud. There is no doubt that this transformation will improve agility and competitiveness, but it will also require enterprises to reassess how they connect and secure their connections.

Secure Access Service Edge or SASE reflects this change: As the landscape evolves, so must the technology.

Migrating next-gen firewalls to the cloud

Previously, network security focused on safeguarding the physical transport of data, encrypting traffic and utilizing authentication controls to identify users accessing the corporate network and its data assets. As organizations started to recognize the benefits of data access and sharing, they quickly shifted to give each employee access to information. They added security features to mitigate risks, including web access controls and anti-malware, because of this.

However, that only increased costs and overall complexity. It took years for companies to develop a security strategy and upgrade their security deployments with state-of-the-art firewalls that also integrated other capabilities.

That brings us to SASE, a network architecture that combines wide-area network capabilities with cloud-native security functions, such as secure web gateways, cloud access security brokers, firewalls and zero-trust network access, with the goal of supporting the dynamic secure access needs of organizations. With SASE, organizations can consolidate standalone, vendor-specific technologies into this new architecture, making orchestration easier for information technology and security teams.

In short, SASE takes the security-related applications and services that are currently running on a next-generation firewall and migrates them to the cloud. That allows IT and security teams to focus on the individual users who are accessing the applications and set up personalized policies that can be seamlessly applied across all relevant users, applications and services, at scale.

A SASE foundation

A SASE architecture integrates multiple security features that were previously standalone applications into a single service. In the past, IT and security teams used software-defined wide-area networking to maintain disparate applications separately. But it is no longer necessary with SASE since applications such as firewall as a service and advanced threat protection are already integrated.

Compared with more established SD-WAN technology, a SASE architecture centralizes control of applications, data and users, enabling security and IT teams to correlate security incidents and warnings. Whereas SD-WAN uses a virtual software overlay to connected branch offices, SASE creates a cloud-based distributed architecture that focuses on connecting endpoints, such as offices and individual devices. Moreover, SASE includes security by design, which SD-WAN does not, making a big difference in remote work environments.

Implementing a SASE architecture enables organizations to control who has access to data, from where and on what device. Since it views and classifies all traffic, a SASE architecture can recognize and categorize traffic originating from outside the network that is attempting to gain access.

That shuts down one of the security gaps that organizations often could not close when they pivoted to enable remote work – a point when organizations’ priority was business continuity, not security. With a flexible SASE architecture, organizations can ensure both, knowing that connections across the network are inspected and secured, no matter what.

Deploying SASE across the network

The single biggest benefit of SASE is a centrally orchestrated architecture, which simplifies operations and reduces the time it takes to maintain the architecture. However, organizations that want to utilize SASE should consider the initial investment costs and determine if implementing a new architecture in stages makes more sense for their needs.

In doing so, organizations must consider timing and assess the goals they expect to achieve, as a result. For some enterprises, it might make sense to roll out based on location, by running a pilot in one branch office and then onboarding others after its successful completion.

Another critical aspect in migration to a SASE architecture is that organizations cannot simply rip and replace old infrastructure with a new one that conforms to SASE principles. It is critical to bridge and continue to manage at least part of the old infrastructure, considering how to reduce complexity and simplify management. In a traditional WAN with Multiprotocol Label Switching or MPLS, the traffic from branch offices and subsidiaries is routed to a central data center. With rising data volumes, that can impact reliability and accessibility.

As SASE combines security solutions, teams have a transparent overview of all network activities, which includes the monitoring and classification of traffic on all ports without any administrative effort. Moreover, in moving from a capital expense to an operating expense model, costs are not only reduced, but are easier to budget.

With connected security at its core, SASE is the convergence of network and security. Every authorized user and device is part of the security defense and protection system – regardless of their location.

The SASE market is only just emerging and it will undoubtedly disrupt networks and network security architecture. With remote work continuing into 2021, this is the perfect opportunity for SASE to take off and go from being an early-adopter concept to being widely used.

Several industries have already implemented SASE as early adopters – healthcare and retail industries among them. However, other industries would be wise to recognize the success of SASE and look to develop and implement a plan, as they take advantage of new technologies.

Samantha Madrid is vice president of Juniper Networks Inc.’s security business and strategy. Juniper detailed its own move into SASE earlier this year. Madrid wrote this article for SiliconANGLE.

Image: klimkin/Pixabay