“This means cloud-first networks, largely moving away from MPLS and other legacy tech…”
For some, SASE has been filed away as another concept which has struggled to make the leap from hype to disruptor, writes Paul Liesenberg, Director, Product Management, Aryaka Networks. The leading global network enterprises are however seeing it slightly differently, with a gradual shift towards this SASE model picking up pace in recent months.
Why is this? There is no easy response, but the proliferation of the Everything-as-a-Service model that many enterprises are turning to hints at the answer. This is because SASE’s architectural model is optimally suited to support the consolidated networking and security needs that come with XaaS. Enterprises are looking for an agile solution that gives them the connectivity they need, alongside best-of-breed security practices that protects their network and devices wherever they compute.
What is SASE?
SASE, first introduced by Gartner in 2019 as a new enterprise networking technology category, is a form of enterprise architecture that converges WAN capabilities with cloud-first security solutions. In essence, SASE is a cloud-native approach to protecting and securing WANs.
Modern businesses are increasingly looking at running across the cloud, and so this cloud-native approach is gaining significant traction. Whether it be UCaaS solutions (Zoom or Microsoft Teams etc.) or cloud-first applications (Microsoft Office 365, Salesforce etc.) these are more business critical than ever, but they need both the network connectivity and security to be optimised.
SASE can be broken down into two bite sized chunks to help define why it promises to be such a disruptive architecture.
The first of these is Secure Access. This protects the network by coordinating access through user identities. Working across Network Access Point’s, Secure Access uses Cloud Access Security Brokers as well as zero-trust methods.
Alternatively, Service Edge enables point-to-point security, regardless of whether the source is from a branch location or a mobile worker. Capabilities of Service Edge include anti-malware and strong encryption of all communications across the network.
These two combine to make SASE, which despite being in a period of relative infancy, is starting to shake-up cloud computing, and business networks across the WAN.
Cloud-first or cloud-only: the present and the future
It is clear now that businesses are increasingly looking to the cloud for computational advantage and to help their business expand. Catering to this cloud-first model has been a key driver behind increasing SD-WAN adoption.
Despite this, while many enterprise architects envision a cloud-first architecture, extremely few have migrated to a cloud-only architecture. Many businesses instead continue with this hybrid cloud model that combines public XaaS with private cloud elements. This creates a hybrid approach to their network security architecture, mixing advanced branch security elements with several cloud-embedded security elements.
What does this mean for SASE? Well, that it still has some hard yards ahead of it before there is widespread adoption.
SASE: on the verge of mainstream?
SASE, as an integration of two existing technologies, is still finding its operational feet, since the term was coined by Gartner last year. An important fineprint that some seem to have missed is that Gartner acknowledged that SASE is likely to take another three-five years before it becomes mainstream.
So, if SASE uptake is still a few years in the distance, then what is going to be the model for the next few years? Well, now more than ever, enterprise security needs to be agile, flexible and, crucially, able to change according to the architectural demands. This will be the network security model: the ability to tailor a solution to existing needs whilst gradually implementing systems that will make the migration to a SASE architecture as smooth as possible, when this becomes available.
What are the benefits of security and network consolidation?
For the time being, in the stage before widespread SASE adoption, the networking market has been focused on consolidation, offering solutions that combine networking at the edge with a branch-first security approach.
This approach, as a form of a SASE precursor, has the following benefits:
- Better network performance – SD-WAN features, such as built-in WAN optimisation and improved connectivity, boost an enterprises network capability.
- Reduced costs – Strategic partnerships across the SD-WAN space ensure that the enterprises are no longer overburdened with multiple vendors and components in their network.
- Cloud-centric security deployment – Threat prevention can be performed in real-time across the network, delivering integrated security as-a-service.
These benefits will go a step further as SASE develops in the coming years, with network performance and improved security practices becoming consolidated as one.
What does SASE hold for the future?
SASE is in many ways following the trend of enterprises increasingly looking to become cloud-first. This means cloud-first networks, largely moving away from MPLS and other legacy tech, but it also means cloud-first security, that protects the network primarily at the edge.
Because of the changing business needs, enterprises are prioritising flexibility, simplicity and agility, and cloud-first architectures give them this. Security can be deployed across the enterprise network, protecting branches across the globe, whilst SD-WAN will continue to ensure that enterprises have the connectivity they need for their as-a-service operational model.