Cloud-Delivered Secure Access Service Edge (SASE): Comprehensive Network Security with WAN capabilities

Gartner Group has recently published research and thought leadership pieces that discuss SASE (pronounced “sassy”) and why this emerging technology needs to be considered by enterprises operating in the cloud and on the Internet. Its worth a look at the drivers behind SASE and why network decisions should include the SASE concept.

Gartner’s Market Landscape

Traditional network offerings are not suited to delivering reliable, agile, cost-effective and high-performing solutions in support of hybrid cloud IT architectures.

Planning Assumptions:

  • 30-25% of large enterprise traffic is shifting to the cloud, changing traffic flows and making the traditional WAN suboptimal.
  • 20% increase in enterprises WAN bandwidth per year at the branch. Network traffic is doubling every three years.
  • Through 2021, organizations that isolate and remove digital business communications services from direct public internet access will experience 70% fewer successful attacks than organizations that didn’t adopt isolation.
  • By 2023, 30% of enterprise locations will use internet-only WAN connectivity, up from less than 10% in 2019, to reduce bandwidth costs.
  • By 2024, at least 80% of enterprises will have moved branch office security to cloud-based or hosted services, up from less than 20% in 2019.
  • By 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018.

SASE is an emerging offering combining comprehensive WAN capabilities with comprehensive network security functions to support the dynamic secure access needs of digital enterprises.

SASE Defined

The secure access service edge is an emerging offering that combines comprehensive network security functions (such as SWG, CASB, FWaaS and ZTNA), with comprehensive WAN capabilities to support the dynamic secure-access needs of organizations.

SASE capabilities are delivered as cloud-based services driven by the identity of the entity, real-time context, organization security/compliance policies and continuous assessment of risk/trust throughout the sessions. Identities of entities can be associated with people, groups of people (branch offices), devices, applications, services, internet of things (IoT) systems or edge computing locations.

SASE Capabilities

  • Core Capabilities: SD-WAN, SWG, CASB, ZTNA, and FWaaS, all with the ability to identify sensitive data or malware, and the ability to decrypt content at line speed, at scale with continuous monitoring of sessions for risk and trust levels.
  • Recommended Capabilities: Web application and API protection (WAAP), remote browser isolation, recursive DNS, network sandbox, API-based access to SaaS for data context, and support for managed and unmanaged devices.
  • Optional capabilities: Wi-Fi hotspot protection, network obfuscation/dispersion, legacy VPN and edge compute protection (offline or cached protection).

SASE is in the early stages of development. Although adoption of SASE will occur over the next several years, successful vendors will be easy to identify within three years.

Both network and security vendors should remember:

  • End-user demand will continue to ramp quickly for SASE, especially as SD-WAN expands to an even broader offering of multiple security services.
  • Slower moving incumbents that do not pivot to SASE quickly enough will be displaced.

It is critical that SASE providers be able to terminate and inspect encrypted sessions, where required, based on policy with a scalable (ideally, software-based) architecture.

Other important services include DNS protection, remote browser isolation, Wi-Fi hot spot protection, traditional VPN services, and web application and API protection services. Some vendors will offer network privacy-as-a service, hiding enterprise network infrastructure from visibility when using SASE services.

The Problem We Solve

Public cloud computing has rendered traditional enterprise wide-area networks (WANs) suboptimal, from a price, performance and security perspective. Software-Defined Wide-Area Networks (SD-WAN) have revolutionized how enterprises manage their wide-area networks. However, SD-WANs increase the enterprise’s public exposure and therefore its cyber profile, rendering traditional security methods inadequate. NetAbstraction provides the protection lacking in the traditional SD-WAN and is the next generation of wide-area networking.

NetAbstraction provides a simple but very effective solution that obfuscates and anonymizes WAN traffic, enables private browsing and privatizes application-to-cloud connections.

While SD-WAN has made the enterprise’s use of their WAN more efficient, it has not solved some of the fundamental issues in today’s WAN. Leased lines and MPLS services are static and make a fixed target for cyber attack. They also limit the ability to elastically meet bandwidth demands. When considering the use of the Internet or cloud, there are significant cost savings, but performance and security are key concerns.

NetAbstraction is a natural fit in Gartner’s new SASE category, providing the network security that enterprises need as part of the digital transformation.

Relevant Gartner Research:

2019 Strategic Roadmap for Networking, dated 10 April 2019

Jonathan Forest, Neil Rickard

Market Trends: How to Win as WAN Edge and Security Converge into the Secure Access Service Edge, dated 29 July 2019

Joe Skorupa, Neil MacDonald

5 Options to Secure SD-WAN Based Internet Access, dated 28 August 2019

Bjarne Munch, Craig Lawson

The Future of Network Security is in the Cloud, dated 30 August 2019

Neil MacDonald, Lawrence Orans, Joe Skorupa

Forecast Analysis: Enterprise Networking Connectivity Growth Trends, Worldwide, dated 20 September 2019

Gaspar Valdivia, Lisa Unden-Farboud, To Chee Eng, Gigory Betskov, Susanna Silvennoinen

Emerging Technology Analysis: Cloud-Delivered Network Security is an Essential Step in SASE Transformation, dated 4 October 2019

Nat Smith

Emerging Technology Analysis: SASE Poised to Cause Evolution of Network Security, dated 22 October 2019

Nat Smith, Neil MacDonald, Lawrence Orans, Joe Skorupa

Emerging Technologies and Trends Impact Radar:  Security, dated 13 November 2019

Lawrence Pingree, Nat Smith, Elizabeth Kim, John A. Wheeler, Ruggero Contu, Eric Ahlm, Mark Driver

Critical Capabilities for WAN Edge Infrastructure, dated 26 November 2019

Jonathan Forest, Mike Toussaint, Mark Fabbi

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *