There are more devices, more networks, and more apps, in more places than ever before and many companies have changed their business practices to move outside of the corporate perimeter. This means revising IT policy to accommodate the new dispersed workforce. The most successful IT operations focus on enabling users while they are working remotely. A cloud-first model, like a SASE strategy, is needed to support more agile and flexible security strategies. SASE is a new cloud-based network security model that combines network and security solutions into an integrated ecosystem. We see four key reasons why now is the time to invest in a SASE strategy. 

Four key reasons to invest in a SASE strategy

1. Decentralized IT is becoming the norm

Devices are outside the protected perimeter – Workers that are based out of different locations – whether it be at home, in a remote office, or a foreign subsidiary – are all using different devices to collaborate on the same applications. Contractors, partners and suppliers often also need temporary access to shared business information. Each of these roles helps get business done, but the disparity of devices used by these different groups introduces significant complexity. The reality is, despite a decades-long attempt to define corporate IT standards, the industry has reached a point where the lack of standardization is the standard. Which OS does your business use? All of them. What type of users do you allow to access your apps? All of them. What locations are users allowed to work from? Any of them.

Data is transitioning out of the corporate data center Data centers are moving to the cloud with the adoption of IaaS. With users everywhere, and apps everywhere, it doesn’t make sense for IT to own a lot of infrastructure anymore, instead, we are seeing a trend towards leasing cloud infrastructure. There are plenty of reasons why IaaS makes sense but in a nutshell, it makes IT more agile. How? Most IaaS providers have a broad geographic footprint, making it easy to put apps and services closer to users, which reduces latency and improves performance. Additionally, it’s fast! IT can provision small or vast amounts of resources in a matter of minutes. Finally, IaaS makes it easy to scale resources with seemingly limitless capacity.

Distributed apps lack consistent protection – Cloud-based applications are favorable in many modern workplaces because they’re easy and cost-effective for the business to deploy, manage, and maintain; both public and private cloud services have established an acceptable track record, making them viable for businesses of all sizes. Similarly, SaaS solutions are preferred for certain applications because they completely remote the development requirement and maintenance burden on the organization. Gartner has predicted that SaaS solutions will generate revenue close to $105 billion in 2020 alone.

The reality is that many organizations have adopted a decentralized, hybrid environment where data is residing across a diverse infrastructure. Some will maintain control of certain applications indefinitely, but cloud and SaaS solutions have enabled applications to sit outside the corporate perimeter, making access to them a critical area for security services.

 

2. Networking and security are going virtual

Security appliances once made sense because you had one network pipe, and then one firewall at the end that protects everything in the box. Now data and users have left the perimeter, but you still need to protect and connect services to users. How? Many organizations are going virtual with their networking and security.

Virtual networks enable a service provider to provision an efficient networking structure for the applications it hosts and to alter that structure as needed by using software rather than making physical changes to hardware connections. This network virtualization gave rise to the first cloud architectures.

Virtualized security solutions are software-based and designed to work within a virtualized IT environment. The flexibility of virtualized security is especially useful when it comes to securing hybrid and multi-cloud environments, where data and workloads move between multiple vendor products.

When you bring virtualized networking and virtualized security together you get SASE, a new way of delivering network security. SASE is about building an ecosystem of services designed to work hand-in-hand to provide an optimal experience for users and business applications, as well as a more manageable approach to delivering security capabilities in the network.

3. Trust is no longer implicit; organizations need to rethink what they protect

Enterprises used to have one thing they were trying to protect – the data center – and they physically controlled that thing. With a castle-and-moat security model, trust is inherent to those inside the network. With the virtualization of security, these tools may no longer be owned by the organization. Additionally, VPN connections allow potential attackers access to entire network segments because they implicitly ‘trust’ connections without a robust method for verifying the user’s identity or checking the device’s security posture. 

Traditional network security, like VPN, was delivered through appliances that sat at the “edge” of a company network. The edge was a physical space such as a data center or an equipment closet. Legacy VPN was built around the foundation of a corporate perimeter and worked adequately when applications were run from the data center. 

As users developed remote access needs, they leaned on VPN, but remote usage wasn’t the norm; it was the exception. Now that both the applications and the users who access them have moved away from outside the corporate perimeter, this legacy approach simply doesn’t work or scale.  

Cloud-delivered network security is a fundamental shift from the traditional approach. No more boxes, appliances, physical devices. And crucially, cloud-delivered network security is scalable. Without it, you simply can’t buy enough appliances to protect all this data moving out of the corporate perimeter and into the cloud.

4. Traffic inspection is more efficient

With the shift towards SASE, security services such as firewall, SWG (Security Web Gateway), and CASB (Cloud Access Security Broker) will still be valuable for IT. However, it no longer makes sense to have traffic inspection contained within each virtualized security service. Security functionality now needs to be architected in a way that allows analysis to occur separately from traffic processing. There is no need to have multiple virtual appliances decrypting and encrypting traffic multiple times. Your users will have a poor experience with reduced performance, increased latency, and unnecessary bandwidth consumption if data is forced through unnecessary hurdles.

SASE makes it possible to efficiently manage traffic flow without relying on a centralized architecture. Not all applications require the same quality of service or security capabilities to be applied in the network. The network needs to be agile and apply microservices to perform functions on the traffic on-demand, rather than all the time. Context-aware security has been written about in the literature for a long time, but we are only now seeing rich amounts of context such as risk assessments being incorporated into access policies. 

 

We are seeing the old assumptions of good security practices change before our eyes to meet the new normal. A SASE strategy will be the key architecture model for innovative companies moving away from legacy technologies. It is time your business started to plan for the future of network security. If you would like to speak to one of our experts about where to start with your SASE strategy, request a call-back here.