Secure access services edge (SASE) will become the predominant security network architecture in organizations, particularly in light of the shift to remote working due to COVID-19, according to Nat Smith, senior director analyst at Gartner, speaking during the Akamai Edge Live virtual conference
Smith began by noting that the concept of SASE is new, and there is still doubt about its effectiveness. He defined SASE as essentially “taking things that were traditionally networking, like services and capability, and things that were traditionally security, particularly network security, and consolidating them.”
In the context of home working, which has increased dramatically as a result of COVID-19 lockdown measures, Smith explained that employees need access to three different services: external applications such as Office 365, enterprise private apps and internet access. While traditionally, three different security solutions would be used for each of these areas, SASE would look to converge these into one.
He added this would also expand into areas such as firewall as a service (FWaaS) and remote browser isolation, “bringing them together into a single offering.”
The starting point for implementing SASE in organizations is to look at how five contributing segments are operating. These are SD-WAN, FWaaS, secure web gateway (SWG), cloud access security broker (CASB) and zero-trust network access (ZTNA). Under SASE, “all five of these segments will eventually collapse and become one offering.” This would mean, instead of using five different vendors, companies will only have to select one.
The other aspect of SASE is taking appliance-based products and turning them into cloud-based services. To keep these networking and security services close to the users, this will be on the cloud-edge, which is especially important in the context of COVID-19. “The more these things are in the cloud, the more agile and resilient your organization will be,” noted Smith.
The cloud-edge is an important aspect of SASE, especially for organizations with global operations, according to Smith, as instances of its stack can sit in multiple locations and it is also “extremely sensitive to latency.”
However, Smith cautioned that SASE is not yet ready to be implemented in most organizations. Instead, it will be a gradual process of consolidation, which is already starting to take place. For example, it’s very common to now see SD-WAN vendors competing with firewall vendors for the same business, both capable of providing the same kind of service. “As we move into 2021 and 2022, we expect this to increase,” he added.
Smith concluded: “SASE is one of those things we recognize as a movement. It’s going to take a bit of time for most organizations to fully move and embrace it, and some vendors need to mature a bit on some aspects of SASE.”