SASE, or secure access service edge, is an integration technique that’s picked up in popularity in recent years.
The idea behind it is to combine numerous network-based security functions — such as secure web gateways, firewalls, zero trust network access (ZTNA) and cloud access security broker functionality — with software-defined wide-area network into one solution.
It’s a bit more complex than simply lumping network and security capabilities together, but once understood, the integration can provide partners with an intriguing selling point.
Research firm Gartner is said to have first defined the term SASE back in 2019, so its opinion on the matter shouldn't be ignored. Bjarne Munch, senior principal analyst at the firm, believes SASE offers improved performance due to operating out of one piece of software and improved operations through uniform policies.
“A key driver for SASE right now is the large number of employees that work remotely because current IP VPN- [virtual private network] and firewall-based security is too crude and generally allows too much access,” he told ARN.
“With ZTNA it is possible to define very granular access policies, per employee, per device and location, and hereby ensure uniform security policies across all locations.”
The popularity of SASE is expected to snowball over the next few years, with Gartner claiming in its Market Opportunity Map: Secure Access Service Edge, Worldwide report from July that by 2023, SASE will be the dominant consumption model for WAN (wide area network) edge in new and updated deployments.
The same report also forecast that the enterprise adoption of SASE will grow at a compound annual growth rate (CAGR) of 36 per cent through to 2025.
Some partners are starting to capitalising on SASE, with managed services providers Converged Communication Network Applications (CCNA) in Sydney and Oreta in Melbourne both skilled in the area.
Craig Sims, co-managing director at CCNA, views SASE as an enabler of secure and fast cloud transformation. Specifically, Sims sees SASE tying together SDWAN (software-defined wide area network) with security functions like threat prevention, web filtering, sandboxing, DNS security, credential theft prevention, data loss prevention and next-generation firewall policies.
Meanwhile, Sachin Verma, co-founder and managing director at Oreta, believes SASE offers boosted network performance and a reduction of the number of vendors being used in one cloud-delivered service model.
One of the benefits of the integration technique, according to the partners, is a focus on simplification.
For example, Sims pointed to easy-to-deploy cloud solutions, ease of management, scalability of the WAN and cost reductions, resulting in a consistent edge to edge secure network solution.
“A good SASE solution will look at the real edge — the end user or the edge device — and not the branch office or the data centre,” he said.
Similarly, Verma said the technique largely offers “simplicity and flexibility” to manage WAN traffic and security from one place.
While dealing with an offering from a single vendor can simplify things, Munch also said enterprises will need to put all of their security solutions into one basket, which might not be an attractive prospect to some.
“A key negative is that many enterprises may look at different vendors as their preferred brand for these various functions,” he said. “This means that in order to get to a full SASE solution they may need to compromise on their preferred vendors in certain areas.”
As a result, this places partners at a crossroads — whether to provide a SASE offering from a single vendor, or multiple security offerings from a variety of vendors.
“SASE is still new and there are only a few vendors that have all the functionality required of a SASE solution, but many of these vendors are not equally good in all areas,” Munch added.
“This means that enterprises or businesses that would like SASE need to approach it as a strategy where their need to ensure that what they buy today has a roadmap to a full SASE solution.”
Due to the reliance on cloud-based functionality, Munch noted, situations where accessing the cloud is not available could be better suited to an on-site security deployment.
Read more on the next page...