All servers are in the cloud, leaving none in what was your data center. All users may be working from any of a large number of places on networks that you do not own, manage, or have visibility into. Data and network security are now your primary concerns.
If this scenario does not currently describe the state of your IT infrastructure, eventually it will. Since we were forced to discover the value of having our people working from home, more companies have been accelerating their cloud migration and paying strict attention to providing a highly-accessible, highly-secure work environment for all of their users. Many IT managers faced with the challenge of protecting expanded threats have been inventive in building their solutions, with band-aid after band-aid applied to reach the ultimate goal: secure, robust, simple, agile networking.
Fast and Secure. You Can Have Both!
One rapidly emerging strategy for providing fast, secure access to a widely dispersed user community was dubbed Secure Access Service Edge (SASE) by no less than Gartner. What it is called pales in importance to what it is.
SASE combines the fast transport of SD-WAN with cloud-native security services going well beyond next-generation firewalls (NGFW) and secure web gateways (SWG) to also incorporate Zero-Trust Network Access (ZTNA) and cloud access security brokers (CASB) into one single service model.
Your first takeaway from this should be that there is no new technology here. Every component is a tried-and-true proven performer. SASE is an architecture for bringing data transport services together with required security systems all in the cloud. This enables SASE to deliver the immediate, uninterrupted network access to data, applications, and other cloud resources to users wherever they may be and whatever device they may be using. Former approaches to security simply cannot keep up with the increasing demand of today’s networks. SASE represents the logical next step in the evolution of technologies that have already been converging much more slowly over the past few years.
Major SASE Requirements
Any qualifying cloud provider offering SASE must have a global SD-WAN network that includes a network of private points of presence (PoP) worldwide. The major benefit is staying off the public internet where latency is a huge problem. Also, rather than backhaul all network traffic for security inspection, SASE architecture puts it at the PoPs.
Though we have referred to it repeatedly, it serves to emphasize that everything about SASE is cloud-native, using a converged, multi-tenant software stack. Some providers have claimed to be offering SASE when all they are doing is chaining together various, discrete network and security devices. Any good SASE solution must truly be turn-key.
Also, rather than determine security or network access based on a given IP address, SASE bases everything on user identity, including the device in use and the location of the user at the time of access.
The Good
Properly architected and deployed, SASE brings several powerful benefits to business networks, the first of which is the ever-important cost savings that every IT Director seeks. Since it is all cloud-native and cloud-based, there are few or no hardware vendors involved, eliminating many expenses. The core cloud characteristic of multi-tenant, with its built-in economies of scale, also reduces the costs for each user. Though SASE is currently in infancy, rapid development will also bring faster competition, which will further drive costs down.
Since SASE requires a global SD-WAN service and a private backbone with built-in optimization, you will not be compromising performance to achieve lower costs. The combination of local inspection of traffic flow, combined with identity-based security, also contributes to performance improvements.
SASE also means an end to updating, patching, scaling, or otherwise adjusting appliances as everything is managed in the cloud by the SASE vendor.
The Bad
Some may be concerned that there are no new technologies enabling SASE, but nobody ever complained about making the most of what you already have. Others may find that the reduction of flexibility inherent in a packaged solution like SASE gives them less control, however a reduction of heavy lifting should help to allay those concerns.
In for the Long Term
While SASE is a relatively new architecture, it makes tremendous sense to pair SD-WAN speed with cloud-native security. Valid models are continuing to emerge, but it will be a while before SASE achieves its full potential. For those who run their business “in the leader-quadrant,” now is the time to align with experts who can help you to realize the full benefits of SASE for today and for the future.
What to Do?
Contact Packet Fusion for a thorough analysis of your WAN and security. We will provide a detailed overview of all the players in the SASE market today and identify those that best fit your needs. Please view www.packetfusion/cloudadvisor.com or reach out to sales@packetfusion.com.
As CEO of Packet Fusion, Matt sets the tone and vision for our company and our customers. His 20+ years in telephony gives him a deep understanding of unified communications and collaboration technology. He is an engaging presenter and has a knack for breaking down the often over complicated VoIP technologies into plain and simple English. Outside of PFI, Matt’s happy place is on the golf course or on a bike ride with his daughters.