SASE: Accelerating Security’s Shift to the Cloud
Even before the pandemic began, IT teams were reimagining the design of networks to improve the security and performance of the apps and devices that connected to them. While the pandemic and shift to remote work certainly accelerated this redesign, the wheels were already in motion as a result of several converging trends.
- Apps have evolved. Applications are not just hosted in the data center anymore. Today, an organization’s app mix may include web and SaaS apps running in an on-premises, cloud or edge compute environment—or a combination of those environments. In addition, an app’s makeup is more dynamic than ever. A single app can run in multiple environments, and microservices let IT teams run certain app functions in different environments simultaneously.
- Remote work is here to stay. Employees now access these apps from the network edge in remote work sites and home offices. And their network needs vary drastically. A radiologist who reads patient charts with graphics-heavy applications requires a different kind of network than a writer who uses only a handful of productivity apps. The volume of remote workers and their differing performance needs puts unprecedented pressure on traditional networks.
- Security threats are increasingly complex. With apps and users everywhere, the traditional “trusted” security perimeter has completely dissolved. Threats across the network are harder to detect, and attacks are getting more sophisticated.
Considering these converging trends, the traditional network and security model is now obsolete. That model involves serving up an app over a server to a headquarters or branch location that’s behind a security firewall. A new model conceptualized by Gartner is fast gaining momentum as a viable solution—Secure Access Service Edge (SASE). This new model brings together networking and security and delivers both as a service from the cloud.
But First, a Word About SD-WAN
To understand the significance of SASE, it’s important to first understand the shift from legacy, hardware-based networks to software-defined networks. This shift has been underway for some time.
In the past, an enterprise would deliver an app by connecting users to a data center where the app resided. This data center was typically located behind a security stack at the company’s headquarters. This can be described as the “hub-and-spoke” model.
As the cloud entered the picture, IT needed a way to keep the app behind the security stack while deploying it outside its data center. This need forced them to employ one of two inefficient models:
- Hairpin traffic back to the cloud. Application traffic takes a roundabout route from a data center, to the cloud and back to the data center—all before getting to the user. Performance suffers.
- Connect every branch to every cloud. This model is also known as “mesh.” IT operations knows it as “a nightmare.”
A Software-Defined Wide Area Network, or SD-WAN, creates a WAN overlay that connects branch locations with the app, no matter where it’s located. The WAN overlay provides the optimal app experience and performance by taking care of all the connectivity and automation on the backend. The WAN overlay can be thought of as the “application traffic cop” model.
Why Shift from SD-WAN to SASE Now?
The saying “what got us here won’t get us there” now applies. Although SD-WAN made significant strides in delivering apps to users, it’s optimized for connecting branches and certain home workers. Today, enterprises have a growing number of remote users, devices and services outside of the branch. This means businesses must again route everything through the data center. SASE takes SD-WAN to the next level that businesses need today. Continued on the next page…
- Page 1
- Page 2