Amid a growing alphanumeric list of acronyms from A to infinity, the secure access service edge (SASE) represents a new-kid-on-the-block network architectural approach that can consolidate and simplify network and security IT service management functions. Emerging SASE is well-positioned at the network’s edge, with the cloud pitching in to connect and protect your widening network and app playing field (enterprise WAN).
Coronavirus Infection Disease 19 (COVID-19) is one acronym we can’t seem to rapidly shake from our lexicon or daily experience. Its relevance pervades nearly every story, every phone conversation, every country or state, every person. Its potential for disrupting systems lays in the remedial focus of nearly every health professional, government organization, and benevolent business coalition.
The pandemic has forced us apart, atrophied our physical world, made communications and data sharing more difficult to join, enable and consume… It has tested network bandwidth and application performance and security systems; made hackers bolder and less outwardly compassionate.
A sexy new architecture called SASE has arisen, converging the previously siloed network and security elements while championing a flexible software-driven approach to network management and remote data access and sharing.
SASE is a cloud-based edge network and security architecture that consists of more acronyms: SDN and SDP. Think SDN + SDP = converged network and security at the fluxing digital perimeter.
- A software defined network (SDN) enables an organization with limited reach to offer service and protection to remote workforces and distributed network access points without physical world equipment concerns. It is in a sense an infusion of network- and security-as-a-service across network endpoints, private enterprise WANs, and hybrid cloud perimeters.
- A software defined perimeter (SDP) represents that secure policy overlay from which organizations or their managed service providers can orchestrate protective policy out to all connective devices and humans using the network.
Rapid SDN Access and a Secure Edge from the Cloud
So why is that fuzzy thing called the cloud needed, when you can simply install software on all of your own network equipment?
Your workforce is hungrily grabbing data and making connections for the company and themselves using Google accounts, Microsoft business apps, Zoom communication platforms, Internet access, and storage in the cloud, uploading data onto a third-party network vendor’s server and downloading files to hard-drives. Studies show even small and midsize enterprises employ 4 or more cloud providers. Your workforce is already in the cloud.
This brings access requests from far away, or while on the run, representing more network bandwidth that you now have to support as an IT organization. Why not get the help from the cloud when your private MPLS network and on-premise data center is so far away, requiring excessive hops for network policy enforcement? Are you going to place a router and firewall at every individual access point? The network management responsibility to cover this expanding, dissipating network perimeter might be overwhelming if not for the cloud.
For enterprise network managers, visibility and control represent potential trade-offs in the exchange with cloud providers. With data no longer hosted in your data center but now out at the device level, and within cloud storage access points, your visibility is suddenly bleak. Break through this foggy network-vs-security-vs-business-siloed landscape and get greater visibility over the new network edge via a SASE network architecture from OPAQ.
Starter Tips for Moving to SASE
So you’ve moved to the cloud, to the edge, exchanging data farther and wider. With increased remote access it becomes harder and more expensive to process network data in this new outside-in direction, more difficult to enforce network and security policy across your evaporating network perimeter and distributed workforce, harder to continue to support the traffic explosion and service demand.
Five SASE Starter Tips:
1) Measure cloud usage and performance impact: Cloud SaaS and IaaS providers deliver email to your remote workforce and leadership team; enable you to connect in teams over videoconferencing. They allow your employees to download files and back up data (save their work) in the cloud. Evaluate the application performance and how you are securing this traffic. Are you backhauling all traffic, including VPN services, to your firewall appliance, wasting network space and tolling VPN concentrators?
2) Focus SASE as a business enabler, where CIOs, digital transformation officers, and network and security owners embrace how the cloud and advanced network functions, such as SDN and NFV (network function virtualization), can optimize their organization’s business operations and growth.
3) Orchestrate a software-defined network (SDN) to support this expanding edge computing. Rejuvenate or virtualize infrastructure that is now impeding core network service or performance.
4) Integrate a ZTA approach amid this network transformation and modernization. Network security personnel with zero-trust access architecture and network segmentation experience should be engaged from the start, to ensure that the new network architectures don’t open up costly vulnerabilities. A SecOps/Zero Trust Architecture (ZTA) approach should be leveraged during any network expansion, major traffic re-routing, or data migration.
5) Protect at the device level. Physical infrastructure can be targeted. A software defined wide area network must balance rapidly deployed cloud access with the equipment itself, those moving, wandering… or bunkered down… endpoints who need to connect. Be able to orchestrate services that balance security and privacy to meet remote access and bring your own device (BYOD) policy requirements.
- Central network control, with highly available distributed access.
- The ability to shift network traffic from one flow to another based on smart resource utilization.
- Private network accommodation, so, as your remote devices receive service, all your traffic on the internet isn’t over public networks.
- The ability to rapidly set a ZTA security edge, a software-defined perimeter (SDP), that inspects traffic and transport out on the edge, the point of access, without tolling your private network and incurring multicloud egress fees.
- The ability to deliver reliable remote access and performance while segmenting your innards from harm. Remote users and mobile devices will access payload from the Internet and cloud and then plug right back into your private enterprise networks. Midsize organizations and small IT teams can now look to the cloud to help to enable and protect these remote devices and distributed equipment.