The New Secure Network Requires SASE

Arashad Samuels

In recent months, the concept of the network has changed dramatically. The rapid push for companies to digitally transform and embrace the cloud, mainly due to the COVID-19 pandemic, have resulted in more significant demands being placed on networks than ever. The resultant ‘new network’ real estate of organisations must seamlessly connect any user to any application on any device. It must do so regardless of time and geographic location. And all of this must happen securely. This is where Secure Access Service Edge (SASE) comes in.

SASE is a new model that combines networking and security functions in the cloud to deliver secure access to applications, anywhere users work. What makes SASE so significant is that it includes core functions like software-defined wide area network (SD-WAN), secure Web gateway, firewall as a service, cloud access security broker, and zero-trust network access.

SASE is a framework as opposed to a solution that must be installed. This has seen sceptics argue that SASE is just a new name for things that have been in place for a while. And while the likes of SD-WAN, secure Web gateway, and others have been around, SASE consolidates all of them into a single, integrated cloud service. It represents the convergence of all their capabilities into the cloud and delivering them as a unified service.

The hybrid world

As more employees return to their offices, business and technology leaders must balance the needs and requirements of on-premises workers and those who remain part of the distributed workforce. This sees attention shifting to existing network infrastructure and how effective it will be to deal with a hybrid user base.

Part of this entails reimagining your office connections to ensure both wired and wireless networks can effectively support those employees who have returned to the office. Reinforcing network security and redefining the IT experience by integrating innovations such as automation and artificial intelligence-enabled analytics should ideally be done now.

The evolution into this hybrid environment and the accelerated move to the cloud and edge applications mean the network must also manage the demands SASE will place on it. How companies manage cloud-based security with existing on-premises solutions should be a priority.

Overcoming obstacles

This is not to say that transitioning to a SASE-enabled networking environment does not have other challenges to consider. But what SASE does well is to bring the historical divisions between technology and security together. Some companies might not be comfortable in managing this themselves. To this end, a managed service provider approach could be used until both the team skills and budget are available to self-manage.

And then there is the not insignificant issue of dealing with legacy infrastructure and how to manage that. Companies do not want to waste the existing investment they have made into network architecture pre-pandemic. A hybrid approach can help facilitate this and give organisations the best of both worlds. However, SASE must be implemented at a policy level to help ensure businesses remains cognisant of what is required throughout the network reimagining process.

New opportunities

Moreover, SASE gives companies the ability to identify end users, devices, Internet of Things systems, and edge computing locations. It also provides direct and secure access to applications hosted anywhere, including data centre cloud-based services.

Adopting this platform-centric approach to security lets companies connect users to the applications and data they need to access. They can also control access and enforce the right security protection anywhere users work. SASE converges networking and security functions to deliver secure connectivity as a service. And with today’s companies planning for a cloud-oriented transformation by consolidating vendors and adopting integrated, cloud-first solutions, this consolidation is fully realised through a SASE platform.

With SASE, businesses gain better control over every user and any app, over any network – without a degradation in performance or user experience.

Agility in implementation

One of the key value propositions of SASE is that it can be delivered as a service to companies. This does require a strong cloud infrastructure on the backend. However, it is not only about the number of data centre locations, but also how well the organisation is connected to other providers through peering relationships and sessions.

It would be very challenging for a business to create and maintain this on their own, which is why there is huge value in consuming a complete SASE architecture from a single provider. As mentioned, a managed service provider can significantly help in this regard, ensuring the organisation can consume SASE as a subscription service while remaining focused on achieving its core business objectives.

For instance, a US-based multinational in the aerospace industry needed to improve the networking performance of its 78 000 users based at more than 900 sites across 70 countries. Bringing the level of consistency required was an SD-WAN solution that evolved into a comprehensive SASE approach that effectively integrated its networking and security requirements.

Another example where SASE provided the best option to bring integration between security and networking was a European company with approximately 78 000 employees in over 100 countries that had to improve end user and data security. SASE provided the ability to unify multiple network and security use cases across one vendor while still enabling a trusted link between on-premises data and cloud-based data.

Future perfect

But it is not just about using security and networking products that are delivered from or managed in the cloud. There are thousands of different products that offer this already. Instead, networking and security functions need to be completely integrated in a single service.

The ultimate vision for SASE is to deliver seamless, secure access to any application, over any network or cloud, anywhere users work. This can be done by combining best-in-class networking, client connectivity, security, and observability capabilities into a single subscription service. And by going this route, companies can easily procure, set up, and use SASE from a single cloud dashboard.

  • Arashad Samuels, Cisco SecOps Lead – Africa


Please enter your comment!
Please enter your name here