Essential Security Elements Defined
Any true SASE solution must include a core set of essential security elements. To realize the full potential of a SASE deployment, organizations must understand and implement these security components across the WAN-edge, LAN-edge, and Cloud-edge.
- A fully functional, SD-WAN solution. SASE starts with an SD-WAN solution that includes such things as dynamic path selection, self-healing WAN capabilities, and consistent application and user experience for business applications.
- An NGFW (physical) or FWaaS (cloud-based) firewall. SASE also needs to include a full stack of security that spans both physical and cloud-based scenarios. For example, remote workers require a combination of cloud-based security for accessing resources located online, and physical security and internal segmentation to prevent network users from accessing restricted corporate network resources. However, physical hardware and cloud-native security need to deliver the same high performance at scale, enabling maximum flexibility and security.
- Zero-trust Network Access. It is primarily used to identify users and devices and authenticate them to applications. Because ZTNA is more of a strategy than a product, it includes several technologies working together, starting with multi-factor authentication (MFA) to identify all users. On the physical side, ZTNA should include secure network access control (NAC), access policy enforcement, and integration with dynamic network segmentation to limit access to networked resources. And on the cloud side, ZTNA needs to support things like microsegmentation with traffic inspection for secure East-West communications between users, and always-on security for devices both on and off-network.
- A Secure Web Gateway. It is used to protect users and devices from online security threats by enforcing internet security and compliance policies and filtering out malicious internet traffic. It can also enforce acceptable use policies for web access, ensure compliance with regulations, and prevent data leakage.
- A CASB. A cloud-based service enables organizations to take control of their SaaS applications, including securing application access and eliminating Shadow IT challenges. This needs to be combined with on-premises DLP to ensure comprehensive data loss prevention.
SASE – The Convergence of Networking and Security
At a high level, implementing SASE really comes down to enabling secure connectivity and access to critical resources from anywhere on any edge. Unfortunately, very few vendors can provide this because their portfolios are full of disparate, acquired products, or they simply don’t have enough breadth to provide all of the security elements that a robust SASE solution requires. And even when they do, their solutions simply do not interoperate well enough to be effective.
This is a problem, because for SASE to work well, all of its components need to interoperate as a single integrated system – connectivity, networking, and security elements alike. Which means every component needs to be designed to interoperate as part of an integrated strategy bound together by a single, centralized management and orchestration solution. They also need to seamlessly integrate with the larger corporate security framework, as well as dynamically adapt as networking environments evolve. If not, it’s not a true SASE solution.
The recent market momentum around SASE is exciting because it underscores the need for a Security-Driven Networking approach. In the era of cloud connectivity and digital innovation, networking and security must converge. There’s no going back to outmoded and siloed architectures.
