Sponsored By

SASE: Finding Value as a Security SolutionSASE: Finding Value as a Security Solution

Cloud services require a new approach to security.

Gary Audin

December 19, 2019

3 Min Read
IT security

As the number of users, devices, applications, and services move out of the corporate data center and into the cloud, enterprises must consider a change in their security architecture. Some are looking to employ security-as-a-service capabilities as part of a cloud-delivered secure access service edge (SASE).

 

Security Access by Identity

SASE solutions deliver cloud-based services using the identity of users/endpoints. Identities can be associated with internal and external people, collaboration sessions, devices, applications, Internet of Things (IoT) systems, or edge computing. In addition, SASE solutions enforce security/compliance policies and evaluate risk/trust assessments during sessions. This enforcement is independent of the identity location requesting the service.

 

In the Gartner report “Hype Cycle for Cloud Security, 2019,” SASE was located on the far left of the Hype Cycle at the post-trigger 20% position. It is expected that it will take a few years before SASE becomes mainstream. The Gartner report also stated that comprehensive SASE offerings are emerging; enterprises are slowly implementing them, with adoption rates at about 1% into the near future.

 

Endpoint identities (devices and people) need access to resources in various Internet-connected networks and sites. Digital businesses require secure access decisions. These decisions can be based on the identity of the device or person, or both.

 

Endpoint identity needs to be factored into security policy. Other identity sources include location, time of day, the risk and trust of the user’s device, and the application and data sensitivity being accessed. These sources expand the ability to block intrusions while supporting approved users.

 

Connectivity Drivers

Users access and work with multiple applications and resources simultaneously for adherence to security policies. It is common for a user/endpoint to have more than one session operating at the same time. For example:

  • The user may be working with one or more internal applications that need to be monitored.

  • As part of the internal application use, the user is participating in a collaboration session with screen sharing that requires monitoring and low latency.

  • A user may be working with Google docs that do not require low latency.

  • A Facebook connection with chat sessions needs to be analyzed for sensitive data but where low latency is not required.

  • When Salesforce is employed, the session must be monitored for malware and the use of sensitive data.

  • The user may also be accessing personal Internet-based financial accounts that do not need inspection.

SD-WAN vs. SASE

As noted above, SASE is offered as network security as a service. This compares to SD-WAN, which is offered in the network-as-a-service model. These are complementary, not competitive. SD-WAN and SASE together in a single market and a single provider allows the enterprise to continue the use of SD-WAN services while deploying SASE. This capability will improve sensitive data awareness, secure the data, and also provide threat detection. SD-WAN security control is data center focused. The cloud service is the security focus with SASE.

 

SASE Benefits

Benefits of SASE include:

  • Improved security supports content inspection, looking for and locating sensitive data and malware.

  • Operational overhead will be reduced because the SASE service will support new capabilities without requiring the enterprise to invest in new hardware and software.

  • SASE will block new threats as they emerge without requiring new deployments and foster early adoption of new capabilities.

  • Zero trust networking is based on the user, device, and the application identity, which can simplify security policy management. SASE supports end-to-end session encryption with optional web application and API protection that can be extended to Wi-Fi networks.

  • SASE will reduce the cost and complexity through a single service provider.

  • Security service transparency will reduce the number of software agents required on a device to a single agent.

  • SASE delivers centralized policy management with local enforcement employing distributed enforcement points.

SASE Significance

Traditional network and network security architectures were designed for the centralized data center and are limited. They do not serve dynamic secure access requirements. Business digital transformation needs the deployment of SaaS, especially for real-time applications, edge computing, IoT, and other cloud-based services. This has stimulated enterprises to reverse their thinking by looking from the network edge rather looking from the center out.

About the Author

Gary Audin

Gary Audin

Gary Audin is the President of Delphi, Inc. He has more than 40 years of computer, communications and security experience. He has planned, designed, specified, implemented and operated data, LAN and telephone networks. These have included local area, national and international networks as well as VoIP and IP convergent networks in the U.S., Canada, Europe, Australia, Asia and Caribbean. He has advised domestic and international venture capital and investment bankers in communications, VoIP, and microprocessor technologies.

For 30+ years, Gary has been an independent communications and security consultant. Beginning his career in the USAF as an R&D officer in military intelligence and data communications, Gary was decorated for his accomplishments in these areas.

Mr. Audin has been published extensively in the Business Communications Review, ACUTA Journal, Computer Weekly, Telecom Reseller, Data Communications Magazine, Infosystems, Computerworld, Computer Business News, Auerbach Publications and other magazines. He has been Keynote speaker at many user conferences and delivered many webcasts on VoIP and IP communications technologies from 2004 through 2009. He is a founder of the ANSI X.9 committee, a senior member of the IEEE, and is on the steering committee for the VoiceCon conference. Most of his articles can be found on www.webtorials.com and www.acuta.org. In addition to www.nojitter.com, he publishes technical tips at www.Searchvoip.com.

See more from Gary Audin

Editor's Spotlight

How Air Canada Tapped Amazon Connect to Modernize Its Contact Center Operations
Ccaas
How Air Canada Tapped Amazon Connect to Modernize Its Contact Center Operations
How Air Canada Tapped Amazon Connect to Modernize Its Contact Center Operations

Dec 16, 2024

How Talkdesk Delivers for Vertical Industries
Ccaas
How Talkdesk Delivers for Vertical Industries
How Talkdesk Delivers for Vertical Industries

Dec 5, 2024

How Vendors Could Help Small and Medium Businesses Navigate Change Amidst Rapid Change and Complexity
Ccaas
How Vendors Could Help Small and Medium Businesses Navigate Change Amidst Rapid Change and Complexity
How Vendors Could Help Small and Medium Businesses Navigate Change Amidst Rapid Change and Complexity

Dec 17, 2024

Subscribe to Our Weekly Newsletters
Stay informed and sign up for weekly No Jitter and WorkSpace Connect newsletters
Sign Me Up
Mar 17 - Mar 20, 2025
As the #1 communications, collaboration and CX Conference and Expo in North America, we empower IT professionals to confront and overcome today's most pressing challenges. Attend Enterprise Connect and join thousands of like-minded peers building a framework for future success. You’ll walk away with rich learning experiences, invaluable connections, business opportunities, and inspiring insights. Register with Promo Code CONNECT25 to save $200 on Conference passes.
Learn More