SASE Part 2: The Security View March 19, 2020 Nick Coval SASE Managed Security SD-WAN false In our first blog post of this series on Secure Access Service Edge, or SASE (pronounced “sassy”), we looked at the titanic shifts accelerating a move away from traditional data centers to the cloud, and the impact on network security. We also explored the promising marriage between SASE and SD-WAN. In Part 2 of the series, we go deeper, looking at the risk caused by an exploding number of endpoints and SASE’s approach to securing the network and mitigating risk. Let’s begin by exploring Software as a Service (SaaS)—one of the primary drivers compelling enterprises and government agencies to move to the cloud environment. SaaS gives customers access to their enterprise applications over the Internet, rather than having the software be hosted at a data center and requiring physical installation across network devices. With SaaS, applications can be built, maintained, and updated automatically in the cloud. WANsform Your Enterprise Before you can transform customer experience, you must WANsform your enterprise. Learn how Hughes Managed SD-WAN is enabling digital transformation and achieving real results. MPLS vs. SD-WAN Why SD-WAN? WiFi Analytics: Insight Every Step of the Way Digital Signage Solutions: Engagement Starts Here SD-WAN Appliance: 4860 is SD-WAN transformation in a box In addition to SaaS, the issue of workforce mobility has complicated matters for network security and management. With sophisticated and targeted cyber-attacks, such as ransomware, each user endpoint, or device, constitutes a potential risk when it comes to security. Yet giving workers the flexibility to work remotely or from branch offices has essentially become a requirement. This has been clear during the health crisis when millions of employees have needed to find a way to work from home and access their networks. A Growing “Attack Surface” Endpoint risk isn’t just limited by the number of users on the network. The Internet of Things (IoT) compounds the challenge further. IoT includes all the smart devices or machines on a network, like thermostats, heat pumps, refrigerators, flood sensors, security cameras, healthcare equipment, wearables, emergency monitoring, and management tools, and so much more. Collectively, these users and endpoints comprise (and increase) the attack surface. With the network attack surface so highly distributed, especially as it extends to multiple cloud service providers and locations not under enterprise control, it is a challenge for existing or legacy network protections to provide adequate security coverage. That’s where SASE comes in. SASE protects against this explosion of network entry points, even when they are not controlled by the enterprise. SASE provides the security fabric that enables identity-based control and context, where the identity is associated to users or user groups. This allows for the granting of access to all employees or even access based on roles, or by the creation of sub-groups for specific teams or by management level. This identity-based approach can also be set by type of device, including IoT and mobile devices. This includes being able to limit system access to only approved devices and setting roles for “non-human” users, for those networks involving machine-to-machine connectivity requiring little to no human input. With SASE, all of these endpoints that interact with various network resources and SaaS applications, public and private cloud resources, data centers, and others (like vendor and partner resources) are authenticated and secured within the context of that particular access or communication request. Requests can also be set based on other parameters, such as enterprise policies for governance, geo location, and time of day. The Zero Touch Model SASE depends on a centralized security broker to provide the visibility, policy framework, management structures, and service level agreements necessary to effectively execute endpoint access, security, and control measures. This varies from the more typical approach in which any authenticated device “inside” the network is deemed to be a trusted device. Under this scenario, if a hacker attacks a server and hijacks a device on the network, the network is vulnerable from this insider attack. SASE assumes that no request can be trusted automatically. In this way, SASE applies a “Zero Trust” model, verifying every access request before permission is granted, no matter where that request comes from. With SASE’s Zero Trust approach, the security fabric between users and resources tightens and reduces the attack surface. The result? Significantly decreased risk and heightened security across the entire enterprise network – regardless of how many endpoints or how distributed it may be. In Part 3 of our series, we explore connectivity everywhere, for everyone and everything, and the role SASE and SD-WAN have in making that a reality. To learn more about SASE and SD-WAN, read Part 1 in our series. About the Author Nick Coval is a seasoned Enterprise Architect who builds complex enterprise-class network solutions for large organizations with distributed locations. He is a passionate technologist with a progressive vision for developing solutions with the customer and end-user objectives in mind. Follow Nick Coval on LinkedIn and Twitter @NickCoval. Categories See All SD-WAN (48) Networking (17) Retail Technology (15) Managed Security (11) EMV (7) Conference (7) Digital Media (5) SASE (5) WiFi Analytics (4) Edge Computing (3) Managed Services (3) SCS (1) Popular Blogs Hughes Network Systems “Innovation Day” Highlights Edge Computing PossibilitiesAug 4, 2020 MNSP: Preparing for C-store Digital TransformationAug 11, 2020 Two Strategies to Address Top CIO ConcernsAug 25, 2020 Who Can You Trust? Enterprise Security and Zero-Trust ApproachesSep 3, 2020 Why Not Test Drive a Managed SD-WAN Solution?Sep 10, 2020 Related Posts See All Why Not Test Drive a Managed SD-WAN Solution? September 10, 2020 Who Can You Trust? Enterprise Security and Zero-Trust Approaches September 03, 2020 Demystifying Secure SD-WAN Shahid Javed July 16, 2020 SD-WAN Fit Points: Service Levels and Partnerships Jeff Bradbury Nick Coval June 11, 2020 Why an MSP for SASE? Jeff Bradbury June 04, 2020 ENJOY THIS POST? This blog was featured in the September edition of our newsletter. Provide your email below to receive a monthly round-up of what’s happening in the world of connectivity! First Name Last Name Email Company Campaign ID CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.