SASE Part 2: The Security View


In our second blog post in the SASE series, we’re going to look into the security aspect of this new concept. There are a few titanic shifts that are accelerating and will lead to more changes in the industry. While enterprises and government agencies alike continue to derive value from SaaS applications, there is an architectural shift away from the traditional data-centers and toward the cloud. This can invert traditional traffic patterns for the network.

As the workforce evolves, there is an even greater need for network flexibility and mobility. A move to the cloud also opens the door for more remote work as the workforce continues to evolve with mobility as a key tenet. With more employees working remotely, there is a bigger opportunity for threats on your network (Related: The importance of having a secure SD-WAN network).

Hughes-Digital-Signage-SolutionsWANsform Your Enterprise
Before you can transform customer experience, you must WANsform your enterprise. Learn how Hughes Managed SD-WAN is enabling digital transformation and achieving real results.

IoT or Internet of Things is also growing in a number of systems that are prevalent in our daily lives, and increasingly in all environments, not just at work. Thermostats, smart pumps, refrigeration, and healthcare IoT, like wearables, and emergency management devices are just a few examples of this. More IoT endpoints and higher traffic of mobile users online continue to increase the attack surface. SASE proves to be a useful approach to efficiently protecting against this growth in endpoints and more remote users. With the network attack surface so highly distributed, especially as it extends to multiple cloud service providers and locations not completely under enterprise control, it is a challenge for existing network protections to provide adequate security coverage.

SASE protects against this explosion of network entry points, even when they are not controlled by the enterprise. Your network’s legacy security architectures--especially those that are datacenter-centric-- no longer provide an effective defense in this environment. Your enterprise will need increased protection against the sophisticated targeted attacks common today, like Ransomware. These will continue to cripple businesses and degrade brand reputations if there is no solution in place. A paired SASE and SD-WAN solution is one way to combat this.

Security enforcement in this environment, with its cloud services and remote workers expanding the attack surface, and IoT and BYOD/mobility expanding the device endpoints, needs to move to secure all of the endpoints of interaction with the enterprise IT resources, and not just the physical locations and endpoints owned by the company. SASE provides the security fabric that enables identity-based control and context, where the identity is associated to users or user groups. This allows for the granting of access to all employees or based on roles, creating sub-group access to those on specific teams or certain levels of management depending on your business needs.

Further, this identity-based approach allows security to be set by type of device, including IoT and mobile devices. This limits system access to only the type of device your employees are using and IoT devices like building sensors and controllers that are machine-to-machine with little or no human input.

These endpoints interact with resources and services such as SaaS applications, public and private cloud resources, customer data centers, and potential others, and in the SASE concept, each communication would be secured and authenticated in the context of that particular access request. The parameters of the access request can be set based on a number of things, particularly enterprise policies for governance--if you want to inspect sensitive data--and potentially others such as geo location and time of day. SASE as a new architectural approach significantly decreases the attack vectors exploited by threat actors today.

The SASE security fabric depends on a centralized security broker to provide visibility, policy framework, management structures, and SLA’s necessary to effectively execute the access, security, control measures. This creates a Zero Trust model that tightens control between users and resources to reduce the attack surface. This shift towards a Zero Trust model is taking place because now, more than ever, heightened security for your network is a necessity. It pays off to only grant access at the user level once that user is authenticated and has been authorized for use.

To learn more about SASE and SD-WAN, read our last blog post introducing the series.


About the Author


Jeff Bradbury works across markets to help distributed organizations identify trends that are driving digital transformation and adopt technologies critical to connecting their customers, employees, and locations.