SASE Part 2: The Security View March 19, 2020 Nick Coval SASE , Managed Security , SD-WAN false In our first blog post of this series on Secure Access Service Edge, or SASE (pronounced “sassy”), we looked at the titanic shifts accelerating a move away from traditional data centers to the cloud, and the impact on network security. We also explored the promising marriage between SASE and SD-WAN. In Part 2 of the series, we go deeper, looking at the risk caused by an exploding number of endpoints and SASE’s approach to securing the network and mitigating risk. Let’s begin by exploring Software as a Service (SaaS)—one of the primary drivers compelling enterprises and government agencies to move to the cloud environment. SaaS gives customers access to their enterprise applications over the Internet, rather than having the software be hosted at a data center and requiring physical installation across network devices. With SaaS, applications can be built, maintained, and updated automatically in the cloud. WANsform Your Enterprise Before you can transform customer experience, you must WANsform your enterprise. Learn how Hughes Managed SD-WAN is enabling digital transformation and achieving real results. MPLS vs. SD-WAN Why SD-WAN? WiFi Analytics: Insight Every Step of the Way Digital Signage Solutions: Engagement Starts Here SD-WAN Appliance: 4860 is SD-WAN transformation in a box In addition to SaaS, the issue of workforce mobility has complicated matters for network security and management. With sophisticated and targeted cyber-attacks, such as ransomware, each user endpoint, or device, constitutes a potential risk when it comes to security. Yet giving workers the flexibility to work remotely or from branch offices has essentially become a requirement. This has been clear during the health crisis when millions of employees have needed to find a way to work from home and access their networks. A Growing “Attack Surface” Endpoint risk isn’t just limited by the number of users on the network. The Internet of Things (IoT) compounds the challenge further. IoT includes all the smart devices or machines on a network, like thermostats, heat pumps, refrigerators, flood sensors, security cameras, healthcare equipment, wearables, emergency monitoring, and management tools, and so much more. Collectively, these users and endpoints comprise (and increase) the attack surface. With the network attack surface so highly distributed, especially as it extends to multiple cloud service providers and locations not under enterprise control, it is a challenge for existing or legacy network protections to provide adequate security coverage. That’s where SASE comes in. SASE protects against this explosion of network entry points, even when they are not controlled by the enterprise. SASE provides the security fabric that enables identity-based control and context, where the identity is associated to users or user groups. This allows for the granting of access to all employees or even access based on roles, or by the creation of sub-groups for specific teams or by management level. This identity-based approach can also be set by type of device, including IoT and mobile devices. This includes being able to limit system access to only approved devices and setting roles for “non-human” users, for those networks involving machine-to-machine connectivity requiring little to no human input. With SASE, all of these endpoints that interact with various network resources and SaaS applications, public and private cloud resources, data centers, and others (like vendor and partner resources) are authenticated and secured within the context of that particular access or communication request. Requests can also be set based on other parameters, such as enterprise policies for governance, geo location, and time of day. The Zero Touch Model SASE depends on a centralized security broker to provide the visibility, policy framework, management structures, and service level agreements necessary to effectively execute endpoint access, security, and control measures. This varies from the more typical approach in which any authenticated device “inside” the network is deemed to be a trusted device. Under this scenario, if a hacker attacks a server and hijacks a device on the network, the network is vulnerable from this insider attack. SASE assumes that no request can be trusted automatically. In this way, SASE applies a “Zero Trust” model, verifying every access request before permission is granted, no matter where that request comes from. With SASE’s Zero Trust approach, the security fabric between users and resources tightens and reduces the attack surface. The result? Significantly decreased risk and heightened security across the entire enterprise network – regardless of how many endpoints or how distributed it may be. In Part 3 of our series, we explore connectivity everywhere, for everyone and everything, and the role SASE and SD-WAN have in making that a reality. To learn more about SASE and SD-WAN, read Part 1 in our series. About the Author Nick Coval is a seasoned Enterprise Architect who builds complex enterprise-class network solutions for large organizations with distributed locations. He is a passionate technologist with a progressive vision for developing solutions with the customer and end-user objectives in mind. Follow Nick Coval on LinkedIn and Twitter @NickCoval. Categories See All SD-WAN (58) Networking (31) Retail Technology (24) Managed Services (13) Managed Security (12) EMV (11) SASE (10) Conference (7) Edge Computing (7) Digital Media (6) WiFi Analytics (5) SCS (2) Popular Blogs 5 Digital Turning Points in RetailAug 16, 2021 Making a List. Checking it Twice. Five Tips to Prep Stores for the Holiday SeasonAug 23, 2021 Protecting Your Brand Takes More Than TrustAug 25, 2021 5 Major Turning Points in the History of e-CommerceSep 2, 2021 Is a More Hands-on Approach Better for Your Franchisee Networks—and Customers? Oct 12, 2021 Related Posts See All Is a More Hands-on Approach Better for Your Franchisee Networks—and Customers? October 12, 2021 Making a List. Checking it Twice. Five Tips to Prep Stores for the Holiday Season August 23, 2021 What to do When the Network is the Lifeline for a Franchise Business July 28, 2021 HUG 2021 Digital Transformation Insights Tim Tang, Director, Enterprise Solutions July 26, 2021 Three Retail Trends That Are Here to Stay Post-Covid Jeff Bradbury July 23, 2021 ENJOY THIS POST? Provide your email below to receive a monthly round-up of what’s happening in the world of connectivity! First Name Last Name Email Company Campaign ID CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.