n the first post of our SASE series, we looked at SASE to outline some of the specific challenges it was designed to address and why this model for distributed applications and data represents a more unified and streamlined approach for modern IT organizations. In this second post, we will examine some of the defining traits shared by organizations who stand to benefit most from a SASE approach, along with some of the most common use cases that SASE is best equipped to help solve.
The Modern Enterprise Is Dynamic & Distributed
While more and more people had already started some form of remote work, the pandemic significantly accelerated this trend. According to an S&P Global research report, 80% of companies surveyed had implemented or expanded universal work-from-home policies in response to the pandemic, and 67% expect these to remain in place either for the long term or permanently. And as these workers continue to connect from parts unknown, the potential attack surface for threat actors grows.
Of course, it’s not just users that have become increasingly distributed – the applications and data that we now rely on to remain productive are no longer confined to the four walls of the corporate data center. Today’s enterprise IT stack represents a dynamic blend of resources hosted in the cloud, in corporate data centers, at the edge, or increasingly in multiple places at once. Consequently, conventional notions about a well-defined network perimeter – especially in terms of how we qualify what’s “inside” versus “outside,” no longer seem particularly germane or useful.
While the broad adoption of cloud-based resources has indeed transformed the way we work, connect, and collaborate with one another, they have also resulted in some unintended consequences: different lines of business becoming progressively siloed as they standardize on separate cloud environments. As a result, enterprise IT leaders must contend with an increasingly complex IT stack that’s both more expensive to operate and also far harder to secure.
By unifying cloud-based SD-WAN with security services, including zero trust network access (ZTNA), firewall as a service (FWaaS), and secure web gateways, a SASE approach will provide greater operational agility and if applied correctly, can be more easily scaled to secure all traffic, applications, and users regardless of the execution environment.
Six Common SASE Use Cases
The following six use cases highlight some of the typical challenges today’s IT organizations are encountering and how SASE is being adopted to address them:
Use Case #1. Workforce Transformation/VPN Replacement
Even before the pandemic, many enterprises were struggling to accommodate a surge in connecting their remote workforce to the network. For the better part of the past two decades, virtual private networks (VPNs) have served as the primary vehicle for securely connecting users to protected network resources. Unfortunately, VPNs were never designed with scalability in mind. And as many organizations have since learned, when saturated with an influx of concurrent users, a limited number of VPNs will quickly devolve into a traffic bottleneck which degrades application performance and introduces a needless layer of complexity for administrators to deal with.
Conversely, scalability is a foundational aspect of what a SASE approach enables. If a company suddenly must accommodate thousands of new remote workers, it can quickly provision new SASE services in the cloud, and critically, it can do so in closer geographical proximity to wherever those remote workers happen to be. Deploying security inspection at local edge nodes, closer to where users are, also means greater flexibility and improved performance.
Use Case #2. Edge Computing & IoT
In the coming decade, some of the most exciting innovations, from smart cities and autonomous vehicles to telehealth and industrial sensors, will be enabled by a new generation of IoT devices installed at the network edge and beyond. While the promises of these connected things are compelling, they are also notoriously insecure as security is often bolted on as an afterthought. As a result, these devices have become attractive targets for threat actors who can commandeer them into their botnet armies with little effort or risk. Worse still, IT teams often have little to no visibility over all these multi-directional communications devices.
With SASE, when an IoT device connects to the network, it becomes instantly visible in the cloud admin panel, allowing IT admins to dynamically enforce access policies and privileges based on trusted identity. SASE isn’t just solving the near-term challenge of combining these access and security endpoints — it’s about building a sustainable and scalable foundation that will be able to support the many future disruptions that will take place at the network edge.
Use Case #3. WAN Modernization
Conventional perimeter-based security schemes were never designed to meet the demands of today’s dynamic, cloud-first reality. For CIOs intent on achieving key strategic priorities such as cloud adoption and digital transformation, they have also come to appreciate that in order to do so, they must first modernize their wide area network to become software-defined.
A SD-WAN platform automatically identifies and classifies application traffic at the network edge and effectively segregates and secures it from other traffic on the network. By leveraging a SASE approach, IT teams can transform their WAN to provide direct, secure access to applications and services across a multi-cloud environment — regardless of the location or the devices used to access them. When orchestrated with a modern cloud-delivered security service, a SASE enabled SD-WAN helps ensure consistent policy enforcement and streamlined access control for users, devices, and applications.
Use Case #4. Performance Assurance
Legacy networks were built for applications and data that never left the secure confines of the corporate data centers. Of course, most of the applications that we now use on a daily basis are hosted and delivered across the spectrum of third-party cloud services and are consumed by an increasingly mobile and distributed workforce. However, as these services expand beyond the network perimeter, assuring peak performance of critical applications and services makes an already tough job, even more challenging.
Since SASE is typically deployed as a location-agnostic architecture, IT organizations can easily shift their PoP exchanges and place them in closer geographical proximity to common traffic sources and destinations. Fewer hops can mean lower network latency, better performance and fewer opportunities for network traffic to be exploited by threat actors. And as we push more compute and network resources out to the edge, it will be even more critical that application performance doesn’t come at the expense of security.
Use Case #5. Alleviate Operational Complexity
The increased complexity of operating in a hybrid, multi-cloud world makes it extremely difficult to manage performance efficiently. Which is why simplification and security are two of the core principles driving today’s network modernization initiatives.
By combining multiple security functions into a single, cloud-native service, a SASE approach can establish greater control by centralizing management capabilities, meaning fewer stand-alone point solutions that your IT staff must continuously tune and troubleshoot. With a SASE security stack managed in the cloud by a single provider, internal IT staff can spend less time configuring, managing, and maintaining these individual systems and instead focus their efforts on higher-level strategic priorities.
Use Case #6. Cloud Adoption & Migration
Applications aren’t just being migrated to the cloud, they – along with their workloads and data – are continuously being moved back and forth between different execution environments in order to take advantage of performance requirements, fluctuating pricing, geographic proximity to users, and any number of other factors. The security controls that have become commonplace inside the data center were simply not built to meet the dynamic and distributed nature of modern multi-cloud environments.
As a result, multiple point solutions have emerged to plug the cloud security gaps, including cloud access security broker (CASB) technologies to secure SaaS traffic, and secure web gateway (SWG) technologies to secure web traffic. And as with any new solution, each one must be carefully configured and managed, leading to additional complexity and potential risk. A SASE approach can accelerate application adoption and migration efforts by offering security services from a unified framework, applying existing policies, and managed from a single console.
In our next post in this series, we’ll set the record straight regarding some of the most common misconceptions around SASE.
Jon Paul McLeary
Jon Paul “JP” McLeary is a brand messaging leader for Lumen, responsible for developing the strategic messaging that supports Lumen’s purpose, vision and mission across various parts of the company. JP has previously managed cross-regional field marketing teams as well as media relations strategy, including crisis communications. JP received his MA in Communications from San Diego State University along with an undergraduate degree from Point Loma Nazarene University.