What Is SASE And What Problems Does It Address?
IT Trends | Podcast
07/01/2022
Print Friendly, PDF & Email

What Is SASE And What Problems Does It Address?

The 4th Industrial Revolution continues to fundamentally transform industries and reshape the way enterprises conduct business across an increasingly distributed, global landscape. In this environment, emerging technologies promise to drive greater efficiency and growth, fusing digital and analog worlds together in new ways. While none of us can say with any certainty what this future world will look like, we can be certain of this much: the ability to access and secure data and applications in real-time will be foundational to realizing its ultimate promise.

Of course, our current world has changed dramatically since the COVID-19 pandemic forced businesses to accommodate millions of remote workers. Whereas legacy IT models were predicated on centralized office locations and secured data centers, the pandemic accelerated the trend of increasingly distributed workforces and necessitated a greater push to make applications, data and other privileged network resources available in a decentralized fashion. Unfortunately, current infrastructure and architectures are wildly insufficient for supporting the real-time access and security demands of next-generation applications and technologies.

And while it’s true that this new way of work offers greater flexibility, new operating efficiencies, lower costs, and a host of other benefits, it comes at a cost. Since legacy infrastructure was never designed to support a decentralized and distributed workforce, there are a variety of performance and security challenges to consider: lagging application performance, network latency, weak data security controls, and perhaps most distressing of all, an unrelenting and constantly evolving threat environment.

A New Architectural Vision: SASE

In 2019, the terminology of Secure Access Service Edge (SASE) started spreading across many industry circles, outlining a new architectural framework designed to meet the challenges of the modern distributed enterprise. As enterprises increasingly adopt SD-WAN to optimize network performance, and new threats emerge outside the defined security perimeter, the complexity of managing these systems in a cohesive manner creates a whole set of new IT management and security challenges.

The SASE framework represents the convergence of several established technologies which aim to merge comprehensive SD-WAN capabilities and network security functions into a unified approach – one that will ultimately be better suited to addressing the needs of tomorrow’s enterprise data workloads and applications. While SASE is more of a philosophy and a direction than a checklist of features and capabilities, it may generally be characterized as comprised of five key networking and security technologies:

  • SD-WAN
  • Firewall as a Service (FWaaS)
  • Cloud Access Security Broker (CASB)
  • Secure Web Gateway, and
  • Zero Trust Network Access (ZTNA)

In this new paradigm, there is an expectation that the applications and the data that workers require to stay productive remain always available, optimized for performance needs, and protected regardless of wherever they might be connecting from.

In essence, the idea of SASE is to offer secure network services anywhere a user might connect from. And this converged solution should ideally optimize and extend the performance of applications that are spread across individual users, premises, edge, and public/private cloud environments.

The Problems That SASE Addresses

Even as the pandemic has subsided, an increasing number of enterprises are considering permanent shifts or hybrid approaches for some portion of their employees to remote work. The typical medium-sized enterprise uses dozens of SaaS applications on a daily basis and also requires access to other administrative and operational resources, such as internal file sharing systems. The conventional approach was to have users tunnel into a single location via their VPN where entitlements and policies could be centrally applied and enforced.

However, as many enterprise CIOs have come to learn, this approach also represents a network choke point that degrades the user experience and requires the organization to invest in larger and more costly inspection devices to manage and inspect the traffic. Secure Web Gateways and next generation Firewall as a Service vendors have emerged to address this gap by distributing these inspection engines to regional PoP locations and partnering with SaaS vendors to apply security in the cloud environment – or what we call Cloud Access Service Brokers (CASB).

But what If the user needs to connect back into the corporate network? How can you leverage the advantages of SD-WAN while still having a single security policy when users return to their homes or elsewhere?

SASE was designed with the end user in mind and begins with the idea of zero trust. So long as the user can verify their identification and the connecting device then it doesn’t matter where the user is physically located. In this type of environment, a trusted user can only connect to the specific resources they’re trying to access and nothing else, which is often enabled by an software-defined perimeter (SDP).

Unlike traditional VPN solutions which centralize all of these inspection points, a SASE approach distributes all of these checkpoints across various regions, improving the efficiency of network resources and reducing the latency found in a conventional ‘hub and spoke’ model.

Ultimately this helps address the complexity of managing these components as separate point solutions that each require their own sets of tools to master. SASE offers a common and centralized cloud-based toolset that improves visibility and control across these systems, which can then be managed and orchestrated in the cloud with policy-setting distributed at the network edge.

The Benefits That SASE Can Deliver

For organizations with distributed users and applications, this convergence of critical IT capabilities offers enterprises significant benefits, including the ability to:

  • Optimize & Scale Performance: maximize business productivity by optimizing network and application performance wherever users are based while enhancing access and response times to cloud-based applications
  • Accelerate Security Deployment & Incident Response: implement identity-based security policies, introduce security controls from the cloud, and improve incident response times by leveraging threat intelligence aggregated across all cybersecurity solutions
  • Simplify Visibility & Control: view and holistically manage consolidated networking and security services from both a single “pane of glass” as well as from a single operator
  • Improve Opex Efficiency: operate more efficiently by automating networking functions, modernizing branch technology, and using virtualized network functions in a more flexible OpEx model.

While the expanding edge of the enterprise network creates opportunities for innovation, it also creates new vectors for cybersecurity threats and introduces complexities that challenge the basic IT function of providing secure and reliable access to protected resources. With SASE, virtually every process can be streamlined and securely applied — allowing you to do more with fewer resources. This integrated architectural approach is what will enable enterprises to confidently adopt immersive digital experiences across distributed environments.

In the next post in our SASE series, we’ll examine some of the most common use cases that are ideally suited to a SASE approach.

This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. All third-party company and product or service names referenced in this article are for identification purposes only and do not imply endorsement or affiliation with Lumen. This document represents Lumen’s products and offerings as of the date of issue. Services not available everywhere. Business customers only. Lumen may change or cancel products and services or substitute similar products and services at its sole discretion without notice. ©2021 Lumen Technologies. All Rights Reserved.

Jon Paul "JP" McLeary

Autor:
Jon Paul McLeary
Jon Paul “JP” McLeary is a brand messaging leader for Lumen, responsible for developing the strategic messaging that supports Lumen’s purpose, vision and mission across various parts of the company. JP has previously managed cross-regional field marketing teams as well as media relations strategy, including crisis communications. JP received his MA in Communications from San Diego State University along with an undergraduate degree from Point Loma Nazarene University.

Share

Recent Posts

Cybersecurity: Keys to “close the doors” on Attackers

by | May 21, 2024 | Security,Security | 0 Comments

The focus on network visibility, application availability, data center resilience, people training, and continuous cybersecurity monitoring are fundamental strategies...

A guide to getting started with your AI Companion assistant

by | May 16, 2024 | UC&C | 0 Comments

  In today's fast-paced work environment, maximizing productivity and improving collaboration are top priorities. Fortunately, AI technology can help with that,...

Connecting Latitudes: Moving Towards a Secure and Efficient Digital Future in Latin America

by | May 15, 2024 | Connectivity | 0 Comments

  May 17 is World Telecommunication and Information Society Day, a propitious time to reflect on the advances and perspectives of this critical area in our lives....

How to Help your Sales Teams with Conversation Intelligence (second part)

by | Mar 26, 2024 | UC&C | 0 Comments

In our previous paper we talked about the difference between Conversation Intelligence and Conversational AI, a very subtle one with different real-life features and...

What I’ve experienced as a woman in the Technology market

by | Mar 19, 2024 | IT Trends | 0 Comments

How my experiences and challenges helped me conquer space in this sector   What woman has never heard one of the following statements during their business day?...

Let’s Make the Future Depend on Us, Let’s be Aware of AI and Work Accordingly

by | Mar 18, 2024 | UC&C | 0 Comments

I love reading books or talking with people who get into the eye of the storm when transformative things are happening worldwide, particularly with new...

Conversation Intelligence versus Conversational AI. What is the difference? (Part 1)

by | Feb 20, 2024 | UC&C | 0 Comments

There’s a Conversation Intelligence solution that improves productivity, reduces negotiation cycles and increases revenue predictability with information that can be...

The cloud infrastructure: an engine for innovation and corporate transformation

by | Dec 28, 2023 | Data Center & Hybrid Cloud,IT Trends,IT Trends | 0 Comments

The digital age brought an unprecedented opportunity to drive new business models on the internet, adapted to new consumer habits and customers’ needs. However, albeit...

Happy Holidays!

by | Dec 18, 2023 | IT Trends | 0 Comments

Dear customers, employees, and colleagues, In a few days we’ll say farewell to 2023 and I’d like to share some reflections and express our sincere thanks for your trust...

What will be the 10 key trends for corporate IT in 2024?

by | Dec 13, 2023 | IT Trends | 0 Comments

If you are a Director, CIO, CTO, manager, or professional in any way related to the broad spectrum of Information and Communication Technologies, this article is for...