SASE and the future of network security

Austin PackerPrincipal Consultant

The COVID-19 pandemic, a series of lockdowns around the world and the need for social distancing has led to unparalleled numbers of employees suddenly having to work from home. Organisations that previously relied on office-based security protocols had their plans disrupted, as security teams scrambled to fight a huge increase in malicious acts used to exploit weaknesses in their network security and changes to traditional ways of working. In fact, according to the UK’s National Cyber Security Centre (NCSC), between September 2019 and August 2020 there was a 10% increase in cyber attacks in the UK.

Traditional network architectures prioritised the enterprise data centre as a focal point, but this is increasingly cumbersome in a world where modern businesses are data-driven and cloud-centric. Companies have adopted cloud-based services, such as public cloud IaaS, SaaS and content delivery networks which have removed the traditional data centre from the heart of the network and presented new challenges when securing the enterprise.

In 2019, Gartner declared “the future of network security is in the cloud.” Users, devices, clouds and the networked capabilities that businesses require secure access to are no longer static – they are everywhere. As the 2020 pandemic progressed, there was an even more significant rise in the requirement to access corporate resources from myriad locations and devices. As a result, secure-access services need to be able to keep up with this and the traditional enterprise data centre model no longer works. Routing traffic to, from and out of the enterprise data centre makes little sense when the user needs move away from the data centre. What is needed is a global backbone of network and network security services that can be applied whenever and wherever they’re needed, to connect entities to the networked capabilities they need access to. This is where SASE comes in.

SASE, Secure Access Service Edge, is the convergence of network and network security (e.g., WAN/ WAN optimisation, and CASB/Cloud SWG/ZTNA) into a single cloud-based service model. It is set up to support all edges, cloud, mobile and WAN. The service no longer centres around the enterprise data centre but now focuses on the identity of the user, device or service, almost like an intelligent switchboard, connecting the entity to the networks and resources required. These entities can be one-person, whole offices, devices, software as a service (SaaS), applications, IoT systems or edge computing locations. The enterprise data centre is still there, but now it isn’t the heart of the architecture, just one of many of the services that users and devices will need access to.

SASE puts the individual first, rather than the data centre.

SASE offers businesses a fully converged global private backbone and full network security stack which can be made available to the user, device, service, application or IoT systems. These entities need access to a growing number of cloud-based services, but how they are connected and the types of network security policies applied can vary based on the requirements of a business. SASE delivers an identity driven cloud-native architecture with a global reach to deliver the control, granularity and reach which is often required in today’s enterprises.

So what SASE vendors are available?

Introducing Cato. A simple, holistic solution for your organisation.

Cato is the world’s first SASE platform, and it was used as the sample vendor for Gartner’s definition of SASE. Cato offers a converged network with the full SASE security stack (FWaaS/SWG/NGAV/CASB/IPS) across its global backbone of over 60 POPs.

Cato delivers improved performance with reduced packet loss and latency and optimised routing. Traffic is routed to the regional POP closest to the destination using tier 1 and SLA-backed global carriers. This is true whether the destination is a customer data centre or a cloud service including IaaS and SaaS. In addition, Cato offers improved security – a comprehensive security stack with a single pane of glass for management.

As part of its benefits, Cato provides reduced complexity, resulting in reduced costs and ease of management by consolidating secure access services to one provider. It is also flexible – it allows connectivity into the Cato cloud network and can be provisioned in a multitude of ways, including a VPN client for your remote users, Cato Socket to connect your enterprise locations, and Cato virtual socket for deployments into IaaS environments.

Cato offers a zero-trust network access model (ZTNA), such that the network access is based on the identity of the user, the device and the application. This allows a granular approach to securing application in the cloud and on-premise. With its reduced complexity, ease of deployment and scalability, as well as allowing individuals to access its services through multiple devices, Cato provides a highly scalable solution.

As a SASE service, Cato’s ease of deployment allows you to tailor requirements as and when required by your business. Partial adoption of the service can be undertaken as services are migrated from existing providers and services consolidated. Cato can be deployed in a very timely manner – new branch offices and acquisitions can connect to the Cato cloud network in a short time. Branch offices can be added in the time it takes to ship a physical socket to site, and IaaS instances in the time it takes to deploy and configure a virtual socket (<1/2 day). Both are exponentially shorter lead times than your average MPLS provider. Cato enables new business scenarios by making data shareable with partners and contractors.

Cato is very clear about this: “Network complexity is overloading IT and slowing down the business. It is time to make the network simple.”

The SASE evolution is being driven by the needs of digital businesses, including the adoption of SaaS and other cloud-based services accessed by an increasingly distributed and mobile workforce, not to mention the adoption of edge computing. It is estimated that, by 2023, 20% of enterprises will have adopted SWG, CASB, ZTNA and branch FWaaS capabilities from the same vendor up from less than 5% in 2019, and by 2025, at least one of the leading IaaS providers will offer a competitive suite of SASE capabilities.

In short, the solutions brought by SASE means that the enterprise data centre is no longer a location but now a set of dynamic edge capabilities delivered – when needed – as a service from the cloud.

The takeaway is this: SASE isn’t just one of the hottest IT buzzwords of 2021; it is a robust network and security feature set, and it’s about converging that feature set to improve performance and security while reducing complexity and cost.

Austin Packer

Principal Consultant Linkedin Icon Visit Austin Packer's Linkedin Profile

With over 20 years’ experience within networking and cyber security, Austin provides cyber security consultancy across a variety of industries and sectors. Austin’s technical certifications span across multiple platforms and soft skills, allowing him to consult on different cyber security matters, ranging from implementations to overarching strategy.

A keen amateur triathlete, Austin is an enthusiastic advocate of SASE and believes this will be how security and networks are predominantly delivered in the future.