Why is SASE necessary?

Cloud Adoption

Gartner points out that more traditional enterprise data-center functions are now hosted outside the enterprise data center than in it—IaaS clouds, SaaS applications, cloud storage. The data center is no longer the focal point of access for users and applications. Digital transformation initiatives and cloud adoption have completely changed the enterprise network. In today’s IT world:

• More user work is performed, and more sensitive data is located, outside the traditional enterprise perimeter than inside it.
• More workloads are running in the cloud than in the enterprise data center.
• SaaS applications are used more frequently than locally installed ones.
• More traffic is destined to public cloud services than to the enterprise data center.
• More traffic from branch offices is heading to public clouds than to the enterprise data center.

Consistent Client-to-Cloud Performance for WFA and Mobile Users

Users are connecting from everywhere. After the exigencies of the covid-19 pandemic there is now widespread acceptance of work-from-anywhere (WFA). Remote users traditionally connected via VPNs that required VPN aggregation and firewalls at hub locations and data centers to authenticate users and apply security policies once only, and then granting wide/full access inside the enterprise network. This legacy architecture is hampered by scalability meltdown, complexity, latency and security threats.

SASE architecture authenticates and applies security policies per transaction, and grants least-privilege access only. This significantly improves performance and reduces the attack surface.

Consistent Policy Enforcement for WFA Users

SASE has cloud-native flexibility to apply consistent policies, at consistent performance, for all users and assets regardless of location—whether resident in a data center, cloud platform, or at a SaaS provider.

Network Perimeter Expansion

The mandate is to secure the edge of the network—we’ve long done that—but with increasing WFA and SaaS access the edge has become amorphous and blurred. Security policies can no longer succeed by protecting a fixed perimeter, instead they must follow the user: enforceable wherever the user is; on whatever device is used; wherever the accessed asset is; and it must protect traffic equally well over Internet access as it used to on MPLS. In short, the perimeter has become software-defined and SASE is the flexible technology to protect a SD-perimeter.

Unmanaged Devices

The WFA trend has exacerbated a parallel trend in workers using their personal devices for business purposes. Today’s personal devices are as powerful and flexible as IT-managed devices and users keep them up to date themselves. IT-managed devices have long been a burdensome IT-team responsibility.

The proliferation of IoT devices adds to the strain of unmanaged devices. Business communications from all devices must be secured at scale and without delay. Traditional WAN security architecture is unfit to achieve this, but SASE does—especially the SASE implementations that require no client software agent.

Sophisticated, Always-Changing Threat Landscape

Threat actors and the tools they use are rapidly increasing in sophistication and ease of use. Just like enterprises, bad actors also leverage the flexibility of the cloud. SaaS architectures significantly lower the bar for relatively inexperienced hackers to launch highly sophisticated and damaging attacks.

With traditional VPN access, a threat actor can gain access to the enterprise network once only, and then move laterally with little or no further security enforcement to all data and assets. Network segmentation helps mitigate this threat landscape, but SASE protects assets much better due to its transaction-orientation (identity-based authentication per transaction) and by granting only least-privilege access.

Enterprise Digital Transformation Trends

The side effects from digital innovation efforts—dynamically changing network configurations; dramatic expansion of the attack surface—are that traditional security solutions no longer provide the level of speed, performance, security, and access control that organizations and users require.

IT Management Complexity

Installing disparate point products in branch locations is costly, results in sprawl, is complex to manage, and neither enables WFA nor optimizes cloud access. A SASE architecture—with all network and security capabilities embedded in a single software stack—reduces capital investment, frees IT staff to focus on strategic work, enables a coherent security policy deployment, reduces hardware complexity and cost, and moves the enterprise towards the on-demand, pay-as-you-go model that is increasingly prevalent.