So, you have seen the SASE (pronounced Sassy) term floating around. According to a few industry survey’s I have seen now there is still a lot of confusing about what it means, with some people even commenting that they thought the two were in competition. So, let me break down this latest marketing buzzword for you!
What it is
A convergence of many security and networking technologies into a unified cloud-delivered service that accounts for both security and connectivity at every edge of your network.
This image demonstrates many of the technologies that are being brought together in a SASE deployment model.
What it is not
A specific technology, solution, or feature. Therefore, it cannot compete with any of the solutions it contains. So, if you read an article saying that SASE will replace any of these products, think again, as they can all be a part of the fabric of a SASE deployment. In this chart from Accelerate below – you can see there is still a lot of confusion. Whilst this may have been due to how the question was asked, the most accurate answer here is potentially that it is an “enhancement to an SD-WAN solution” as it can go across a network that is using SD-WAN.
Why do we need it?
Networks continue to grow more complex, and many existing networking or security approaches are designed to tackle specific business needs or be solutions to specific problems. It is this trend directly that led to the creation of more intelligent networking solutions like SD-WAN that solve many problems and simplify design. But SD-WAN isn’t enough, as, one key weakness of many networking solutions (often SD-WAN specifically) is that they are typically location-static. To get the most out of the solution you need a hardware box on site.
Now as we move into a situation with more home, mobile and remote workers need a more flexible approach to security, and access control. We need a new approach that can provide this, as well as provide the level of security and protection that has been missing from many businesses in their rush to cloud due to COVID-19.
Identity and Location Matter
So if we lay out this proposition, we have a new approach that reimagines older technologies into one large unified cloud service. There is still a big question as to how this works?
The focus for SASE is primarily on indentity. Many companies will already be familiar with the concepts of two-factor authentication and identity management. This is the natural progression of that.
A user’s identity, coupled with more awareness of the network location/access type and its level of security, will be what grants access to specific cloud services and will determine what security measures are taken on that connection.
In an ideal world, a company has multiple flexible licenses for different cloud security products that it can roll out dynamically to users depending on need. So it won’t be a case that you have 10 users and 10 static licenses for a security VPN, but rather that you have bandwidth for 10 licenses, but only 5 of them are considered active as those users leave the office for the week.
While this is a simplified example, the point is clear. Work has changed from static location-based working to more dynamic on-the move and remote working whose networking and security needs cannot be handle the way they have been in the past.
I predict there will also be a lot of convergence and movement on the M&A front in this sector. If we look at this diagram below. Its easy to imagine anyone in the Network-as-a-Service or Security-as-a-Service space deciding that SASE is the future for business networking and security and taking steps to ensure they are the premier provider of both services. We have already started to see SASE focused acquisitions from the likes of VMWare, Cisco and Fortinet, and I’m sure there are more to come.
This will be a hot topic over the next year or more, so I will be writing about it again.
Until then enjoy being SASE, just not with your boss.