Posted on Reading Time: 3 minuteson
Recently, the driving forces of digital transformation, and the need to more fully secure subscribers at the network edge or when they are remote, have given impetus to transitioning from discrete appliances and disparate hardware-and-software combinations to software services and cloud-based applications in what is being termed as ‘SASE’ or Secure Access Service Edge technology. SASE is best described as the joining of SD-WAN and strong Network Security into one solution.
Growth of work-from-home and remote access present challenges to security needs that are not always being met by the current traditional security perimeter devices and firewall technologies. SASE represents the architecture that helps organizations to create a total-security environment for all users from end-to-end; it takes into account remote users and branches working with cloud-centric or data-center hosted applications to give you a simplified and more effective security stance for network users anywhere they are working.
When considering the array of secure network services available—such as middlebox functions, different varieties of filtering (DNS, Port, etc), security event notifications, DLP, malware detection-removal, and more—it is clear that, in order for us to achieve the depth and breadth of management required, there must be a way to consolidate, simplify, and manage (orchestrate) these disparate-but-related services, across a unified network framework. Improved management from end-to-end optimizes and simplifies our secure networks.
In SASE, a user or agent on your network is known as an ‘Actor’ and the applications the Actor wants to reach are known as ‘Targets.’ SASE, as a secure network model, requires that the network devices (hardware or software) closest to the user’s devices are able to dynamically provide and support security services by discovering and securing endpoints, their privileges, and securing the traffic. Using SASE as the driving architectural structure to protect and prevent against cloud-based vectors or threats, security services can be consolidated and then managed centrally through a cloud-native architecture. Leveraging technology from companies such as 128T and Dispersive, the ‘old’ VPN paradigm can be avoided through application-specific policy flows and session-based, zero trust security techniques that allow greater freedom to deploy a network architecture and make significant gains in security management.
SD-WAN + SASE
The advent of SD-WAN—enabled with APIs to orchestrate the controller and cloud-delivered security functions—offers an unprecedented level of control and management over your security environment. The connectivity cost-reduction advantages of the SD-WAN approach are well known. But, along with those reduced costs, SD-WAN—combined with SASE—enables efficient zero trust networking security, zero touch provisioning efficiency and simplification and consolidation of network functions into a single appliance (uCPE containing routers, firewall, etc.). However, a bigger advantage of SD-WAN combined with SASE lies within the ability of the technology to securely manage flows from an application perspective:
SD-WAN networks can be configured to prioritize critical traffic and real-time services and then have it transit over the most efficient route, through a reliable, high-performance connection, using the best available path.
With SD-WAN, operators and enterprises can enable secure, direct cloud access at the remote branch, using local Internet breakout methods—reducing or eliminating backhauling traffic, so that workers can directly access cloud applications, regardless of location, without consuming core network bandwidth with additional traffic to manage and secure.
Further, SD-WAN improves cloud application performance by prioritizing business critical applications and enabling branches to directly communicate to application targets through the Internet.
SD-WAN with SASE work together to:
- Simplify network management, thereby reducing costs.
- Make applications more secure and more available.
- Make networks more reliable due to path diversity and proactive self-healing networking.
- Protect locally deployed devices by extending into the local branch LAN.
- Secure direct connections to SaaS applications and other online resources.
Virtually eliminating network sprawl, reducing security risks, and improving inconsistent performance are among the advantages of migrating to SD-WAN. This end-to-end secure networking using SASE protects your information, as well as your organization. SD-WAN and SASE also protect your information when users are working remotely, giving you the same information security protection you have always built your business to rely on.
Mark Abolafia currently serves as Chief Operating Officer of Datavision. Having held that position for over 6.5 years, Mark has helped manage Datavision to a global leadership position in the areas of SDN/NFV, service orchestration, IT Staffing, and SD-WAN technologies. Prior to that, Mark held various senior management and business development positions across consultancies in telecom, systems integration, and pharma.