SASE Demystified: Why it's the heart of the transformed enterprise

Stuart Low

IT Consulting Principal


Still not sure how SASE fits your enterprise? Let’s take a look at what a shift to SASE is really about, and key steps to getting from here to there. It’s been a tough year for business, but 2020 is turning into the ideal time to tackle a SASE transformation.

Interest in SASE has been heating up, and with good reason. A Secure Access Service Edge (SASE) network architecture has much to offer any truly modern enterprise, ending the era of location as the heart of networking and security and putting the focus where it now belongs – the user, and giving them a consistent connectivity and security experience wherever they may be.

An ideal time for SASE

There are three parts of today's SASE story to keep in mind:

  • SASE is about unifying network and security as a set of cloud-delivered services to support scale and flexibility for your organisation
  • There should be a roadmap for a SASE transformation: you don't have to go 'all in' on day zero
  • The outcome of SASE should deliver a better user experience regardless of device or location

2020 is turning out to be a tough year for business, but it may be the ideal time to act on a SASE enterprise model. The way we have been using our networks over recent years has been changing with the move to SaaS and cloud services. The acceleration in this change over the past six months is now highlighting that true change is needed.

The need to 'make things work' over recent months can now shift toward accepting that the future of our networks and security controls will be more cloud-centric than ever before. The adoption of SD-WAN, traffic optimisation, Zero Trust Network Access (ZTNA) Cloud Access Security Broker (CASB) and Secure Web Gateway means that the foundation of SASE is becoming well established.

We have stretched the limits of traditional hub-and-spoke networking and coped with bad user experiences caused by forcing traffic through a VPN for long enough. It’s a great time to examine what works, and what does not, under our existing infrastructure.

So where to start? The first step should be to build clarity on how to take your first or next steps. Discover the pieces of the puzzle you may already have in place and which components need to be replaced or upgraded. You may find that SASE adoption saves you money on network and security services, just like when migration to cloud services helped us to decommission old server farms.

Putting the Pieces Together

So what are the critical layers of network and security that make up a SASE solution? First and foremost, you need a modern framework for user identity. Everything builds upon a robust user identity and authentication system running across your business, so this is always SASE step one.

Then it’s about having the right network architecture that meets the requirements of your business. A programmable network service such as SD-WAN is the most likely service, but ensuring it supports your specific needs is critical. Think about performance, latency, traffic shaping and Quality of Service (QoS).

From here, a number of elements will put that 'Secure Access' into the 'Service Edge'. Zero Trust networking is a great model to adopt here and often an excellent core technology in a SASE network architecture. Zero Trust will ensure your network is always validating and revalidating access permissions to all areas of your network. It greatly increases how secure your systems will be, removing the VPN gateway approach that largely allows traffic to roam unchallenged once past that perimeter.

Next we must ensure that your network and users are not only behaving as they should but also as transparently as possible. Monitoring user access helps build risk profiles of users based on their location and network behaviours. This can be coupled with Data Loss Prevention (DLP) for more sensitive data to act on the status of a user's risk to allow or disallow their activity. This could mean preventing documents from being downloaded or emailed to someone outside the enterprise, or only allowing access to documents below a confidentiality threshold while travelling overseas.

Without a centralised network model, monitoring the edge needs to be a focus. Blind spots can become a security risk under SASE, so threat detection tools can ensure we maintain vigilance on the potential for new attacks on our systems through the web or user devices.

These features together help to create a unified network and security service that protects users and the enterprise in a way that removes the need for users or administrators to constantly police network rules and procedures. Once in place, our SASE architecture will automatically allow, or prevent, user activity and data movement, all while identity and risk are assessed from moment to moment, user to user, and location to location.

A SASE future

Currently SASE is a mixture of tools that come together to offer a cohesive experience for our organisations and our users. It takes great expertise and planning to bring it all together perfectly, but it's an effort that is already showing fantastic results for those who have walked the path.

Thinking further ahead, we're excited for the day when, like today's cloud platforms, an enterprise can implement and modify all the services they require instantly. All needs delivered in harmony, providing a consistent, powerful and secure experience for the organisation and its users.

Make a real difference Speak to an expert