SASE: Has the future of network security arrived?

By Cristian Radu

Imagine a world where you can protect every part of your network with a myriad of security solutions. Would it be a dream or a nightmare?

The impact of cloud computing on network security

With the widespread adoption of cloud computing, conventional security measures like firewalls or VPNs have proven insufficient to deal with the security challenges of an expanding remote workforce. Security teams are overwhelmed with the multiple security measures needed to protect their network and security functions from end-to-end. But this multiplication of solutions can lead to over-complexity and slower performance.

Deconstructing SASE

To answer this challenge, secure access service edge (SASE) has emerged. In 2019, Gartner defined this relatively new technology as a cloud technology that integrates security and network functions into a unique service to address both user and endpoint needs.

This is no simple task, considering the complexity of SASE and the lack of industry standards, user education, and inconsistencies in between different vendor offerings.

Why SASE will be key for business

Currently, SASE is an appealing offering in the enterprise area, because it can upgrade legacy wide area networks with a software-defined model, while overlaying different security layers such as data protection, zero trust access, secure internet access and the telemetry required to provide a good quality managed detection and response service. Even if the initial target for SASE was the IT area, different SASE components like enterprise firewalls and web application firewalls can extend security capabilities to areas like industrial control systems (ICS) or even the Internet of Things (IoT).

SASE is the perfect environment for organizations looking for a zero-trust architecture (ZTA) implementation. Its native abilities to play the policy enforcement point (PEP) role, as well as its ability to either provide or integrate with policy engine and policy admin roles enable it to translate into a continuous diagnostics and mitigation (CDM) system as per NIST.SP.800-207 specifications.

Will 2023 be the year for SASE?

Gartner expects that although SASE has not yet seen widespread adoption, at least 60% of organizations will have clear strategies for SASE adoption by 2025. Yet, there are a number of challenges that makes adoption difficult.

Let’s take a look at the top four challenges in this area:

Unsafe autonomy:

The lack of a governing body to standardize SASE, leading to inconsistent vendor offerings.

Silos still exist:

Since network, endpoint and security are covered by SASE, organizations must change how they architect solutions and drop the siloed approach.

Undistinguished overlaps:

There are possible overlap areas with cloud native capabilities.

Lack of native integration between SASE vendors:

This can lead to higher operational costs in an attempt to cover all management, security policy and compliance business needs.

However, despite these headwinds, we are seeing use cases that indicate accelerated SASE adoption in 2023.

Accelerating SASE adoption with 5G

Networks are constantly evolving. With 5G and even the next generations of 3GPP architectures, SASE becomes crucial to enable improved services and performance, increase cybersecurity and compliance, and of course drive faster infrastructure deployment and management. 5G is known for its improved connectivity, great speeds, low latencies and the ability to connect billions of devices in different forms and shapes — including IoT devices, sensors and cameras. Unfortunately, this expands the network attack surface and makes it more vulnerable than previous versions.

Natively, SASE can automate 5G infrastructure rollouts across large numbers of devices by leveraging capabilities like zero-touch provisioning (ZTP), orchestration and network intelligence. This can serve both telecom operators in their backhaul network infrastructure, as well as secure private 5G deployments with multiple Gi-LAN/N6/PDN in different geographical locations.

The SD-WAN component of SASE combined with 5G network slicing capabilities can guarantee that service level agreements are met, and a robust, end-to-end security policy is applied. This single-pass architecture provides the best performance and lower latencies, since most network and security services are performed in one location and at the same time — removing the need to encrypt and decrypt data multiple times as in siloed environments.

Combined with multi-tenant uCPE* architecture, SASE can provide differentiated services based on either slice or application requirements — while maintaining low operational costs and providing centralized management, multi-level role-based access control (RBAC) and unique security policies for each service or tenant.

^{*Universal Customer Premises Equipment (uCPE) is a networking device used to run virtual functions to a network and replace physical ones}

SASE: The way ahead

Despite the advantages that SASE can deliver in different environments, it will not be easy to integrate it in complex architectures that require multi-vendor implementations. There is plenty of room for improvement and a real need for proper standardization and regulation to get it to perform similarly in a vendor-locked environment.

However, in the coming years, SASE will be a key differentiator for managed service providers and systems integrators looking to eliminate security gaps and gain new business opportunities.