It didn’t take long for secure access service edge (SASE) to take the IT world by storm. One reason is because it was naturally time for an evolution of existing technologies — SD-WAN for example. Another factor was the disruption IT departments experienced because of the COVID-19 pandemic.
But now that the SASE dust has settled, IT leaders can begin to think about how SASE might align to their short- and long-term goals.
Here are four areas where SASE is finding a home in an overall IT strategy.
Branch office and SD-WAN
When Gartner introduced SASE to the market, many organizations had adopted SD-WAN solutions. While the business was seeing the performance and cost benefits of a direct internet access model, security teams were confronted with new challenges.
Teams suddenly had to provide services like firewalls, intrusion prevention and URL filtering at every branch office. Often this meant deploying and managing hundreds or thousands of security appliances. In addition to being operationally inefficient, this approach risked causing bottlenecks in performance.
SASE allows teams to scale branch security by connecting offices to nearby cloud gateways. Security teams can apply policies from a centrally managed location in the cloud. SASE vendors can execute controls without slowing performance due to their proximity to public clouds and software-as-a-service (SaaS) providers.
The branch office and SD-WAN use case took a back seat when COVID-19 forced employees to work from home. However, as organizations make plans to reopen offices, the use case is regaining its place as a strong driver for SASE adoption. As it does, expect SASE vendors to emphasize the integration of their services with SD-WAN solutions.
It could be argued that SASE wouldn’t have become top of mind for IT leaders as fast as it did without the surge of employees working remotely in 2020. When offices closed, IT was left with no choice but to rethink their network and security architectures. VPN systems simply couldn’t keep up with demand from remote workers.
Even though offices are reopening, Gartner predicts 48 percent of employees will continue to work remotely in some capacity after the pandemic. Organizations will still have to secure a significantly expanded attack surface.
If certain security policies aren’t in place, remote workers can easily bring malware back to the corporate network. SASE solves for this by providing full inspection of traffic from remote workers at the DNS and IP layers.
IT security resource optimization
Reclaiming time and eliminating toil is good for anyone, but especially for IT organizations that must do more with less. Synchronizing policies and applying patches across hundreds or thousands of security appliances is a time-suck for security teams. It also can cause bottlenecks in performance as traffic is inspected at each layer of the network sequentially.
For instance, trying to manage spanning tree protocols at layer 2 is a nightmare for security staff and often requires them to spend hours gathering configuration information, verifying network topology and tracing all interconnected ports. When traffic moves to layer 3, security teams can find themselves trying to engineer for strange behaviors in traffic such as complicated advanced routing protocols or building in options to manage bandwidth efficiently.
SASE offloads the toil associated with securing traffic at lower layers of the network. This allows security teams to focus on mitigating strategic risks, which is important as security becomes more integral to business goals.
Trusted Internet Connection (TIC)
Just like enterprises, the U.S. federal government must secure end users, applications and data that live outside the boundaries of traditional networks. TIC is a reference architecture that helps agencies secure internet connections.
The latest iteration of TIC, TIC 3.0, encourages more flexible models for security enforcement. SASE slots in nicely with TIC 3.0 architecture requirements due to the proximity of SASE vendors to specialized public cloud services like AWS GovCloud.
SASE is a significant architectural shift. However, a SASE investment shouldn’t start with architectural requirements. It should start by identifying the use cases that make the most sense for your business. Our SASE briefing is designed to help you do just that.
We also have tips about what to compare when evaluating SASE solutions. And, if you’re ready to get hands on with SASE, we have virtual, on-demand labs for Cisco Umbrella, Palo Alto Networks Prisma Access and Zscaler Internet Access. Additionally, we have a community specifically tailored to accelerating TIC 3.0 network security architectures.