Securing Access to Cloud: The Roles of SASE and SD-WAN

Learn how the Secure Access Service Edge concept helps build a bridge for secure cloud connectivity.

istock 1169668297
iStock

As companies rapidly adopt multi-cloud platforms and services, security concerns have ramped up. Organizations now have to think about securing both access and connections to the data and applications that are increasingly moving outside of the enterprise.

At the same time, they’re increasingly looking to software-defined WANs to help control the connectivity and services between their data centers and clouds. According to the Network World 2020 State of the Network, 71% are either researching or have SD-WAN in production.

Gartner sees these trends colliding as enterprises realize they need greater security and resiliency in data center-to-cloud connections. That’s the basic premise addressed by Gartner’s Secure Access Service Edge (SASE) concept.

“SASE combines network security functions with WAN (i.e., SD-WAN) capabilities to support the dynamic secure access needs of organizations,” writes Andrew Lerner, Research Vice President, Gartner. “These capabilities are delivered primarily [as-a-service] and based on the identity of the entity, real-time context, and security/compliance policies.”

Breaking it down, SASE essentially means creating a secure bridge between access and the service edge — the cloud, data center, or point of presence where traffic is secured and then forwarded. Access is predicated on identity, whether that’s an individual, device, application, or service.

Ultimately, security and networking services are embedded together and delivered as-a-service from the cloud, based on secure identity. The benefits include improved user experiences, greater security, and the ability to provide enhanced connectivity across cloud, on-prem, and mobile environments. 

The Road to SASE

First, it’s important to note that SASE is still a work in progress. Vendors like Cisco are working toward providing integrated security and networking functionality.

“Today, SASE is best represented by the convergence of cloud-managed SD-WAN and cloud-delivered security, two foundational capabilities that Cisco has developed extensively,” says Jeff Reed, Senior Vice President of Products for Cisco’s Security Business Group.

That said, it’s not too early to implement several foundational aspects of SASE:

  • Networking. SD-WAN is a stepping stone toward secure network transformation. Its ability to optimize bandwidth and traffic in multi-cloud environments is critical for predictable application performance. Seek a solution that has security baked-in and that delivers visibility into connectivity.

  • Cloud security. Data privacy and security-related challenges are among the top cloud concerns for IT leaders, according to the 2020 IDG Cloud Computing Survey. For example, IT leaders struggle with attaining the right skillsets and protecting cloud resources. To address these obstacles, companies should implement a unified platform that includes firewall, secure web gateway, DNS-layer security, and cloud access security broker functionality. The ideal solution incorporates threat intelligence and visibility across all devices and users.

  • Zero Trust. Zero Trust is a set of technologies, policies, and protocols based on the concept of “never trust, always verify.” It’s an important step on the SASE journey because it puts identity at the center of data and application access. Organizations should seek solutions that:
    • Establish user and device trustworthiness with authentication and authorization;
    • Consistently enforce policy-based controls;
    • Offer automatic network segmentation;
    • Provide continuous monitoring to contain threats and revoke access when responding to incidents.

“Moving to a SASE model will be a gradual process as enterprise IT rethinks how to connect a remote workforce to the distributed information resources they need,” Reed says.

But the future is clear, he adds. “Cloud security and networking services will only become more critical as enterprises cross the bridge to employ Secure Access Service Edge networking to solve disruptive information management challenges.”

Learn more about SASE.

Related:

Copyright © 2020 IDG Communications, Inc.