In August 2019, Gartner published a report* detailing what it called the secure access service edge (SASE) framework. Gartner analysts provided a detailed and thorough explanation of why companies must recognize that their traditional network-based security models are outdated and incapable of providing security for an enterprise landscape in which more and more business will be conducted through the cloud. They also provided a number of justifications for this position that are worth exploring as companies contemplate how they must adapt to the new reality of operating in the cloud.
The three Gartner analysts who authored the report offered their central thesis at the beginning. They wrote:
“Digital business transformation inverts network and security service design patterns, shifting the focal point to the identity of the user and/or device — not the data center. Security and risk management leaders need a converged cloud-delivered secure access service edge to address this shift.”
They further hammer home this point with the paper’s first key finding, which states:
“Network security architectures that place the enterprise data center at the center of connectivity requirements are an inhibitor to the dynamic access requirements of digital business.” [emphasis mine]
Their argument reflects our current reality. Continuing to rely on the data center as the literal center of a company’s network makes no sense in a world in which more and more applications are moving to the cloud and users are accessing networks anywhere, at any time, from a multitude of devices, some of which may be their personal phones or laptops. Requiring each and every one of these connections to travel over slow MPLS networks to a central data center makes no sense: not only does it lead to a frustratingly slow user experience, but it also makes a company more vulnerable on the security front. A central data center breach could enable attackers to gain access to the organization’s crown jewels.
Fortunately, companies have options. There are a growing number of viable and attractive alternatives to the centralized networking model of the past. Gartner analysts project that demand for SASE will grow significantly in the next five years, estimating that by 2024, a minimum of 40% of companies will have plans to adopt the framework.
The reasons Gartner projects such growth are that SASE, utilizing cloud connection options like secure web gateways (SWG), cloud access security brokers (CASB), DNS, and SD-WAN, reduce latency issues inherent in centralized security. Additionally, SASE, with zero trust network access (ZTNA) technology, helps to reduce the attack surface because IP addresses are no longer exposed to the internet.
SASE reduces the network complexity that is overwhelming to organizations that still use centralized approaches. It provides a more dynamic path to security that matches the variety of ways users now access networks.
Therefore, it makes sense that Gartner’s first recommendation is for those managing enterprise security to “position the adoption of SASE as a digital business enabler in the name of speed and agility.”
Products that provide SASE move security away from the data center and instead check each user connection, wherever and whenever access is attempted. As more business is conducted at the edge, at branch locations, or outside the formal offices of the enterprise, and it’s accomplished using a range of managed and unmanaged devices, SASE ensures that users get the connection speed they need, while companies maintain security.
SASE can do this because it is cloud-based yet tailored to the identity of the user attempting to gain access. Therefore, companies can exert strict governance and access control for every unique connection, rather than having to set forward blanket policies that may restrict some users unnecessarily or leave vulnerabilities that hackers could exploit. SASE provides a way for users to get secure access anywhere at any time.
The authors provide strong justification of why this makes sense: “Instead of forcing (via ‘tromboning’) various entities’ traffic to inspection engines entombed in boxes in the data center, we need to invert our thinking to bring the inspection engines and algorithms closest to where the entities are located.” Migrating security closer to the user in this way not only improves speed and agility, but it also makes companies safer. Using the identity of the source seeking access enables companies to decide how and whether to grant access based on numerous contextual elements, such as an assessment of risk of the device being used, the location of the user, the time at which access is requested, and the sensitivity of the information to be accessed.
Security thus becomes far more adaptable and flexible with SASE than with a centralized model. Such flexibility is a requisite for handling the variability of a cloud-based enterprise environment. Security encased in a central data center cannot adequately secure the cloud. Without SASE, much of a company’s traffic might go uninspected altogether, which is unacceptably risky in today’s threat environment.
Gartner enumerates a series of benefits that companies can achieve by adopting SASE. These include:
The analysts at Gartner have made a compelling case for why companies need to be rapidly adopting and expanding their SASE footprint in the years ahead. Just as companies are moving away from the central data center to house and manage all their crucial information and applications, they need to do the same for their security.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Steve Grossenbacher is Head of Product Marketing for Zscaler Internet Access
*Gartner, The Future of Network Security is in the Cloud; 30 August 2019; Lawrence Orans, Joe Skorupa, Neil MacDonald (registration required); summary