How is Zscaler disrupting the cybersecurity industry

SASE: The new horizon in cybersecurity

A new technology is supposed to guarantee network security in the cloud. What you need to know about SASE.

According to a report by Gartner entitled “The Future of Network Security Is in the Cloud”, the emergence of a new technology with “transformation potential” is emerging. Its name, SASE - pronounced as "sassy" - stands for "Secure Access Service Edge." It was designed to create a secure cloud environment that is fully integrated into the corporate cloud network.

Assuming that network security architecture is no longer sufficient for modern, dynamic companies, Gartner estimates that at least 40 percent of companies will have "explicit strategies" for introducing SASE by 2024. That is a rapid increase compared to the 1 percent of companies at the end of 2018.

In this post, we'll look at what SASE can do and how this technology could help your business.

Security in the cloud. What is SASE?

According to Wandera, which specializes in cloud security solutions, SASE is a new model for providing security and network connectivity through a single cloud security platform. The solution is aimed at future-oriented companies that handle their digital operations via the cloud. This is in line with the expectation that 83% of corporate workloads will soon be running on public cloud platforms.

Accordingly, Gartner believes that traditional network security architecture with a data center as the basis is “increasingly ineffective and too cumbersome for a world where cloud and mobile solutions prevail.” A data center is a central location where huge amounts of data are stored, accessed, processed and processed distributed so that shared applications and information can be provided. On the other hand, when companies work with cloud-based applications, most of the data they need is not in the data center.

In addition, if users can only access SaaS over the corporate network or via a VPN, productivity and usability can be compromised and may also require various software agents to access the entire network. Even if the cloud is postulated as a seemingly flexible way of accessing data, network operation is actually rather inflexible. Often companies need to combine a number of different solutions such as firewalls, intrusion prevention system (IPS) appliances and SD-WAN devices to support processes via the cloud. As expected, these components are difficult to manage. This is exactly where SASE comes in - a unified, single cloud-native network that securely connects all resources with users, no matter where they are.

What are the core ideas of the SASE cloud security platform?

Focus on identity. In the age of flexible working, the concept of “branch offices” is becoming less important. As Gartner explains, “a branch office is simply a place where many users come together to work. Likewise, a sales rep who sits in a car and accesses a CRM application is a branch office with one user. ”That is why identity and not the data center is at the heart of SASE. Users are connected to a centralized cloud-based service as individuals, rather than as a branch networked to the data center as in a traditional WAN model. SASE ensures that users are connected to the services they need based on their identity, regardless of the device they are using or their current location. It does this by associating policies with individual users rather than IP addresses.

Cloud functions. SASE offers features such as mobility, scalability and other important functions of the cloud for maximum efficiency. Like other cloud software, the architecture is available everywhere and can be distributed globally. Gartner explains: "In order to provide low-latency access for users, devices and cloud services at any location, companies need SASE offers with a global structure of points of presence (POPs) and peering relationships." POPs are the interfaces between the numerous networks or communication devices.

Network integration. SASE creates a single, unified network that encompasses all corporate resources including data centers, branch offices and mobile users.

What are the main advantages of SASE?

Lower costs. With SASE, fewer providers are required as all services are consolidated under a single provider. It also reduces the number of software agents on end-user devices as well as the number of appliances in a branch. Companies can thus save money in the long term by introducing SASE and standardizing the technology.

Improved performance. The best SASE vendors will provide latency-optimized routing across global POPs so that the transfer of data between two points is faster. This is critical for video apps, collaboration apps, and web conferencing apps, as well as other latency-sensitive applications.

Greater security. With SASE providers that support content screening to identify malware and confidential data, all access sessions can be scanned so that the relevant security guidelines are consistently applied regardless of the respective user or device location. The security boundary is no longer limited to the data center - “the boundary is now wherever a company needs to operate.” SASE can also be implemented as part of a zero trust security methodology. A core element of Zero Trust is that user identities are used, not IP addresses or physical locations. And SASE supports the principle of “don't trust anyone” with relevant security measures such as end-to-end encryption and protection in public WLANs.

Easier access. After a successful implementation of SASE, there is no need to use many different software agents on different devices. Instead, it only requires a single agent or device, and the correct access policy is automatically applied without user intervention.

Where are the limits of SASE?

While there are many benefits to SASE, it also comes with risks. First, building a SASE system can be complicated when there are multiple vendors and cloud elements, or when a vendor is putting together a SASE package from multiple adopted solutions and / or partnerships. The associated inconsistencies can be difficult to resolve, which in turn can affect performance. Switching to SASE also means switching to new providers. As a result, staff have to be retrained. And previous providers may have difficulties adapting to the cloud-native thinking required for SASE.

Another objection is whether SASE really has "transformation potential", as Gartner claims. In an interview with the US company for technology journalism and market data research SDxCentral, Clifford Grossner of the British information service provider IHS Markit questions whether the concept has any new technology: “Everything we see is an integration of existing technologies. It's just about edge computing, connectivity and security with integrated management. ”He also rejects the idea that SASE is“ a separate market ”because he doubts that companies would buy everything from a single vendor. However, the SDxCentral editor Tobias Mann notes that this skeptical assessment has so far not been convincing enough to dissuade providers from exploring the SASE market.

When can companies integrate SASE for the security of their networks?

As Gartner pointed out, SASE is "in the early stages of development." According to another Gartner report, "Hype Cycle for Cloud Security 2019," the SASE model is projected to become the standard in five to ten years.

According to the market research company, several providers will be able to provide complete portfolios by the end of 2020. This includes Cato Networks, whose CEO Shlomo Kramer insists that he has always “focused on the merging of networks and security in the cloud in order to create a single, global, cloud-native architecture.” Barracuda Networks also advertises with the SASE's great value for its CloudGen firewall. And Jay Chaudhry, CEO of Zscaler, announced during the September 2019 earnings conference call, "With the global shift towards the SASE model, traditional network security vendors are embracing Zscaler's vision for cloud-based security after years of rejecting it." Meanwhile explains VMware that its VeloCloud SD-WAN is definitely a SASE platform, although it is not yet entirely clear whether this assessment corresponds to Gartner's SASE definition.

Although none of the leading public cloud providers - Amazon Web Services, Azure or Google Cloud Platform - are yet competitive in the SASE market, Gartner believes that at least one of them will "cover most of the requirements" in the next five years. Since SASE is still in the initial phase, Gartner also recommends only concluding contracts with vendors with short terms of a maximum of two years that contain takeover clauses.

You can find more information on cybersecurity in the article "Staying Ahead Of Insidious New Breeds Of Cyber ​​Attacks“.