What is SASE?
SASE stands for Secure Access Service Edge and was coined by Gartner analysts Neil McDonald and Joe Skorupa in 2019.
SASE addresses the security needs of modern enterprises that rely on cloud or SaaS applications for mission critical use cases. With data no longer being backhauled through legacy data centers or traditional security solutions, SASE delivers real-time, always-on security in the new network paradigm. To learn more about SASE, please click here.
What are the building blocks of SASE?
SASE brings together critical network security capabilities in a unified solution. These capabilities or building blocks include the following security solution components:
SD-WAN – Software Defined WAN delivers a centralized traffic management and optimization capability to manage any combination of underlying networks such as MPLS, LTE or broadband connectivity.
SWG – Secure Web Gateways allow enterprises to offer employees secure access to the web based on security policies.
CASB – Cloud Access Service Brokers offer granular control on how SaaS or cloud applications are accessed from any device. With CASB, enterprises can define what data can be uploaded or downloaded from the cloud and have better control over shadow IT.
FWaaS – Firewall as a service is an evolution of the Next Generation Firewall (NGFW) to secure traffic that’s moving away from private networks to the cloud. FWaaS includes features such as packet filtering, network monitoring, Internet Protocol security (IPsec), secure sockets layer virtual private network (SSL VPN) support, Internet Protocol (IP) mapping features and malware detection.
ZTNA – Zero Trust Network Access (ZTNA) offers enterprises the ability to granularly control access to specific applications or resources. Access is granted to an application or service only for “trusted” users and, unlike a VPN, access to all other services are blocked by default.
What are the benefits of SASE?
– Uniform security posture – Managed SASE allows enterprises to enforce common security policies for various sources and destinations by centralizing security enforcement on a single platform.
– Expedited application deployment – Managed SASE allows new applications to be added and secured quickly, regardless of where the service resides.
– Enhanced visibility – By using a common platform, Managed SASE provides enterprises a single view to a large portion of their threat surface on a single pane of glass (Cloud Edge, Branch Edge, Remote Users, Data Centers).
What are the challenges in implementing SASE?
– Administrative effort – Many SASE vendors provide point solutions that address a single aspect of SASE. This forces IT and security organizations to maintain security policies and user access in multiple places.
– Matching solutions to use cases – SASE is more of a best practices framework than a technology solution. Some SASE solutions may be a great fit for the remote worker use case but not for branch locations. Trying to force fit a vendor solution in an environment that it wasn’t designed for will not only leave performance gaps, but may actually open the door to suboptimal design that creates new security gaps.
– Vendor maturity – Many SASE platforms are relatively new and are in a rapid state of change. This often means bugs, stability issues, interoperability issues. Also, mergers and acquisitions of startups and larger providers could impact performance and long term product roadmaps.
What is managed SASE?
Managed SASE is a turnkey solution designed for multi-location enterprises with significant branch footprint and remote employees.
Managed SASE includes solutions design, implementation and maintenance of the SASE solution stack. Interface offers flexible commercial arrangements ranging from a completely subscription-based pricing model to a hybrid pricing model with a combination of OPEX (operating expenditure) and CAPEX (capital expenditure) pricing components.
Interface’s approach to managed SASE delivers significant advantages to customers.
– Managed SASE addresses security challenges associated with the rapid adoption of cloud applications without abandoning best practices for LAN security in distributed enterprise networks.
– The solution brings together client-based zero-trust security apps along with machine and identity-based security that’s well suited for employees working from anywhere using any device. In addition, there is full UTM security at the edge to ensure maximum protection for complex customer environments with multiple VLAN segments.
– Interface will implement the managed SASE program using a single platform ecosystem to do away with the complexity of integrating diverse products from different vendors and simplify the solution stack.
– Many SASE solutions in the market only address one or two of the aspects of SASE like ZTNA or FWaaS whereas Interface’s managed SASE delivers critical solution components like SD-WAN, ZTNA, FWaaS, and SWG, in addition to the network infrastructure and expert engineering resources needed to support the implementation.
– Many SD-WAN platforms cap throughput based on the license purchased (I.E. 30M, 50M, 100M, etc.) Our solution isn’t licensed based on the amount of throughput and therefore the limiting factor is typically the speed of the connection rather than the speed cap based on the license tier.