Research firm Gartner is lending credence to a promising technology called secure access service edge (SASE). SASE is an emerging, disruptive technology that strives to create a secure cloud environment that is fully integrated into the network. Gartner’s recent “Hype Cycle for Enterprise Networking, 2019” report presents SASE as so strategic that the technology earned the label “transformational.”
SASE addresses the artifacts of traditional networking being incorporated into a cloud environment, where security has become a rigid, inflexible component. Simply put, as businesses seek to embrace the cloud, they have been confounded by how rigid networking has become and how fragmented security has become between physical, virtual and cloud resources—issues that are the antithesis of what the cloud is meant to be.
Businesses are adopting cloud technologies because of the agility, elasticity and ubiquity of the cloud. The cloud is all about making businesses more responsive to change while preserving the ability to address their critical markets. Yet, digital transformation and cloud enablement have been hindered by the preconceived notions of how networks are designed. Far too many businesses have attempted to cloud-enable processes by stitching together SD-WAN devices, firewalls, IPS appliances and numerous other solutions to build what eventually becomes a mish-mash of unmanageable technology that becomes more hassle than it is worth.
The SASE cloud architecture changes that dynamic into something that is both easily managed and secured. SASE transforms a cloud from what was once a collection of disassociated technologies forced to work together into a single network that connects and secures any enterprise resource, including physical, cloud and mobile, regardless of location.
Cato Networks, which Gartner named as a “sample vendor” in its report on the SASE category, offers insight into what a SASE cloud is all about. Gartner attributes four main characteristics to a cloud built on a SASE ideology:
- Identity-driven: User and resource identity, not simply an IP address, determine the networking experience and level of access rights. Quality of service, route selection, applying risk-driven security controls—all are driven by the identity associated with every network connection. This approach reduces operational overhead by letting companies develop one set of networking and security policies for users regardless of device or location.
- Cloud-native architecture: The SASE architecture leverages key cloud capabilities including elasticity, adaptability, self-healing and self-maintenance to provide a platform that amortizes costs across customers for maximum efficiencies, easily adapts to emerging business requirements and is available anywhere.
- Supports all edges: SASE creates one network for all company resources—data centers, branch offices, cloud resources and mobile users. For example, SD-WAN appliances support physical edges while mobile clients and clientless browser access connect users on the go.
- Globally distributed: To ensure the full networking and security capabilities are available everywhere and deliver the best possible experience to all edges, the SASE cloud must be globally distributed. As such, Gartner noted, they must expand their footprint to deliver a low-latency service to enterprise edges.
While those characteristics do a good job of defining what SASE should be, CATO offers some advice on what SASE should not be considered: a telco-managed network service. Although telco-managed services have the appearance of a unified and secure cloud network, they still consist of integrated bundles of point services. Telcos do an excellent job of hiding the complexity of the offered network solution from the end customer; however, the latency, management overhead and potential for disruption still exist within the fabric of connectivity. What’s more, those overhead costs are built into the managed services fees, making telco managed network services potentially more expensive than SASE cloud services.
According to Cato, SASE offers a single-pass, cloud-based architecture that uses a traffic processing engine, which processes traffic from any edge sites, the cloud and mobile users. SASE applies all network optimizations, security inspection and policy enforcement with rich context before forwarding traffic onto its destination. That makes a SASE Cloud much leaner since all functions are converged together. It processes traffic faster with less latency while incorporating more context than other networking and security methods.
Cato aims to be at the forefront of that trend and is poised to further redefine the market. “Since Cato’s founding, we’ve focused on converging networking and security into the cloud, creating one, global, cloud-native architecture that connects and secures all locations, cloud resources and mobile users everywhere,” said Shlomo Kramer, CEO and co-founder of Cato Networks.
Cato isn’t the only vendor pursuing the SASE concept; other cybersecurity and networking vendors also have thrown their hat into the ring. Barracuda Networks and Zscaler are two that recognize the value SASE can offer.
Barracuda echoed the value of SASE in a recent announcement touting the latest capabilities of its CloudGen Firewall. The company was quick to acknowledge Gartner’s assessment that “Customer demands for simplicity, scalability, flexibility, low latency and pervasive security force convergence of the WAN edge and network security markets, creating the secure access service edge (SASE), with a predominantly cloud-based, as-a-service delivery model.”
With Release 8 of CloudGen Firewall, Barracuda has added automation capabilities to streamline deployment and provide visibility and control for successful implementations. “SD-WAN management can be complicated. Many SD-WAN products require days to deploy and can introduce vulnerabilities if not correctly configured,” said Klaus Gheri, VP of Network Security at Barracuda, noting that CloudGen Firewall is an all-in-one SD-WAN solution that’s integrated with public cloud infrastructure.
Zscaler is also making the leap into unifying networking and security in the cloud via SASE ideologies. The company discussed the importance of SASE on its Sept. 10 earnings call. “SASE goes well beyond the disruption of MPLS with SD-WAN or hardware appliances with cloud or applying zero trust principles,” said Jay Chaudhry, chairman and CEO of Zscaler. Recognizing the importance of SASE, Chaudhry added, “As the world moves towards the SASE model, traditional network security vendors are embracing Zscaler’s vision of cloud-based security after rejecting it for years.”
With three vendors in agreement, it is obvious that Gartner is onto something and SASE may be the future of networking and security in the cloud. It research signal that network and cloud service providers should be ready for disruption.