Preparing for the Secure Access Service Edge (SASE) Revolution

Life on the Edge: Preparing for the SASE Revolution

Preparing for Secure Access Service Edge (SASE)

Security and performance have always been important considerations for business owners, but finding an affordable networking solution that caters to both has long been a challenge for even the most savvy.

But a new set of technologies could potentially change that. It’s called SASE, which stands for “Secure Access Service Edge,” and we guarantee you’ll be hearing a lot more about SASE over the coming months and years.

With that in mind, let’s take a look at the reasons behind this new development and detail the four fundamentals that define a genuine SASE solution.

Understanding this will help you avoid the worst of the snake oil salesmen, but the finer details of how SASE would actually work in your specific business environment can still be tricky. That’s why having a reputable and award-winning consultancy like Shamrock is always a good idea to ensure that nothing comes as a surprise.

The Rationale for SASE

The IoT, Agile DevOps, enterprise SaaS and the mobile workforce all require a way to process data quickly, with low latency, at the edge of the cloud. The businesses involved in these areas are the driving force behind edge-based, cloud-native technologies. And their voices are getting louder with each new edge deployment.

These voices are consistently telling us that the old way of doing things just won’t cut it anymore. Inefficient processes such as backhauling mobile traffic and manually configuring security boxes have to be replaced. For example, we recently wrote an article on the disconnect between SD-WAN and network security and the need for an integrated solution. SASE goes even further by changing the way networking is done, period.

Let’s be clear: SASE is not just about security. It promises to make us less restricted by geography, switching out restrictive IP-based identity protocols for more flexible device or identity-based access controls.

The home for these new breed of technologies will naturally be in the cloud, but in reality they will be more ‘cloud-like’. For example, they will facilitate more flexible (and secure) points of access than current cloud networks can provide with their limited PoPs. This is what the Secure Access Service Edge is.

So how do you recognize a genuine SASE software stack? The rest of this article looks at four fundamental qualities that every authentic SASE solution has to cover.

Four SASE Fundamentals

WAN Edge and Network Convergence

Some vendors have attempted to improve network performance and security by chaining appliances (virtual or physical) together. Although this is a fast way to bring solutions to the market, it still isn’t ideal.

Rather than bringing everything together under a single pane of glass, chaining requires the network to be split into different sections, reducing manageability. This approach also tends to lead to high latency and unreliable performance.

A true SASE solution converges network performance and security into one cloud-based service that encompasses the entirety of the enterprise network it serves.

SASE technology ticks all of the boxes that a modern, cloud-focused enterprise should. Management is simple and centralized, removing the need for complex local configurations and the security risks that inherently come with it. Cloud-based, box-free security and software-defined optimization can be applied across and within the entire network.

Security and performance is also scalable, as it is fully integrated with the cloud. To top it off, with global access to cloud resources and no backhauling of traffic, latency is minimized, opening up the cloud to more latency-sensitive businesses (e.g. media companies).

Geographically Agnostic Access and Performance

One of the main selling points of the cloud has been its elasticity, saving businesses oodles of money as they respond to fluctuations in compute demand, much like they would do with utilities such as electricity or water. This is all well and good if you’re accessing the cloud through a dedicated connection from a small number of geographically stable offices or data centers.

There is a problem, though, when remote subsidiaries or a mobile user has to access these resources by first connecting with the main enterprise network. Not only does that introduce latency, it also adds yet another security headache.

An authentic SASE solution will enable people to instantiate a point of presence and connect securely into the cloud directly from the edge, wherever that edge may be. This is going to be increasingly critical with the introduction of more and more sophisticated IoT devices (e.g. self-driving cars). These devices will demand low-latency cloud connections from wherever they are on the planet, and only a true SASE solution can offer that expanded geographical footprint.

Agent-Based Capability

Many cloud service vendors continue to focus on their enterprise customers as being based in a specific location or geographical region.

As centralized, hyperscale and elastic compute resources become detached from individual sites, it should become possible to replace site-based access and control with a more agent-based approach.

Given the correct access permissions and credentials, there should be little difference between what a site-based employee and a remotely deployed mobile employee can achieve. The definition of an agent can also expand beyond human workers. For example, an agent might include an AI-enabled device or a robot which needs to log onto the business network to download updates or access data.

Security and networking products and services which limit the points of presence through which an agent can access the network – or which rely on delivering physical boxes to premises – are not going to be suitable for meeting the needs of a globally distributed company with a mobile, AI-enhanced workforce.

Solving the IP Address Conundrum

We’ve already established that the company data center is no longer the center of network architecture and the use of IP addresses to identify, locate and secure systems, as most of us realize by now, is not ideal. A viable SASE solution will use an alternative means of securing system access, one more closely tied to individual agents.

One option is to configure an access system based on user identity and real-time local system state. This would be tied to company policy and opens the way to setting up customized security solutions with users experiencing a different access process depending on their location and the device they are using. Access would be centrally managed and user behavior data could be fed into sophisticated correlation engines as part of a joined-up security and IAM system.

This brings us back full-circle to the first fundamental quality of a genuine SASE deployment: the convergence of network and security functions in a single, cloud-based service.

Why a Vendor-Neutral Consultancy is a Must

You may not have heard of SASE before today but, now that you have, make sure the term is on your radar because it’s about to become a new industry buzzword.

Just like SD-WAN before it, vendors from all compute backgrounds are going to be offering SASE products and services. Some will take advantage of the lack of regulation and standardization to stretch the definition of their offering to fit the SASE model.

Don’t let them off the hook that easily! When a vendor is pitching SASE to you, be sure to test their proposed solution against the four fundamentals above. Is network optimization and security converged? Can you access the service from anywhere? Can everything be managed, updated and configured centrally? How will access be controlled?

Even if you’re able to answer all the questions above with regards to a proposed SASE solution, there are still plenty of ways in which a vendor can take advantage of your business. That’s why companies like Shamrock Consulting Group exist. We are 100% vendor-neutral but also well-connected with the top providers for SD-WAN, cloud connectivity, network security and, yes, SASE.

Our expert team will work with you to evaluate your network, analyze your SASE options, and help you make the best decision for your business based on your internal strategy, budget and network performance requirements. Plus, all our consultations and many of our services are completely free!

Paul Cooney

Paul Cooney

Paul Cooney is the Founder and President of Shamrock Consulting Group with over two decades of experience in the telecom industry. After finding early success selling fixed wireless for Teligent, Inc. in the late 90’s and early 2000’s, he took over AT&T struggling Los Angeles sales team and turned them into one of the best teams in the country within 6 months. In 2008, Paul left AT&T to start Shamrock, which he has grown into an award-winning industry leader capable of selling any product from any provider at the guaranteed best price.