In just a decade, the IT landscape has changed dramatically. Ten years ago, most business applications were hosted in corporate data centers, accessed by employees from the corporate network. Applications, data, and users were secured within a defined perimeter. Today, with the cloud, the rise of IOT, mobility, and remote working, the traditional security perimeter is dissolving, and the security architecture must now be tightly integrated with the network.
SASE (Secure Access Service Edge), as defined by Gartner in "The Future of Network Security is in the Cloud" report, combines SD-WAN with network security services delivered in the cloud. Five dynamics are making the advent of SASE inevitable with no way of turning back:
- Digital transformation
Organizations are moving their business applications and services to the cloud to redefine and provide a better customer experience. In a world where the winner takes it all, there’s a race between companies to radically transform their businesses to totally reshape the customer experience, to be more competitive, and even survive. Organizations therefore have no other choice but to accelerate this transformation.
- Cloud migration
Organizations are massively moving their applications to the cloud and pursuing multi-cloud strategies according to the recent state of the cloud report from Flexera. Organizations increasingly use off-the-shelf cloud applications delivered as a service (SaaS) such as Salesforce, Workday or Microsoft 365. They are also migrating their custom in-house applications to public clouds. Therefore, it no longer makes sense to backhaul cloud application traffic to the data center as applications are now hosted in the cloud; backhauling cloud-hosted applications negatively impacts performance. With sensitive business data now outside the data center and hosted with cloud services, IT must find new ways to secure that data.
- Remote working
With the COVID-19 crisis, remote working has become the new normal, and this is here to stay based on the prediction of many analysts. Indeed, according to a Forbes article, remote working gives organizations access to a larger talent pool, and it provides financial benefits for both companies and employees. In other words, the COVID-19 crisis has been a catalyst to this already underlying trend. This means that employees need to access the enterprise network not only from their homes but also from airports, from hotels or from any other location – and any device –posing new security challenges for IT.
- Cybersecurity threats
In recent years, the world has seen an increase in cybersecurity threats. With the move to the cloud, the COVID-19 crisis, and the increase in IOT connected devices, the attack surface has grown significantly. According to a 2021 Gartner study, worldwide spending on information security and risk management technology and services is forecast to grow 12.4% to reach $150.4 billion in 2021. And cybersecurity was at the top of the priority list for new spending for 61% of the 2,000 CIOs responding to a Gartner CIO Agenda survey. To reduce the attack surface, zero-trust policies rely on the identity of the users and devices and assume that no user or device can be trusted by default. Unlike the traditional VPN approach, zero-trust policies only give access to certain areas of the network based on the role in the business.
- Aging network infrastructure
Many organizations have not modernized their infrastructure in years and use a networking architecture based on traditional MPLS lines to connect branch offices. This architecture is often expensive, complex, and rigid when it comes to adapting to today’s high-speed cloud-centric environments. Enterprises now need a more flexible, simpler, and more affordable network, and this can be achieved with an advanced software-defined WAN (SD-WAN) that can provide a private line-like performance over broadband internet or 5G connections.
In the post-COVID world, organizations must rely on a fast, flexible and secure network that takes into account that the corporate network has become cloud-centric.
SASE combines branch WAN functions such as SD-WAN, routing, security, and WAN optimization with core network security features hosted in the cloud rather than on physical appliances, including ZTNA, CASB, SWG and FWaaS:
- ZTNA or “Zero Trust Network Access” relies on the identity of the users and assumes that devices should not be trusted by default, even if they are already authenticated in the corporate LAN.
- CASB or “Cloud access security broker” is designed to protect and control access to data in the cloud, including data loss prevention (DLP). It scans data at rest in cloud applications by using APIs. It also uses forward or reverse proxy to provide access control and DLP in real time.
- SWG (Secure Web Gateway) protects employees and users from malicious web traffic. It provides at a minimum URL filtering, anti-malware protection and application control capabilities.
- FWaaS or “FireWall as a Service” is a cloud firewall that provides advanced next-generation capabilities including deep packet inspection, intrusion detection and prevention, application control and advanced threat prevention such as sandboxing.
The Aruba EdgeConnect SD-WAN edge platform is a key enabler to deliver a full SASE architecture. It provides business-driven SD-WAN capabilities including dynamic path control, WAN optimization and a centralized orchestration with zero-touch provisioning. It supports advanced branch security functions with a built-in firewall that provides deep packet inspection, 256-bit AES encrypted tunnels, intrusion detection and prevention, user-based access control, and micro segmentation to secure certain zones of the network. It natively integrates with best of breed third-party cloud security providers such as Zscaler and Netskope, and automatically directs traffic by automatically identifying applications based on the first packet, so that organizations can implement a best-of-breed SASE architecture that fits their needs.