Network security

Gartner Says the Future of Network Security Lies in SASE

Cloud services and networking are driving the concept of the digital business, but traditional networking and cybersecurity architectures fall far short of meeting the demands of the digital business.

from Gartner”The future of network security is in the cloud“The report describes the transformative potential of networking and security in the cloud, based on a new networking and security model. This model is called Secure Access Service Edge (SASE)a term coined by leading Gartner security analysts Neil MacDonald, Lawrence Orans and Joe Skorupa.

Gartner says SASE has the potential to reverse the established networking and security services stack from a data center-based stack to a design that shifts the focus of identity to the user and the end device.

SASE solves many problems that have been discovered with traditional cybersecurity methods used in the cloud. Many of these issues have their roots in the ideology that network security architectures should be placed at the center of connectivity in the data center.

These legacy network security applications cannot effectively support new networking ideologies and use cases, such as the shift to dynamic services, software-as-a-service (SaaS) applications, and the trend growing number of companies having to work with distributed data.

Traditional network and network security architectures were designed for an era when the corporate data center was the physical center of access requirements for users and devices. A model that worked relatively well until the push towards digital transformation brought new demands.

As enterprises embrace digital business processes, along with edge computing, cloud services, and hybrid networks, it has become apparent that traditional network and security architectures are beginning to fail on multiple fronts.

The overall complexity of the traditional architecture introduced issues such as latency, network blind spots, excessive management overhead, and the need for constant reconfiguration as services changed. The SASE model eliminates these problems by reducing network complexity and moving the security process to where it can do the most good, the network edge.

As an emerging and disruptive technology, Gartner has doubled down on the importance of SASE, as evidenced by the “Hype Cycle for Business Networks, 2019which portrays SASE as so strategic that the technology has earned it the “transformational” label. The report also establishes examples of vendors and the critical elements of SASE.

What exactly is SASE?

According to Gartner’s definition, the SASE category consists of four main characteristics:

  • Identity-driven: User and resource identity, not just an IP address, determines the network experience and level of access rights. Quality of service, route selection, application of risk-based security controls all depend on the identity associated with each network connection. This approach reduces operational overhead by allowing companies to develop a set of networking and security policies for users regardless of device or location.
  • Cloud-native architecture: The SASE architecture leverages core cloud capabilities, including elasticity, adaptability, self-healing, and self-maintaining, to provide a platform that amortizes costs between customers for maximum efficiency, easily adapts to emerging business requirements and is available everywhere.
  • Supports all edges: SASE creates a network for all enterprise resources: data centers, branch offices, cloud resources and mobile users. For example, SD-WAN appliances support physical edges while mobile clients and clientless browser access connect users on the go.
  • Distributed worldwide: To ensure that all networking and security features are available everywhere and provide the best possible experience at all edges, the SASE cloud must be distributed globally. As such, Gartner noted, they need to expand their footprint to provide low-latency service at the enterprise edges.

Ultimately, the goal of a SASE architecture is to facilitate the establishment of a secure cloud. SASE offers a design philosophy that eliminates traditional methods of assembly SD-WAN devices, firewalls, IPS appliances and many other networking and security solutions. Instead, SASE replaces this hodgepodge of hard-to-manage technologies with a secure global SD-WAN service.

SASE services available

Gartner recognizes that the SASE market is changing, with no vendor offering the full SASE feature portfolio. Some vendors, such as ZScaler, offer a firewall as a service, but lack the SD-WAN features (and other security features) required by SASE. Other vendors offer security as an appliance, but not in a cloud-native global network.

The closest I’ve seen to a working SASE service is from Cato Networks. Cato Networks provides a global private backbone (over 50 points of presence (PoP) at last count). PoPs run Cato’s own cloud-native architecture that converges networking and network security. Cato software is a single pass cloud architecture. All network optimizations, security inspection, and policy enforcement are performed with rich context before forwarding traffic to its destination.

network security software

Cato connects various “edges”, in Cato parlance, establishing encrypted tunnels to the nearest Cato PoP. The platform connects sites through Cato’s SD-WAN device, the Cato Socket; mobile users via Cato client and clientless access; and cloud resources through Cato’s “agentless” integration. Even third-party devices can be connected by establishing an IPsec tunnel to the nearest Cato PoP.

Identity and access are unified in an easy-to-manage paradigm. This paradigm allows enterprises to focus on security policies, rather than security and networking components, while supporting the shift to a global, distributed architecture that securely connects all the edges of the network.

SASE: It’s more than a well-made security

SASE is more than a security framework and a new networking model that flattens the access stack into an easy-to-manage connectivity fabric with security at its core. This makes a SASE Cloud much lighter since all functions are converged together.

SASE processes traffic faster with less latency while incorporating more context than other networking and security methods. As a software-defined platform, SASE can quickly adapt to changes, such as reconfigurations for scale or agility. SASE also introduces additional network protections, such as the concepts of business continuity, load balancing and improved availability.

You can learn more about SASE by attending a webinar presented by Gartner, hosted by Cato Networks. In this webinar Neil MacDonald, analyst at Gartnerone of the SASE category creators will cover:

  • What is SASE and why is it emerging today
  • What does SASE mean for networking and network security products
  • What are the building blocks of a true SASE architecture
  • The use cases and capabilities that are part of SASE

Click here to join.


Source link