As organizations adopt cloud computing and other digital transformation efforts, the ways that enterprise networks are used is changing. While this has an impact on network performance, it also changes how these networks must be secured. Traditional security models, where all traffic is routed through the headquarters network for inspection, are no longer viable.
An emerging solution to the problem of securing evolving enterprise networks is Secure Access Service Edge (SASE). By integrating an organization’s networking and security infrastructure, SASE provides numerous performance and security benefits.
The Changing Enterprise Network
In the past, enterprise networks were very centralized and homogeneous. All of the organization’s systems were located within the network perimeter and largely consisted of workstations and servers. This made these networks easier to secure since the organizations could deploy all security solutions at the network perimeter and be confident that all traffic between internal and external systems would pass through these devices.
The modern network looks very different. Now, most organizations have adopted cloud computing, where sensitive business data and applications are hosted on systems outside of the network perimeter. Networks are also composed of a wide variety of different devices, including mobile devices, Internet of Things (IoT) devices, and other systems.
This evolution of the modern network drives a change in network security. Attempting to route all traffic through the headquarters network for security purposes is no longer viable due to its impact on network performance and latency. At the other extreme, attempting to individually secure each endpoint with specialized point solutions increases security complexity and degrades network visibility. Securing the modern network requires integrating networking and security infrastructure.
The Importance of Integrating Networking and Security
Attempting to achieve networking and security performance requirements using layered, standalone solutions is not scalable. The average organization uses five different clouds, each of which represents a completely unique environment that must be secured. Between five or more clouds, on-premises data centers, mobile devices, and IoT devices, an organization must protect a wide range of different systems.
Since most security appliances cannot operate in all these environments, many organizations have a wide range of security solutions deployed on their networks. While this may help to address specific security edge cases for each environment, it dramatically decreases network visibility and security integration. It also is an unscalable approach to security since networks will only continue to grow in both size and complexity.
Effectively securing an organization’s network requires integration of networking and security infrastructure. By monitoring and inspecting traffic as it moves over the network rather than once it reaches an individual environment’s network perimeter, it is possible to standardize and simplify an organization’s security deployment. This makes it easier to maintain visibility into traffic flowing over the network and to enforce consistent security policies despite the heterogeneous nature of the organization’s endpoints.
However, simply integrating security into an organization’s network infrastructure isn’t enough. Several vendors offer software-defined wide area networking (SD-WAN) solutions with integrated security. However, these solutions are only able to secure the traffic that flows over their network links. In the modern network, where a mobile user may wish to visit a cloud-based application, there may not be a need for some traffic to flow over the enterprise WAN. While forcing all users to connect via the WAN is a viable option, it can have significant performance impacts if not done properly.
SASE Enables Converged WAN Infrastructure
Secure Access Service Edge (SASE) is an emerging solution that is focused upon integrating networking and security functionality. SASE is in the early stages of development but is considered to be “transformational”, according to the SASE section of the Gartner Hype Cycle for Enterprise Networking, 2019 Report.
In this report, Gartner also defines some of the key functionality for a SASE solution. One of the main areas of focus is security integration. SASE combines a variety of different security solutions that are usually offered as standalone solutions. These include:
- Secure web gateway
- Software defined perimeter
- DNS protection
- Firewall as a service
By integrating these solutions into the network infrastructure, SASE provides several benefits. First, an organization no longer needs to purchase and deploy standalone appliances for each solution. Second, the use of converged solutions means that the various components of a SASE solution can be optimized to work together more efficiently than standalone solutions. Finally, integrated security simplifies network visibility since the need for a wide array of point security solutions is eliminated.
However, integration of security and networking isn’t sufficient for a SASE solution to be effective. These integrations solve the security issues associated with WAN, but SASE must also offer high-performance networking. This requires deployment of an array of geographically-distributed points of presence (PoPs). Every SASE user must connect via a PoP, so a SASE solution without a well-distributed network of PoPs will experience significant performance and latency impacts. An effective SASE solution provides both well-integrated security and a high-performance network of distributed PoPs.
The Future of Secure WAN
The adoption of cloud computing, mobile, and the Internet of Things has driven a need for edge-focused network security. It is no longer viable to route all traffic through the headquarters network for security purposes. SASE solutions focus on integrating network and security infrastructure. This provides a variety of network performance and security benefits to the organization since security integration allows additional performance optimizations and enhances network visibility.