The network edge has evolved drastically in recent years. The pandemic, of course, fast-forwarded everyone’s plans for moving distributed services out to the cloud. As a result, the edge has exploded, and it’s no longer the traditional perimeter of campus and data center networks. The new edge is wherever devices are.
Many organizations remain oriented toward the traditional perspective of the edge — as a perimeter — simply because they haven’t yet figured out how to operationalize the alternative. In the past, centralized security worked because it maximized control and visibility. It was easier to protect data and defend against attacks. There was a trade-off for remote users, however, in performance and experience.
That was less of an issue when organizations had only a handful of remote users to support. Scaling to support hundreds or thousands of pseudo-permanent microbranches and remote users is a different story. Trying to funnel them all through a centralized control point can work, but it causes so many performance issues that this approach may no longer be practical.
Now, however, it’s possible to distribute the overall environment while centralizing security policy through a secure access service edge (SASE) architecture. With the capabilities SASE provides, organizations can migrate away from centralization without compromising security or performance.
SASE’s Efficient Data Flow Leads to Better Performance
Last year’s rapid shift to remote operations has sparked widespread interest in SASE, even as the concept itself is still solidifying throughout the IT industry. Essentially, SASE delivers security within a distributed model by facilitating users’ connectivity in the most direct, efficient way possible while allowing administrators to continue implementing policy-based control.
Users’ data no longer needs to travel all the way back to the data center. Now, that traffic can go straight to a cloud-based Software as a Service provider, for instance, which saves significant time. Because this improves performance so dramatically, it’s been one of the big drivers in recent months to the shift away from centralized security.
The SASE umbrella includes components such as software-defined WAN, per-application VPNs, zero-trust network access and cloud-delivered Firewall as a Service.
Apply Intent-Based Security to Users, Regardless of Location
SASE also helps with visibility, which in many cases has been a challenge for organizations trying to establish distributed security. When users leave a traditional VPN because of performance issues, the organization loses control and visibility over its endpoints. Because it sends traffic through what is essentially a cloud proxy, SASE reinstates that visibility.
As a client that runs at startup and then connects to cloud security services, SASE is transparent to the user. In a sense, it puts everyone behind a giant firewall, with all the trappings and capabilities that the security stack can provide, while connecting the user to a local service in ways that improve performance.
Then, administrators can take the security posture they have created from an intent level and push that down to all users, regardless of where they are. Frankly, it’s the best of both worlds.
SASE is an approach, not a product. Organizations can start by adopting as much or as little as needed and build on that foundation long term. To support organizations as they plan their adoption of SASE, we offer workshops to help develop a strategy and determine next steps.