Security Where Needed
with Cloud-Managed SASE

By: Renuka Nadkarni

With digital transformation, users and applications are anywhere, and the traditional network and location-based design architecture is obsolete. Users require flexibility with hybrid workforce and applications delivered as-a-service or across multiple clouds. The technology around access control, threat protection, and authorization must evolve to this new paradigm. At the same time, enterprises are looking for agility—fast provisioning of applications along with the corresponding network, security, and observability. While IaaS allows instantiating a workload in just a few minutes, the end-to-end provisioning may take days or even months.

As an example, one of our enterprise customers shared the fact that the service-level agreement to provision applications was 24 hours, whereas the networking and security team required two weeks.  These disconnects in deploying network and security services slow down the business and its ability to operate at the speed of change.

As a lifeline, about three years ago, Gartner proposed the secure access service edge, or SASE, with the promise of integrated cloud-first networking and security capabilities that can be easily orchestrated along with application provisioning. The underlying concept of SASE is the twin pillars of network-as-a-service and network security-as-a-service. The former includes SD-WAN, optimization, CDNs, and other connectivity features. The latter includes a mix of security functions that include a secure web gateway (SWG), firewalling, cloud access security broker (CASB), and zero trust network access (ZTNA). More recently, Gartner has defined this security pillar as the security service edge, or SSE to include SWG, CASB, and ZTNA. But what is key is SASE’s as-a-service aspect, aligned with the movement to the cloud.

Figure 1: A look at the architecture
click to enlarge

Within the market, most of the focus is on the technology underpinnings for SASE—the various networking and security capabilities, and who offers what. Ultimately, to guarantee SASE success, we need to take a step back and look at the bigger picture. To offer the true flexibility that SASE promises and to deliver choice when required requires an underlying architecture equipped for this evolution. There are a few different important dimensions to this requirement, including technology, operations, sustainability, and cost.

Technological needs

Distributed data plane

With users and applications anywhere, security enforcement must happen closer to the source. Security controls should be easily enforceable at multiple places and wherever needed. This approach requires a combination of security applied at the customer premise closer to where the users are, in the cloud, and closer to the destination where the applications are. It must be truly distributed, a cloud-native data


Latest Updates

Subscribe to our YouTube Channel