Secure Access Service Edge (SASE) is often pitched as the solution to secure and thus enable remote working at scale, but in fact many organizations are buying SASE simply to improve user experience and usability, while reducing cost and complexity. Networking and cybersecurity are not separate topics anymore. Even if there is an empty castle, business leaders still need to arm the horses.
SASE for Superheroes eBook: How SASE Is Transforming Network Security
Get our SASE for Superheroes eBook and discover how to combat tool sprawl and secure your remote workforce from outside threats post-pandemic. Radically simple cybersecurity. Learn why organizations are rapidly embracing SASE as part of their long-term security strategy plan
Mathias Widler is VP, SASE at Palo Alto Networks EMEA.
Indeed, the SASE model does deliver security controls as close to the end user as possible for internal resources as well as external-facing sites, applications, and APIs. Helping organizations to improve their overall security posture and make it harder for malicious actors to exploit vulnerabilities and launch successful attacks. It combines wide area network (WAN) functionality with network security services to protect against cloud-enabled SaaS and Web threats. However, this network infrastructure technology also provides CISOs, network, operations and workplace managers and their teams with the ability to create an efficient, cost-effective, and secure network they can trust.
User experience and usability
Security companies and customers buy SASE to improve user experience (UX) and usability, as well as save on the cost of network transformation. Many employees are still working remotely but VPN is slow and requires manual set-up, there are multiple clients and lots of profiles to consider, so it is critical to provide network managers with choice. Combining SASE with a Zero Trust model changes things, such as avoiding the wait for the service to fire up and users no longer need different profiles. It’s fast and the end user does not have to do anything. SASE Zero Trust replaces classic VPN and there is no longer the need to fire up individual clients, users do not need different profiles either. SASE is fast and hassle-free; this is the usability aspect.
The foundation of security is Zero Trust. SASE is built as the core network and security infrastructure of a business, rather than as a remote access solution. Its architecture uses a variety of threat and contextual signals to establish trust and ensure secure access to internal resources and the internet. Only authorized, trusted, and inspected users and devices are given access permission to cloud hosted applications via ZTNA. SASE incorporates software-defined wide area networking (SD-WAN) and Zero Trust technologies to provide secure access to users from the cloud rather than their devices, as with a VPN. A SASE solution can include threat prevention, web filtering, sandboxing, DNS security, credential theft prevention, data loss prevention, and next-generation firewall policies.
The SASE framework is also edge native. It therefore offers low-latency connectivity and security for users, devices, and services – a global fabric of points of presence (PoPs) delivers networking and security controls without sacrificing performance. Speed and page load time is critical to user satisfaction. Latency is usually measured in milliseconds; Microsoft does not recommend going above 50ms roundtrip time for Office 365 products. Poor latency will annoy, frustrate, and bother end users. SASE guarantees fast user to application connection, which subsequently enhances the user experience. IT has the job to make sure everything works seamlessly, network managers have no control but full responsibility, IT executives and their teams need to make sure uptime is high and time to resolution is fast.
Save money and boost productivity
Furthermore, by adopting SASE businesses can not only become more productive but also reduce both operational and licensing costs, by reducing the need for security teams to constantly upgrade proxies for example. Its direct to cloud architecture, with a platform approach, provides the best benefits for customers. Gone are the days of racking and stacking tons of appliances for networking and security. Archaic solutions such as firewall and proxy necessitate several vendors. Time is wasted updating and upgrading proxies, teams need time to develop knowledge of different vendors and build proxy capacity for several years. Two proxies are less reliable than one cloud, plus operational efforts are very high. It is difficult to manage and correlate several security and networking vendors and tools into a single risk rating.
The SASE framework integrates network and security services, which subsequently reduces complexity for IT and security teams while increasing visibility and ease of management. There is no need to upgrade or update when leveraging the cloud – organizations can benefit from better user experience and productivity, making cost savings as a result. Digital transformation pushes business leaders to change network infrastructure and protect users. Businesses, no matter big or small, need cloud and connectivity to secure remote users and reduce hosting fees. SASE is vital in helping organizations to improve global scale and operational resilience. At the same time, IT executives and their teams can boost productivity and efficiency by delivering network and security services on one platform. This reduces friction by securing the network without degrading performance. Building an enterprise strategy around a single platform not only aligns security and IT teams but enables them to work in tandem as well.