Cloud-First SASE Architecture : Framework & Components

In the Gartner’s “Hype Cycle for Enterprise Networking, 2019” report, Secure Access Service Edge (SASE) was the hot topic vis-a-vis  digital transformation of enterprises.

What is Gartner SASE networking model?

Gartner SASE, an acronym of secure access service edge, is an architectural framework for security and networking model that combines VPN and SD-WAN capabilities to address digital business transformation, edge computing, and hybrid workforce.

The Gartner Hype Cycle

Proximity to “cloud-first” strategies mentioned how transforming digital enterprises would react to adopting cloud-based services and edge computing. Also, we saw, during the pandemic, how remote work and increased reliance on cloud services boosted zero trust network access model.

As businesses tend to become less dependent on the private data center, demand for scale-out applications has inspired organizations to shift data and workloads in the cloud (both the Cloud and Mobility) are defining the modern cloud-native security functions.

In other words, security is moving to the cloud. With this, the hybrid workforce needs to get teamwork and resources together regardless of its location. It means the core interconnectivity of WAN capabilities, Firewalls, IPS tools, and other security and networking solutions need to be on the same page, i.e., one place.

SASE adoption is the key solution where SD-WAN and key network security functions such as:

  • Secure Web Gateway (SWG)
  • Cloud access security broker (CASB)
  • Firewall as a Service (FWaaS) and
  • Zero Trust Network Access (ZTNA), etc.

combine themselves to meet emerging business needs.

Like many other organizations, you are facing a lot of new drivers, new challenges for how to adjust to where the world is going.

What is SASE Architecture?

SASE network architecture is a single global platform that connects and secures any physical, cloud, and mobile resource(s).

In other words, SASE architecture prescribes combine Of Security & Network Connectivity Components

As a result of the significant departure from the office, you know began in March of 2020, people are working in more places than ever before. Alright? Your data Is very likely is spread out throughout the cloud and
It’s no longer just back in your data centers and proprietary applications.

And in fact, what we’re starting to see now in 2021 is almost a shift to yet a different model with people beginning to return to the office, but not all at once.

  • People and data everywhere make visibility, control harder
  • Data breaches, especially remote, are more frequent, costly
  • But changing without breaking what works is imperative

And not, you know, permanently shifting. But spending a few days working at home, a few days working in the office, even for some people a few days, week, travelling.

And so this having people working anywhere creates a need for how you connect them and how you protect them.

What are the 4 key characteristics of SASE architecture?

Cloud-native Architecture

SASE consolidates WAN and network and security services to unfold a unified cloud-delivered model.

In simple terms, Cloud-native SASE architecture means that security resides within virtual cloud resources and not the traditional data centre.

The cloud-native network security solution – is tagged as the next wave of SD-WANs.

Reason is simple.

Traffic patterns have gone undergone a sea change. If we look at the pattern of traffic from current or previous time’s point of view, it’s inbound in nature.

In other words, users or office staff, working at offices has the leeway of getting cloud-native virtual resources when and where needed.

The USP of SASE architecture is that it shifts security out of data centers and places in the company of corporate users, data, and applications.

How SASE security does this?

With the help of distributed points of presence (PoP).

Let’s try to understand these PoPs and its 2 capabilities – one by one.

Global Network Mesh:

This helps SASE network security build its own private network of points of presence (PoPs). Latency and loss during internal public traffic is lessened as the private network of points of presence (PoPs) embraces routed through it. This helps global workers whose work requires travel commitments.

Distributed Inspection and Policy Enforcement:

As remote work and work from home culture becomes normal, mobility has become a key part of remote working. So, this means, users, offices and hardware, with distributed work culture, also need to match distributed security inspection and policy enforcement.

In the abovementioned paragraphs we read about secure web gateways (SWG) and this is what helps serving users and applications in the cloud. Data loss protection (DLP) and remote browser isolation also helps users work from remote environment, immensely.

Delivered from the cloud, SASE’s cloud-native security principles have capabilities like:

  • Elasticity
  • Adaptability
  • Automation
  • Self-healing
  • Self-maintenance

Thanks to the pandemic and remote workers, the way we work has changed. With the growing shift from private data centers into the public cloud, modern security landscape is changing.

SASE security takes care of corporate assets with the help of new network technologies and network processes in the digital era.

Identity-Driven

Supports All Edges

Globally Distributed

SASE is Network Security for Businesses

You know, everywhere, as they use your sensitive data and intellectual property because ultimately, data breaches you know are becoming more costly and more common.

So when we look at that SASE, this is a hot topic. Big buzzwords are getting a lot of coverage, and people frequently ask us.

How do I get started?

What is it ultimately all about?

And as you may have heard, SASE was coined in 2019 by Gartner. The name for cloud-based architecture that reinvents security that used to be delivered as individual point products literally as boxes, either in a data center or at every site where people were and instead.

The capabilities and functionality of those boxes. Again, we reimagine them as cloud services that enabled the same policies to be enforced everywhere, whether working from home or working from a hotel or working in an office.

So when you look at what SASE is, alright, it’s not some big giant elephant that you have to eat all at once, and instead, if you’re using the cloud to protect people as they go and use the Web.

If you’re using the cloud, you’re doing SASE to protect yourself; you know Office 365 as people are working.

Yeah, you’re doing SASE if you’re replacing VPNs with New Zero Trust network access or ZTNA solutions for getting to your internal private applications.

You’re doing SASE. And even as organizations look at how they connect and protect their branch sites.
I can’t what they would be given to do is to look at using the cloud not just to provide network security but
Put to provide web security to provide cloud security, to provide security and build private apps.

All of that is doing SASE.

Gartner-defined SASE architecture

Optimized Network Routing

Security as a Service

Secure Access

3 SASE Components

Zero Trust Network Access (ZTNA) Components

Strong Authentication

Authorization and Access Control

Continuous Session Monitoring

Cloud-Based Security Components

Firewall as a Service

Cloud Access Service Broker

Secure Web Gateway (SWG)

Endpoint Security

Software-defined WAN (SD-WAN) functionality

2 Advantages of SD-WAS as SASE Component

Optimized Path Selection

Application-based Routing

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

SASE Explained:

  • What SASE Security is.
  • What SASE includes.
  • SASE benefits.

and more...

Brought to you by Perimeter 81

Secure Access Service Edge (SASE) : A Primer

What is SASE?

  • What is SASE Security?
  • SASE Security Components
  • SASE & SD-WANs
  • Zero Trust Network (ZTN)
  • SASE Benefits
ZCyber Security

Brough to you by Perimeter 81

Scroll to Top