Distributed applications provide many benefits to businesses and organizations, as they allow one or more local or remote clients to communicate with one or more servers running on multiple machines. This approach to distribution lets businesses operate from any geographical location. However, distributed resources also bring the challenge of providing secure access.
Coined by Gartner, Secure Access Service Edge “SASE” is intended to provide a solution to ensure secure access to such distributed resources for the mobile and remote workforce. SASE is gaining popularity among security experts and cloud enterprise users wanting to secure their access.
In this article, we’ll go through the top five SASE trends that are changing the entire landscape of security in the cloud.
Autonomous networks and automated AIOPs systems.
SASE, along with SD-WAN and AI-powered automation, are foundational technologies for building autonomous networks. SASE and SD-WAN are software-defined technologies, and both include embedded security mechanisms that make them perfect drivers for network automation. These tools have already proven to be efficient for improving cloud application performance. All while undertaking the challenges of security management and network analysis.
According to Forbes Accelerating Autonomous Networking: How SASE Improves AIOps, “when SASE acts as the underlying technology platform for AIOps, the AI engine has everything it needs.” SASE solutions complement AIOPs systems by helping solve long-standing challenges. For example, SASE provides fantastic end-to-end visibility, mainly because they integrate security and network analytics under a single dashboard. In addition, SASE also provides a unified controller allowing AIOps better access controls.
SASE will succeed thanks to SD WAN (and vice versa).
Although the technology behind the MPLS connections is still solid, fast, and secure, MPLS is now largely under-utilized. The new work-from-home workforce pushed the need to invest more in new network architectures that can adapt to remote and mobile users’ demands. Unfortunately, MPLS can’t provide a decent degree of flexibility and competitive price.
According to Forbes’s article, “SD-WAN is key for SASE success and vice-versa.” So, it is a fact that SD WAN is slowly replacing the need for MPLS, but a SASE backed up by an SDWAN solution will likely replace the entire MPLS backbone sooner or later. In addition, Gartner introduced SASE at the beginning of 2019, and according to their latest SASE forecast report, by 2024, more than 60% of SD-WAN deployments will have already implemented the SASE architecture. The forecasted 60% growth is significant, as compared to the 35% of deployments in 2020.
Securing edge and IoT networks from growing SASE PoPs.
The network of distributed SASE’s Points of Presence (PoPs), also known as the edge cloud, is expanding globally. PoPs are used to provide faster and more secure access to hybrid/multi-cloud environments to remote and mobile users or IoT networks. PoPs can be connected to the branch office or remote/mobile user via 4G or 5G, MPLS, or broadband technologies, like xDSL. A PoP may hosts services including FWass, VPN, routing, Network-as-a-Service, WAN Acceleration, SD-WAN control, WiFi control, IPS/IDS, Session Border Control (SBC), CGNAT, and more.
To allow network-intensive applications such as autonomous vehicles, AR/VR, or AI-based video analytics, Multi-Access Edge Computing (MECs) platforms are currently being deployed in service provider’s PoPs and COs (Central Offices). MEC edge deployments are a growing trend among service providers because they help users connect to the cloud. According to MEF, a MEC edge network will help form a geographical SASE cloud (network of PoPs), in which the nearest and most robust MEC will be chosen as the gateway.
Hybrid cloud is driving the need for virtualized customer premises.
Although SASE, at its core, is entirely a cloud-based security (a mid-mile to the last-mile) solution, there is always the need to secure the premises (or first-mile). The premises still host a significant percentage of applications, and data is also usually stored at the premises for reasons like data sovereignty, provider lock-ins, or low latency.
When SASE PoPs are not close to the branch, a full-featured SD-WAN or SASE will need to be deployed on-site. Thanks to technologies such as the universal Customer Premises Equipment (uCPE), network operators can deliver the cloud-native benefits of SASE or SD WAN to the customers’ premises. Deploying a uCPE as a host on-premises allows simple and secure managed hosting and networking services. For example, security models for LANs or WLANs will likely be essential additions to SASE models. Mature SASE solutions will likely provide different security components, such as a physical NGFW or cloud-based FWaaS firewall, plus the standard SASE services.
Integrating MDR into SASE.
Managed Detection and Response (MDR) services are a growing security trend that deals with cyber threats. MDR helps reduce the threat response and detection time. They can be a fantastic addition for organizations trying to mitigate risk without building the entire and complex threat monitoring and management infrastructure.
The design for the SASE architecture is originally intended to provide firewall, intrusion prevention, and Malware detection network functions. But now, many SASE providers are looking into integrating an essential function to manage those exact functions via the MDR. According to SD-WAN Experts, the MDR can be provided as a cloud-native solution that operates from the metadata of the network flows going through the SASE platform. The security data from threat intelligence feeds will ultimately improve the platform.
Whitebox uCPE platforms for SASE Deployments.
Lanner’s whitebox network hardware platforms, in addition to cloud-native SaaS technologies, provide security services via the cloud, mobile, or IoT networks. Whitebox uCPE platforms for SD-WAN and SASE can be deployed on-premises and connected to a cloud-based SASE to control and manage the multiple Virtual Network Functions.
A combined solution would require:
- A powerful computing platform. A multi-core appliance with a high-core CPU provides the optimal performance for multiple virtualized network functions and applications.
- Multiple wireless connectivities. A platform that supports Wi-Fi, Bluetooth, and LTE is vital. Different types of connectivity can provide an Internet bonding or fail-over solution. The edge uCPE will be more versatile and fault-tolerant.
The following Lanner’s SASE appliances will help solution providers benefit from multi-vendor SASE solutions.
- The NCA-1516: a desktop network appliance equipped with wide network communication features and configurations to allow vCPE/uCPE and SASE. The NCA-1516 is powered by Intel® Atom® C3000 and supports both mmWave 5G, Sub-6GHz 5G, and its Wifi 6 is both 2.4G and 5G compatible. Its hardware performance is supercharged with Intel’s QuickAssist Technology and Intel® AES-NI.
- The NCA-4025: a network appliance capable of delivering significant performance enhancement in running multiple VNFs in Cloud-based SASE and SD-WAN. It reduces testing and validation efforts and accelerates time-to-market deployment. The NCA-4025 features 8, 12, or 16-core Intel® Xeon® D-2100 processors, 8x GbE RJ45, 4x SFP+ and Intel® QuickAssist Technology (by SKU) for improved network performance.
SASE is relatively a new term. It is a technology that combines network security functions (such as SWG, CASB, FWaaS, and ZTNA) with WAN capabilities (i.e., SDWAN). SASE uses the combination of these technologies to support the dynamic secure access needs of businesses.
The trends are clear, SASE is being looked at as a technology to support autonomous networks and automated AIOPs systems. SASE will also succeed thanks to SD WAN (and vice versa), and in fact, SD WAN will likely go hand in hand with SASE. For those organizations working in hybrid scenarios, SASE will likely integrate uCPE, virtualized customer premises.