Traditional network architectures are rapidly becoming outmoded. They were built for bygone days when applications and other corporate resources were housed in the data center—the go-to point of access for users and devices.
In today’s world, where the perimeter has dissolved, enterprises are expanding their environments to cloud platforms and software-as-a-service (SaaS) applications. As Gartner points out in its recent report, “The Future of Network Security Is in the Cloud" (registration required), just about everything you can think of is now running or stored outside the enterprise—from work applications to sensitive data and traffic, both at the main office and branches.
Digital business transformation has ushered in a demand for greater agility. Companies are finding that they need to provide consistent and secure globally available access to applications and services, regardless of where users—whether employees or customers—are located or what devices they are using. The evolution of a user-centric world has brought forth a technology known as cloud-based secure access service edge (SASE, pronounced “sassy”). Gartner defines SASE as a solution that offers “comprehensive WAN capabilities with comprehensive network security functions (such as SWG, CASB, FWaaS, and ZTNA) to support the dynamic secure access needs of digital enterprises.”
The architecture of a true SASE solution is distributed and globally accessible. No matter where in the world users are located and no matter what applications they need to access, the SASE architecture uses intelligent methods to manage and optimize direct connections (peering) to the closest cloud applications and services. The big benefit of this approach is that it optimizes bandwidth and ensures low latency—and the result is seamless and secure connectivity that makes for a great user experience.
A true SASE model runs on a proxy-based architecture, which provides flexibility that is unmatched by traditional network architectures. It enables scalability and typically inspects all traffic, including encrypted traffic. The key benefits of a proxy-based architecture are less complexity and security, more comprehensive and stronger security, and increased application performance. Let’s drill down into some of the specifics:
SASE is architected in a way that places it close to users. In a world where much of what users need to access is outside the data center, relying on a traditional network to route access requests to and from the data center can impact the user experience and productivity—not to mention that dedicated MPLS is prohibitively expensive. A SASE solution, on the other hand, relies on direct peering, which enables it to intelligently send user access requests to the applications closest in geographic location, providing a great user experience. It also optimizes direct connections (peering) to cloud applications and services, which ensures excellent performance and low latency.
True cloud-native SASE architectures are usually multi-tenant, with multiple customers sharing the underlying data plane. According to Gartner, some vendors use a dedicated instance per customer, but this will limit the SASE solution’s ability to scale. The most effective SASE solutions are built from the ground up to be truly multi-tenant. The best SASE vendors have well-developed cloud infrastructures, and some have more than 100 data centers worldwide. This type of multi-tenant architecture allows users to access any of the vendor’s data centers and still stay secure while providing an environment that can scale globally and on demand for fast-growing enterprises that will soon be on their way to full cloud.
Now that you have a good idea of the SASE architecture and how it works, you’re ready to start on your journey to digital transformation. There is a caveat, however, that Gartner points out in its report. Some vendors say they have a SASE solution, but the reality is quite different. These providers use an approach that is much like a traditional network. They rely on virtual machine-based offerings running in cloud-provider infrastructures. There are several problems with this approach:
Chris Morosco is Senior Director of Product Marketing at Zscaler.