GettyImages e cSqZlL

How security access service edge (SASE) can improve performance and security for hybrid workforces

Today’s business environments are more sprawled than ever — users are accessing networks from point A to point B and everywhere in between.

This has left many cybersecurity teams scrambling to cover all network points and users and ensure that gaps and silos don’t provide easy pathways for threat actors.

The broadened physical and virtual environment blurs visibility and loosens control, making it difficult to track sensitive data, remain compliant and retain secure profiles between office and VPN users.

To gain back control in this complex landscape, more organizations are turning to security access service edge (SASE). This model seeks to reduce risk by moving security capabilities from the data center to the cloud and deploying a software-defined wide area network (SD-WAN).

“SASE architecture is designed to solve the problem of network performance and limited security visibility for distributed corporate business systems (infrastructure, platforms and applications),” said Keith Thomas, principal architect for AT&T Cybersecurity.

“This approach provides better network performance, greater security visibility and a better overall user experience.”

SASE defined

Gartner analysts coined the term SASE in 2019 and split it off into its own Magic Quadrant in early 2022.

The firm identifies it as a “converged network” including SD-WAN, secure web gateway (SWG), cloud access security broker (CASB), zero-trust network access (ZTNA), firewall-as-a-service (FWaaS) and data loss prevention (DLP).

“SASE supports branch office, remote worker and on-premises secure access use cases,” according to Gartner. It is “primarily delivered as a service and enables zero-trust access based on the identity of the device or entity, combined with real-time context and security and compliance policies.”

The global SASE market sat at $665.9 million in 2020, according to one estimate from Grand View Research; the firm anticipates it to continue to expand to 2028 at a compound annual growth rate (CAGR) of 36.4%. Another projection from Markets and Markets says the market will reach $4.1 billion by 2026, representing a CAGR of nearly 27%.

Leading companies in the evolving space include Netskope, Zscaler, Palo Alto Networks, Fortinet, Cisco, Perimeter 81, Cato Networks and Forcepoint.

“Given that many users and applications no longer live and operate on a corporate network, access and security measures can’t depend on conventional hardware appliances in the corporate data center,” said Robert Arandjelovic, director of solution strategy for Netskope.

With SASE, instead of delivering traffic to an appliance for security, users connect to the intermediating service “to safely access and use web services, applications and data with the consistent enforcement of security policy,” he said.

Increased security, decreased complexity

SASE architectures, said Arandjelovic, are typically based on a single-vendor offering that deliver networking and security capabilities together, or a dual-vendor model that integrates an SSE offering with an SD-WAN offering.

And, while each provider varies in how they deliver SASE, they generally adhere to this process:

Users looking to access services, applications or data will connect to the nearest SASE point of presence (POP) and authenticate.Depending on where the resource resides (on a website, in an app, in a private application hosted in a data center or infrastructure-as-a-service), the SASE architecture uses the appropriate integrated service and enables the user to access entitled resources. While this occurs, SASE applies consistent threat protection and data protection controls. Ideally, these leverage a “single pass” approach to minimize user disruption.

The best SASE tools, said Arandjelovic, ensure “fast, ubiquitous connectivity” while adhering to zero-trust principles and least privileged access that adjust based on risk context.

Ultimately, SASE reduces cost and complexity through consolidation, he said, thus enabling companies to “end the cycle of regularly making major investments in separate security services and appliances.”

Important questions to consider

There are many questions to consider when assessing SASE tools, said Bruce Johnson, senior product marketing manager for Cradlepoint. The key ones being:

Will my current infrastructure support SASE? Does my current IT staff have the training required to deploy, manage and support a SASE environment? Does my environment include technologies such as 5G that warrant additional capabilities?

Testing and troubleshooting should then be conducted in a sandbox, he advised, to protect the production environment before hybrid workforce devices are configured.

As he noted, “geography becomes much less important” with SASE because critical services are independent of where employees and resources are located.

For example, “a company that supports a global workforce including hybrid workers can provide protection and network connectivity to a worker anywhere in the world.”

SASE’s modular capabilities

Arandjelovic agreed that, like many comprehensive frameworks, “SASE can appear overwhelming if considered all at once.”

But because it is modular, organizations can adopt it gradually based on their own pace and priorities.

The first step is to collaborate across the “IT divide,” he said, with security and infrastructure teams forming a common set of requirements. Once agreed upon, the next step is to identify and prioritize key projects — whether those be securing access to web and cloud apps, modernizing VPN connectivity or implementing enterprise-wide data protection.

Organizations can then build out controls and policies, and roll out subsequent projects as needed — a process that is simplified due to the unified SASE platform.

A thoughtful, sensible approach

Indeed, many analysts recommend first deploying ZTNA, then extending usage “bit by bit,” said Klaus Gheri, VP of network security at Barracuda.

This is the most “thoughtful and sensible approach” so long as organizations consider such questions as:

Does the solution provide agents for all required platforms? Does it force the funneling of any and all traffic through the SASE service, or does it allow access to other capabilities such as Microsoft 365? Does it allow access to applications other than web apps?Does it allow expansion to adopt additional functions?Does it allow the rollout of devices or sensors for IoT or industrial use cases?

SASE tools should ultimately be all about consistent security — everywhere — with an underpinning of zero trust, he said.

“This ensures that every employee gets secure, reliable and fast application access without the choke point of a VPN concentrator that we used to see,” he said.

“Changing the networking and security infrastructure of an existing company sounds like a scary thing to do — and it often is,” he acknowledged. “So, the benefits need to outweigh the risks and efforts rather quickly.”

Complex, but an investment that pays off

Ultimately, business leaders must be aware that there are many possible paths to take when deciding how and when to deploy SASE, said Mary Blackowiak, lead product marketing manager for AT&T Cybersecurity.

Some choose to source SD-WAN from their security vendor, while others prefer to stack security on top of their existing network infrastructure, she pointed out.

Another option is acquiring the technology and outsourcing to a managed security service provider (MSSP). This can be particularly attractive in light of the security industry’s ongoing skills shortage, she pointed out.

Also, it is critical to build a roadmap of upcoming network and security transformation initiatives and begin the proof of concept process early.

This “can help position businesses for increased productivity, fewer risks and simplified management,” said Blackowiak.

The bottom line, said AT&T’s Thomas, “SASE is a complex and resource-intensive strategic initiative to execute but, ultimately, can be a transformative strategy and provide cost savings to an organization.”

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.

MPL Newzoo PCG hcIWGq

Mobile ‘paid competitive gamers’ are on the rise Newzoo & MPL

Connect with top gaming leaders in Los Angeles at GamesBeat Summit 2023 this May 22-23. Register here. Newzoo and Mobile Premier League (MPL) released a report this week about paid competitive games (PCG). According to the report, this new subsection of mobile games represent a new and growing form of game monetization. By the report’s definition, PCGs are skill-based mobile games that offer monetary rewards, and players earn those rewards by participating in PvP contests. It’s separate from play-to-earn games, though both categories reward players with monetary prizes. P2E games tend to reward players with cryptocurrency while PCGs offer real money. PGCs account for 7% of the global consumer spending on games, and Newzoo expects it to rise to 14% by 2024. Notably, PCGs are formatted as ”skill-based”

Read More »
Like a Dragon Ishin BsMea

Like A Dragon Ishin: A mini-review Kaser Focus

Connect with top gaming leaders in Los Angeles at GamesBeat Summit 2023 this May 22-23. Register here. It’s a strange week when the announcement of Counter-Strike 2 is the highlight. We had a lot of interesting news from GDC, and peeks at upcoming games like Redfall and a TMNT game adaptation of The Last Ronin. But I’ve been in a mood to talk about games themselves. So indulge me while I talk about a title that got eclipsed when Resident Evil 4 Remake dropped into my lap: Like A Dragon: Ishin! I returned to playing the game after RE4R and have a few thoughts about it. Ishin takes place in Bakumatsu-era Japan, and follows a fictionalized telling of real ronin Ryoma Sakamoto. He, like every other character in

Read More »
gordon moore DLcPG

The enduring legacy of Gordon Moore

Connect with top gaming leaders in Los Angeles at GamesBeat Summit 2023 this May 22-23. Register here. Gordon Moore, the elder statesman of the technology industry, passed away today at the age of 94. He was one of the nation’s greatest citizens as a pioneer of the semiconductor industry and chairman emeritus of Intel, which he cofounded in 1968. He was known for formulating Moore’s Law in 1965. He predicted that the number of components on a chip would double every couple of years or so. That prediction has held up remarkably well for about 58 years. In 1965, chip makers could fit about 64 transistors on a chip. By 1971, Intel could fit 2,300 transistors on its first microprocessor, the Intel 4004. Nvidia can now put 80

Read More »
toa heftiba n tf YANE unsplash e yVlHF

Top 5 stories of the week: Generative AI market heating up (even more)

Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More Once again, AI news topped the tech headlines this week — in particular, the generative AI market is becoming increasingly competitive, with both new and well-established enterprises making significant investments. This includes GitHub’s new Copilot X; startup Codium AI’s new code-integrity tool TestGPT; and a whole slew of new tools, services and capabilities from Nvidia. Still, skepticism remains, with OpenAI’s CEO Sam Altman even expressing apprehension. Not topping the list (but still noteworthy AI news): Databricks released its GPT-like Dolly; OpenAI turned ChatGPT into a platform overnight with several new plugins; OpenAI rival Character AI announced a $1 billion valuation; and Google released Bard, a

Read More »
d k eDvZA

Reigning VALORANT world champions use an unstoppable comp on Lotus

LOUD remain at the top of the VALORANT world, having been crowned the game’s second-ever world champion in 2022 and just missing out on making history in the LOCK//IN finals earlier this month. Heading into the first-ever VCT Americas season, LOUD is a heavy favorite to qualify for both Masters Tokyo and Champions 2023 with its South American roster not missing a beat despite replacing two of its players. Aside from boasting one of the most well-respected lineups in the world, however, LOUD has demonstrated time and time again how there are levels to their approach to the game from a strategy standpoint, and the team recently showcased this on Lotus. During LOCK//IN, LOUD actually didn’t play the newest VALORANT map until its very final best-of-five series. Despite

Read More »
mondoposters lAILZ

Funko Has Laid Off Mondo Staff, But Its Movie Poster Business Will Continue

It’s the end of an era for movie fans, as Mondo will reportedly no longer produce unique and stylish movie posters. Mondo’s parent company, Funko, has apparently laid off most of the staff at the Austin-based company and killing off its poster division. [Update: While the layoffs have been confirmed, a representative also told GameSpot that Mondo’s poster business will continue.] According to sources who spoke to TheWrap, Mondo co-founders Rob Jones and Mitch Putnam were also laid off and the company’s division for cutting-edge experiences and products, The Lab, has been shut down. Only the toys and records divisions remain, but as the sources explained, it’s not clear how long they’ll be around for. Senior creative director Eric Garza has also been let go. Funko purchased Mondo

Read More »