SASE, security, and the future of enterprise networks
Hype can be hard to see through, and those who work in the technology industry have seen plenty of next ‘big thing’ technologies that failed to deliver on their promises. In recent years a new technology has been thrust upon enterprise IT teams, Secure Access Service Edge, better known to many by its acronym, SASE.
The problems SASE looks to address aren’t all new, and in relative terms neither are the technologies used to meet these challenges. Enterprises have long been faced with issues about how to provide high-speed connectivity to applications for users on and off network, how to secure their networks from threats both inside and outside, and how to better control user access to applications and data. There are more than enough point solutions in the enterprise IT market that companies use today. What has changed is the revelation–in both customers and technology vendors–that to truly deliver a secure and integrated experience, network and security can no longer be on the periphery to one another, they must be delivered as a fully integrated solution where security isn’t bolted onto the network, it’s fully integrated into it.
Transforming to this new model also helps to break down a critical problem of competing objectives within enterprise network and security teams. Network teams need to provide ubiquitous, high-speed access to applications, while security teams look to mitigate risk to infrastructure and data, often having to limit access to services to meet their objectives. Both teams are doing what’s right and is in the best interest of the user and company, but they are fundamentally at odds. One team, networking, is focused on enabling access while the other, security, is working to limit it. Compounding these challenges is the fact that both teams are often working with different technology stacks to achieve their objectives, adding significant integration and management complexity, enabling new threat vectors through misconfiguration and lack of integration, and negatively impacting user and administrator experience in the process. Without a new approach to how technology is implemented and deployed, these problems persist. Enter SASE.
SASE, more than just a product, is fundamentally a framework for merging cybersecurity and networking together to solve for these challenges. While the definition of SASE and the products–Software-Defined WAN (SD-WAN) and Security Service Edge (SSE)–encompassed within it are well defined, the implications of this level of integration are potentially much wider ranging when looking at security and the network more broadly. SASE today is focused on the edge of the network, ensuring that users have ubiquitous, high-speed, and secure access to applications whether they are on or off network. Security and network are merged in a seamless marriage through integrated technology stacks that require little configuration, but maximum capability. SASE, by its current definition, is a fully available technology today.
Looking beyond the current state and definition of SASE, focused on users and devices at the edge, there is a phenomenal opportunity to extend the benefits of integrated network and security solutions throughout the rest of the enterprise. Unified security policy from the edge to the access layer shifts security policy throughout the network to enable enforcement everywhere, integrated network access control (NAC) and identity management systems, and centralized security policy will ultimately provide a safer, easier to manage, and more capable network for everyone involved. The harmony achieved at the edge between SD-WAN and SSE is only the beginning of how tightly integrated security and networking will ultimately become, driven by a broader SASE framework.
While this technology continues to mature, it’s important to look for technology vendors that have a vision beyond the hype, with an actual roadmap for truly integrating security into network products. There are many security companies and many networking companies, there are very few security-first networking companies that will be able to deliver on this new set of capabilities.
To learn more, please visit our webpage on unified SASE.
Other resources:
HPE Aruba Networking SSE web page
EdgeConnect SD-WAN Overview web page
Originally published on HPE Aruba Networking blog on 11/13/23.