Is your network architecture ready to get SASE?

Managing and securing IT infrastructure has never been more challenging.

The demands of remote working, on-going digital transformation, and migration to hybrid and multi-cloud environments all contribute to a highly complex environment. Complexity is the enemy of security, with an increased chance for access blind spots and overlooked vulnerabilities that can be exploited by threat actors.

As firms search for new ways of keeping up with these demands, a model known as Secure Access Service Edge (SASE) has emerged as one of the most popular approaches. Pronounced ‘sassy,’ SASE is a cloud-native model that combines key network management and security functionality into a single package.

Critical assets such as SD-WAN, cloud access security broker (CASB), secure web gateway and Zero Trust Network Access are delivered through a unified approach. Because everything can be offered through the cloud, organisations can ensure that their entire infrastructure receives the same level of visibility and control, regardless of the devices and processes at play.

However, because it is an aggregate of tools and services rather than a single solution, SASE is not a simple plug-and-play offering. Implementation requires coordination between network and security teams, and a streamlined network and security architecture ready to best take advantage of all the opportunities it can offer.

So how can organisations ensure that their architecture is SASE ready?

Scalability and neutrality are key

SASE has a strong focus on delivering flexibility and scalability, with its cloud native approach making it easier for businesses to keep up provision as they grow. If the underlying architecture is too rigid and inflexible, firms will be unable to fully capitalise on the benefits of SASE. Older legacy technology will usually present the most problems so companies with ageing infrastructure should consider how they can update and streamline their IT estate.

Alongside scalability, SASE is all about creating a unified approach to managing network performance and security. To facilitate this, businesses need to have architecture that can support consistent network policies across all environments. Security, networking, user, application, and analytical policies should be consistent regardless of whether they are on-prem or in the cloud. Inconsistent policies can lead to redundancies that create unnecessary management complexity once SASE is implemented.

Hardware neutrality is another key factor in limiting management complexity. Firms need to ensure that all equipment can support the same policies and controls. Using a microservice design can help here – deploying an architecture that consists of a collection of small, autonomous services. Each can be deployed and maintained independently within a single application or API, helping to create a fluid SASE architecture that runs equally well on public or private cloud instances.

The importance of single-pass for security  

Once network structure has been assessed and optimised for SASE, the next step is working on security architecture. SASE works with a single-pass approach that means data packets travel through a single processing chain for all sub-processes and features. This approach can provide much higher throughput and lower latency than standard architecture, while also delivering strong security.

Multi-tenant segmentation is another critical security architecture requirement. Because SASE delivers network security by isolating and segmenting traffic, every user or tenant must have a separate operating environment, profiles, privileges, policies, and configurations. Further, segmentation must be accompanied by inline encryption to enable SASE solutions to inspect and terminate encrypted sessions as needed.

Integration is the key to SASE

SASE is all about creating a more unified, streamlined approach to network management and security. That said, attempting to dive straight into a SASE model without laying the groundwork can have the opposite effect, creating unnecessary management burdens by duplicating work.

With foundations complete, firms also need to make sure they select the right solution for the job. Ideally this should be a single SASE service that can deliver all the key network management and security functionality in a single offering. Integration is the heart of SASE – without this, it’s merely a collection of tools bundled together. The more functionality that is integrated into a single solution, the better the reduction in management costs and resources.

By taking the right steps in preparing their network architecture and selecting the right SASE solution for the job, businesses can ensure that they are positioned to take full advantage of the agility and cost savings the model can deliver.

About the Author

Sunil Ravi is the Chief Security Achitect at Versa Networks. Sunil helps architect and build internet enabled products and services that offer high performance, scalability, security and flexible infrastructure. He has B.E degree in Computer Science from the Birla Institute of Technology and Science, Pilani.

Featured image: ©Jamesteohart

more insights