Oct 14 2020

What Government Needs to Know About the SASE Framework

The secure access service edge approach converges networking and security to deliver improved performance and visibility.

In 2019, Gartner proposed a new architecture that flipped the traditional stack, converging networking and security into something called the secure access service edge, or SASE (pronounced “sassy”) for short.

Digital transformation, a rise in remote work and ongoing cloud adoption were already forcing agencies to manage risk in new ways — and that was before the pandemic. The coronavirus, as we all know, forced an unprecedented mass shift to telework, which has accelerated those trends even more.

Today, government employees are accessing data and applications from more devices and geographies than ever before. From a security perspective, that means people are the new perimeter. As data and applications continue to leave the data center, there’s no need to route users through it for access. In order to keep this new perimeter secure, however, a cloud-native approach to both security and networking is crucial.

EXPLORE: Find out how agencies can shift away from perimeter-based defenses.

What Is the SASE Framework?

The technologies that make up a SASE architecture are not necessarily new. Instead, what’s new is their convergence, or level of connectivity. Simply bundling traditional networking and security stacks and putting them in the cloud is insufficient. It creates holes for attackers and can lead to straining resources and racking up extra costs. I’m reminded of regional security stacks of nonintegrated, multivendor, best-of-breed solutions of the past decade that cost a lot and delivered very little.

Software-defined wide-area networking (SD-WAN), zero trustcloud access security brokers (CASBs) and Firewall as a Service are common core ingredients of a SASE suite. In a nutshell, SASE is a framework for these technologies to be rearchitected and redesigned in the cloud. Many organizations were already connecting straight to the cloud using SD-WAN technologies, which bypass centralized premises-based security gateways. But that shift cannot overlook crucial security defenses, which must be able to function wherever users are interacting with data.

SD-WAN solutions should seamlessly utilize cloud-based web security and CASB services to scan and monitor traffic across all locations. If a user accesses a cloud app and begins transferring sensitive information to a thumb drive, that must be detected and blocked. Without such capabilities, you cannot protect data in the cloud.

Meanwhile, zero trust means that no users are trusted by default. In fact, zero trust states that organizations need to proactively control all interactions between people, data and systems to control risks.

Users must be authenticated by identity, credential, and access management and identity and access management. But authentication can’t stop at the front door. User monitoring is also required to detect any anomalous actions that might signal either inadvertent risk or an actual breach, and then offer a dynamic, quick way to respond. Inspection and understanding of data policies is required in a SASE framework to properly apply policies.

The Benefits of a SASE Approach for Agencies

All of these components must work together in order for a SASE framework to become reality. Once again, unified, cloud-native services are particularly important with workers logging on from all across the globe. There are countless benefits to embracing SASE.

For one, networking teams can improve performance and consolidate the number of devices they must deploy. At the same time, security teams are regaining visibility and control of data at the user level.

By following a SASE framework, agencies can provide consistent firewalls, intrusion prevention, web security and cloud app access control everywhere, managed from a single console in the cloud. Operations speed up and friction is removed, preventing a slowdown by traditional security services and architectures.

Even before the pandemic, vendors were eager to take advantage of the new, growing SASE market. According to Gartner, 20 percent of enterprises will have adopted these capabilities from a single vendor by 2023, compared with just 5 percent in 2019. I think we’ll find these numbers to be low in retrospect, as the coronavirus pandemic forces and accelerates a massive move to the cloud.

But not all SASE architectures are equally well integrated. Some vendors cut down their time to market through acquisitions or partnerships — a shortcut to convergence. Vendors who link a wide swath of disparate services may not manage them as well, and their platforms may have higher latency. However, this market is evolving very quickly. Since so many agencies are working to totally rethink their approach to cybersecurity in the wake of the pandemic, it may be better to begin with short-term contracts to test utilization, ease of use and effectiveness. Since these products are offered as a service, subscription licensing may be available across offerings, which allows for greater flexibility.

DOWNLOAD: Read this white paper to explore how next-generation endpoint security solutions can help your agency.

Why SASE Makes Sense Amid the Pandemic

When Gartner proposed the SASE architecture last year, there was no way to guess that a pandemic was just around the bend. What passes for normalcy in the wake of the coronavirus is vastly different from what passed for normalcy just a year or two ago.

Yet, despite how much has changed, the SASE framework was, in a sense, ahead of its time. The pandemic simply accelerated the need to combine networking and security into a single architecture, so users can go directly to the cloud without putting sensitive data or applications at risk.

SASE represents a fantastic starting point for federal agencies who are currently rethinking their infrastructure and security. The key is being judicious about which vendors they choose and fully understanding desired outcomes and how seamlessly different components of their SASE architecture work together.

Quardia/Getty Images