Palo Alto Networks Explains SASE
SASE (Secure Access Service Edge) stands for the combined provision of WAN edge and network services in companies.
Companies have to manage an ever-growing pool of technology, while the service edge in which everything takes place is growing. In addition to the on-premises resources in data centers, these are branch offices, mobile employees and SaaS applications from the cloud. At the same time, companies are using more and more security solutions, such as WAN optimization, next-generation firewalls, Secure Web Gateway, SD-WAN, Zero Trust Network Access and Cloud Access Security Broker. The provision, maintenance and updating of these individual solutions always pose challenges for companies.
Palo Alto Networks Highlights: Why Security and Agility Benefit from SASE
SASE unifies access to applications and data, regardless of whether a user is currently in the main office, in the home office, in a branch office or any other place. A central platform is available for the secure use of on-premises and cloud-based resources. The relatively new term SASE was coined by Gartner about three years ago. Given the trend towards the cloud, SaaS applications and growing business environments, access to business-critical resources had to become both more agile and more secure. For this purpose, it was necessary to operate network and security services as efficiently as cloud and SaaS-based business applications and to solve previous challenges – with SASE.
Similar to Zero Trust, SASE aims to provide security services as directly as possible to the resources that need to be protected. Cloud and SaaS-based applications offer companies many advantages, but also create risks. In order to ensure a certain level of security, it was previously necessary to route the respective traffic via security appliances, which affected the performance of the applications.
Existing portfolios often do not cover SASE requirements
The SASE approach, on the other hand, envisages providing all services from one platform and supporting all access options on an equal footing. The aim is to streamline the technology and simplify the administration and implementation of guidelines. However, this is not exactly possible with separate point solutions, even under the roof of one provider. However, SASE makes it possible to cover the entire spectrum of services centrally.
The need for secure access to resources has emerged in the form of SASE. Many established security vendors cannot cover the range of services SASE defines by Gartner. They try a stripped-down interpretation of SASE, based on SD-WAN, IAM (Identity and Access Management) or SWG (Secure Web Gateway), supplemented by optional security services. However, these piecemeal operations lead to exactly what SASE is not. Properly implemented, all the necessary services should be available via a uniform platform according to the As-a-service principle, instead of throwing different components together as before.
How the implementation of SASE succeeds
SASE stands for a convergence of all services required today for secure network operation and access as a unified service. Even the bundling of several solutions from one provider does not do justice to this approach, since the interaction is often not thought out and the effectiveness is not optimal.
The provision and administration of all services must also be SASE-compliant. However, physical devices are still required here, for example for traffic routing to the edge, which is usually done using an SD-WAN appliance. However, all services for administration, computing resources and security policies should be provided by SASE from the cloud.
Mobile and hybrid working models are now so feasible that they do not come at the expense of application performance. Just like network and security services, it is important to manage the user experience in a modern way, integrated into the SASE platform.
Some questions need to be clarified
For a successful conversion to SASE, the following questions must be clarified:
- Are all locations where employees work, i.e. headquarters, branches and home office as well as mobile access on the go, taken into account? The same applies to access to resources that can be located in the data center, in the public/private/hybrid/multi-cloud, in SaaS environments or on the Internet. Which existing solutions are currently being used for access?
- Is it possible to ensure the desired level of security, data security and protection against malware everywhere, no matter where the employees are and which applications they access?
- Is the goal to maintain security and at the same time consolidate the technology pool? How can this be achieved?
- How to get an overview of the entire application deployment up to the endpoint and thereby optimize the user experience?
- Is it possible to unify the guidelines for the network edge independently of the individual locations, in favor of a good user experience and problem-free scalability regardless of location?
Palo Alto Networks points out that: Before those responsible in the company decide to switch to SASE, they should know the user experience of their employees. The pandemic-related accelerated introduction to mobile or hybrid models has revealed a lot of catching up to do here. Problems with unstable and slow Internet and network connections were commonplace in many places. In order to manage the user experience and – where necessary – to optimize it, a detailed insight into the performance of all connections is a prerequisite. SASE can also help here.