SASE (Secure Access Service Edge) is a cloud-native technology that establishes network security as an integral, embedded function of the network fabric.
It supplants legacy services offered by single-purpose point-solutions situated in location-locked corporate premises such as data centres.
Gartner’s ‘The Future of Network Security Is in the Cloud’ research stated that the digital economy security focus shifts from the data centre to the identity of the user/device in conjunction with the data context of the communication session.
“Legacy security overlay solutions fail to provide the agility, flexibility, connectivity and security required in the network fabric that weaves together the digital economy: cloud-native, mobile, everything-connected.
A SASE architecture can translate to improved security and network performance, for less money, compared to separate SD-WAN, routing, and security solutions that need to be integrated and managed,” says Andre Kannemeyer, CTO at Duxbury Networking, distributor of Versa solutions in South Africa.
Gartner expects that by 2023, 20% of enterprises will have adopted SWG (secure web gateway), CASB (cloud access security broker), ZTNA (zero trust access network) and branch FWaaS (firewall as a service) capabilities from the same vendor, up from less than 5% in 2019. And by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018.
Delivering key capabilities
SASE delivers attributes to address to digital transformation:
- You have complete flexibility regarding where and when security services are applied when security is integral to the network fabric. Meshed traffic patterns are handled with efficiency.
- Security is policy-driven, independent of location, and largely independent of device. This enables security services based on the user’s identity instead of an IT-controlled device, network access point (Internet, cloud, corporate, VPN) or location.
- SASE applies security based on the communication session and can therefore take into consideration the identity of both the user and the device as well as the data context of the transaction.
- SASE is a purely software-defined service and does not rely on any hardware appliance or location.
- SASE can be applied at the ever-shifting, logical edge of the network (a communication session), rather than at the physical ‘edge’ (an IT-controlled device or corporate office).
- Many IoT devices have little to no local security capabilities. SASE, with security in the network fabric, can safely connect these devices.
Ticking the Gartner boxes
Kannemeyer says that SASE is fast gaining popularity for its ability to offer a convenient, cost-effective, agile and scalable software as a service (SaaS) product for networking and security.
“In the current environment, where the number of remote workers has rapidly increased and organisations have adopted cloud solutions to run their applications, this can provide a simple tool that is independent of the location of employees and resources.”
Versa Networks has gained recognition by Gartner as possessing 13 out of the 15 SASE components listed by the global research and advisory firm.
Gartner’s ‘SASE Will Improve Your Distributed Security Everywhere’ report compared SASE components of 56 vendor products, with 13 SASE components being the highest offered by any vendor.
SASE aims to simplify security through centralised policy control with a focus on cloud-based security services.
When correctly orchestrated, centralised policy can use factors like identity and user context to govern how services are routed and protected.
Versa SASE is able to deliver comprehensive integrated SASE services both on-premises and via the cloud using the same operating system within a single software stack, VOS (Versa Operating System), based on the Versa Single-Pass Parallel Processing architecture.
Due to the genuine multi-tenant capabilities, VOS delivers these services via the cloud, taking advantage of cloud economies of scale while servicing hundreds of thousands of tenants simultaneously.
Versa SASE is also available as a private cloud service wherein enterprises can operate, manage and host their own private Versa Cloud Gateways wherever they choose.
According to Gartner, security and risk technical professionals choosing SASE as their architectural approach should:
- Select tools that minimise the number of service policy control points — this simplifies SASE orchestration.
- Ensure interoperability and ease of integration between SASE components are clear requirements for all selections.
- Maximise the use of one vendor to provide the most SASE components and avoid added integration complexities.
According to Gartner, “Gartner expects SASE will provide agility to cope with rapidly changing network and security conditions.
We predict that it will help manage complexity for network and security in a distributed solution.
SASE orchestration provides the means to maintain a single security policy throughout a distributed environment for control, inspection and monitoring. SASE’s cloud-native design improves the ability to scale network traffic and security capabilities.
Zero-trust network access is likely to be a major feature in a SASE deployment. Its use reduces your cloud’s attack footprint. We predict SASE will improve enterprise application availability.
“SASE is nothing new for Versa, it’s a collection of security and networking services they have been deeply integrating for years delivered via the cloud and on-premises,” says Kannemeyer.
“Versa SASE saw significant traction in 2020, particularly as part of its work-from-home (WFH) offering, and projections are for even greater rapid growth in 2021.
Versa SASE continues to be the only SASE solution combining a fully integrated robust set of SASE services within one operating system software stack using a single-pass parallel processing architecture and delivered via the cloud, on-premises, or as blended combination of both.”
Versa SASE enables consistent security policies, network policies, business policies, and application policies seamlessly between on-premises and cloud services.
Versa SASE runs on VOS, which is designed with the Versa Single-Pass Parallel Processing architecture that combines full-featured SD-WAN, extensible networking, complete integrated security, advanced scalable routing, genuine multi-tenancy, and sophisticated analytics into one software image.
“This integration and design methodology dramatically decreases latency, significantly improves performance, and mitigates security vulnerabilities which other solutions introduce by running multiple software stacks, service chains, or appliances,” says Kannemeyer.