In order to implement SASE to your networking system, you need to fulfill a number of requirements:
- The convergence of WAN edge and network security models
- Cloud-native, cloud-based service delivery
- A network designed for all edges
- Identity and network location
1. The convergence of WAN edge and network security models
Firstly, it requires the convergence of the WAN edge and network security models. Why? It is because the customer demands simplicity, scalability, low latency and pervasive security which drive the requirement for the convergence of these models. So, we have a couple of options. One may opt to service the chain appliances; physical or virtual. Although this option does shorten the time to market, however, it will also result in inconsistent services, poor manageability, and high latency.
Keep in mind the service insertion fragments as it makes two separate domains. There are two different entities that are being managed by limiting visibility. Service chaining solutions for Gartner is not SASE. The approach is to converge both networking and security into the cloud. This creates a global and cloud-native architecture that connects and secures all the locations, cloud resources, and mobile users everywhere.
SASE offerings will be purpose-built for scale-out, cloud-native, and cloud-based delivery. This will notably optimize the solution to deliver low latency services. You need a cloud-native architecture to achieve the milestone of economy and agility. To deliver maximum flexibility with the lowest latency and resource requirements, cloud-native single-pass architecture is a very significant advantage.
2. Cloud-native, cloud-based service delivery
Edge applications are latency-sensitive. Hence, these require networking and security to be delivered in a distributed manner which is close to the endpoint. Edge is the new cloud that requires a paradigm shift to what cloud-based providers offer with a limited set of PoP.
The geographical footprint is critical and to effectively support these edge applications requires a cloud-delivery-based approach. Such an approach favors providers with many points of presence. Since the users are global, so you must have global operations.
It is not sufficient to offer a SASE service built solely on a hyper-scale. This limits the providers with the number of points of presence. You need to deliver where the customers are and to do this, you need a global footprint and the ability to instantiate a PoP in response to the customer demands.
3. A network designed for all edges
The proliferation of the mobile workforce requires SASE services to connect with more than just sites. For this, you need to have an agent-based capability that should be managed as a cloud service.
In plain words, SASE offerings that rely on the on-premises, box-oriented delivery model, or a limited number of cloud points of presence (without agent-based capability), will be unable to meet the requirements of an increasingly mobile workforce and the emerging latency-sensitive applications.
4. Identity and network location
Let’s face it, now there are new demands on networks emerging from a variety of sources. This results in increased pressure on the traditional network and security architectures. Digital transformation and the adoption of mobile, cloud and edge deployment models, accompanied by the change in traffic patterns, make it imperative to rethink the place of legacy enterprise networks.
To support these changes, we must reassess how we view the traditional data center. We must evaluate the way we use IP addresses as an anchor for the network location and security enforcement. Please keep in mind that anything tied to an IP address is useless as it does not provide a valid hook for network and security policy enforcement. This is often referred to as the IP address conundrum.
SASE is the ability to deliver network experience with the right level of security access. This access is based on the identity and real-time condition that is in accordance with company policy. Fundamentally, the traffic can be routed and prioritized in certain ways. This allows you to customize your level of security. For example, the user will get a different experience from a different location or device type. All policies are tied to the user identity and not based on the IP address.
Finally, the legacy data center should no longer be considered as the center of network architecture. The new center of secure access networking design is the identity with a policy that follows regardless. Identities can be associated with people, devices, IoT or edge computing locations.
Contact us to find out more on SASE and our team will guide you through with more information.