Secure Access Service Edge (SASE) is an enterprise security architectural model for networking that is de­sig­ned to support faster application access. Under this model, networking and cloud-delivered security converge in a high performance, single-pass architecture with unified management. As people have started to work remotely following the Covid-19 outbreak, the need to deploy the SASE model has become more urgent for securing networks and enterprises are rushing to this solution.

A look at the evolving SASE market, adoption trends, key components and benefits of the technology, and the way forward…

Market overview and uptake

According to the Dell’Oro Group, the SASE market will grow at a compound annual growth rate of 116 per cent by 2024, attaining a market value of $5.1 billion. The majority of the near-term SASE revenue is expected to come from a combination of software and hardware sold as physical appliances. For long-term SASE revenue growth, the Dell’Oro Group is of the view that software purchases and a cloud-hosted software-as-a-service (SaaS) model will likely take over.

As far as the adoption of the SASE mo­del among enterprises is concerned, Gart­ner has forecasted that at least 40 per cent of enterprises will have SASE adoption strategies in place by 2024. Garson expects that most enterprises will adopt SASE over the next five years. At present, more than 27 vendors have adopted SASE in some capacity.

Operators too are deploying SASE so­lu­tions to offer better services to their en­terprise customers. Recently, in July 2021, Bharti Airtel strengthened its relationship with Cisco to provide SASE capabilities to its software-defined wide area networking (SD-WAN) customers. The new connectivity solution announced by the telco will enable the digital transformation of businesses, regardless of their size. Further, this new solution from Airtel will allow organisations to deliver applications with better security, performance and visibility to their customers.

Key growth drivers

As per industry experts, near-term growth in the SASE market will be largely driven by small- to mid-sized businesses. Some of the key trends that are driving the SASE market are as follows.

  • Adoption of SaaS: In traditional on-premises network architectures, backhauling SaaS traffic to the data centre for security worsens latency and increases network costs. As cloud environments become more prevalent, SASE is allowing organisations to move network security services from the data centre closer to remote users.
  • Uptake of remote working practices: Ever since the pandemic began, remote working has become more of a norm among organisations. As employees have now started working from varied locations, ensuring security of networks th­ro­ugh traditional VPNs is not feasible. Traditional VPNs do not offer granular security controls.
  • Evolving threat landscape: Security teams need to continually upgrade and update their infrastructure to tackle new threats. This is a complex, time-consu­ming work that still often leaves many organisations open to zero-day threats.

Key components

The SASE model converges comprehensive SD-WAN and network security functions into single-pass architecture, administered via a unified management plane for networking and cybersecurity. Some of the key components of SASE are:

  • SD-WAN: SD-WAN enables resilient, low latency connectivity over any type of network transport, while reducing the complexity compared to traditional rou­ter-based solutions. Analysts have highlighted that cloud-native and real-time apps benefit from SD-WANs. SD-WANs provide capabilities such as path selection based on path quality assessment, WAN optimisation, and peering with SaaS applications. In addition, some SD-WANs have network security features such as integrated intrusion detection/prevention systems (IDS/IPS) and simplified set-up of VPN tunnels between branch offices and SaaS apps.
  • Secure web gateway: A secure web gateway is an enterprise cybersecurity so­­l­ution, typically implemented inline as a cloud service that is set up between users and the web. User traffic is forwa­rded to the secure web gateway for ins­pection and further action depending on requirement. This is done through built-in network security capabilities such as URL filtering, application control, and anti-malware defence.
  • Cloud access security broker: This is another key component of the SASE model. With a cloud access security broker (CASB), an enterprise can manage access control for all approved and unapproved SaaS apps. CASB security solutions are built upon four main pillars – improved visibility; data security for shielding sensitive data from unauthorised access; threat prevention through capabilities like behavioural analysis; and simplified proof of compliance.
  • Zero-trust network access: Zero-trust network access (ZTNA) enforces the principle of least privilege on authorised users accessing sanctioned applications. This system evaluates access attempts based on identity information from clo­ud services like Microsoft Azure Active Directory and parameters like time of day and location. Access may even be granted to applications instead of the underlying network to prevent the lateral movement of threats. Owing to these functional features, ZTNA provides better user experience, tighter se­cu­rity controls and reduced complexity in comparison to traditional VPN solutions.
  • Firewall-as-a-service: According to a ma­r­ket study, firewall-as-a-service (FWaaS) implements ingress and egress se­curity controls across an enterprise network to ensure that only trusted traffic may pass. Industry studies suggest that an FWaaS solution can integrate anomaly-based (signature-less) threat detection, network sandboxing, geolocation, anti-malware software and IDS/IPS solutions. FWaaS is often integrated with security analytics solutions for comprehensive protection of data centres, cloud instances and branch offices.
  • Data loss protection: Data loss protection is another important component of the SASE model. It is integrated into the single-pass architecture of a SASE platform. A data loss protection engine offers visibility into the data in use, in motion, and at rest. It can effectively isolate risky data or activity, enforce encryption, and send network security alerts to lower the overall risk of a data breach.
  • Encryption/Decryption of content: A unique attribute of the SASE model is that the single-pass architecture of SASE allows encrypted traffic to be opened and inspected just once. This helps reduce the latency of traditional security stacks with service-chained inspection engines.

Benefits

Cyberattacks and threats have increased as hackers have taken advantage of the shift to remote and hybrid work models being adopted by organisations. Today, enterprises need to empower all employees with a fast, consistent and secure digital workspace experience, regardless of the­ir location or device. In addition, IT teams need to be­come more agile so that they can focus on delivering new digital ser­vices rather than spending the majority of their time managing complex networking and security concerns. Addressing these needs requires dep­loyment of a ro­bust security model. As such, there is a growing shift towards cloud-based security and SASE solutions.

As organisations enable their employees to access corporate resources remotely, cloud-based security services and SASE technology are gaining interest as they address the pressing need for fast connectivity and reliable security regardless of device, location or target resource. With users working from anywhere, cloud services improve the performance and availability on a global scale.

The SASE model addresses the limitations of traditional network architectures by converging cloud networking and security. The SASE framework consolidates cloud services to minimise attack surfaces and improve user experience. Further, it ensures that networking and security both evolve and converge. By doing this, the SASE framework enables agile, unified, single-pane-of-glass administration that includes provisioning as well as granular policy control and visibility. It also enables consistently fast and secure app access everywhere by virtue of WAN capabilities that overcome the unpredictability of local internet breakouts. Moreover, the SASE model allows the consistent enforcement of security compliance policies through a global security cloud for all users, regardless of their locations. A look at some of the benefits of SASE…

  • Superior user experience: Direct internet access eliminates latency from backhauled connections. However, the SD-WAN and WAN optimisation functionality within SASE solutions is required to ensure consistent perform­a­nce even as internet performance fluctuates. Single-pass architectures ensure that the inspection and policy engines do not add unnecessary latency.
  • Improved security: Identity-aware, zero-trust access is enabled for sancti­o­ned applications. This reduces the att­ack surface and impedes the lateral mo­vement of malware within the enterprise network. For web and unsancti­o­ned applications, comprehensive, clo­ud-delivered security ensures a con­sis­te­nt security posture, regardless of em­plo­yee location.
  • Greater IT agility: SASE architectures can help consolidate point solutions ac­ross networking and security. Single-ven­dor solutions offer deeper integratio­ns and unified management, which simplifies deployment, configuration, re­por­ting and support services. Since SASE architectures require moving security to the cloud, the overall hardware footprint is reduced, which in turn improves architectural elasticity and scale.

Outlook

In line with the increasing adoption of cloud-based computing, remote working and IoT technologies, both networking and security infrastructures are evolving. Going forward, as per industry experts, security and networking industries will consolidate over the coming years. The emergence of SASE, which is a combination of both security and networking technology, is part of a larger trend that will drive vendor consolidation. This changing trend will present ample opportunities for new and existing vendors to foray into the SASE space and secure a stake in the growing market early on.