Secure Access Service Edge (SASE) is an enterprise security architectural model for networking that is designed to support faster application access. Under this model, networking and cloud-delivered security converge in a high performance, single-pass architecture with unified management. As people have started to work remotely following the Covid-19 outbreak, the need to deploy the SASE model has become more urgent for securing networks and enterprises are rushing to this solution.
A look at the evolving SASE market, adoption trends, key components and benefits of the technology, and the way forward…
Market overview and uptake
According to the Dell’Oro Group, the SASE market will grow at a compound annual growth rate of 116 per cent by 2024, attaining a market value of $5.1 billion. The majority of the near-term SASE revenue is expected to come from a combination of software and hardware sold as physical appliances. For long-term SASE revenue growth, the Dell’Oro Group is of the view that software purchases and a cloud-hosted software-as-a-service (SaaS) model will likely take over.
As far as the adoption of the SASE model among enterprises is concerned, Gartner has forecasted that at least 40 per cent of enterprises will have SASE adoption strategies in place by 2024. Garson expects that most enterprises will adopt SASE over the next five years. At present, more than 27 vendors have adopted SASE in some capacity.
Operators too are deploying SASE solutions to offer better services to their enterprise customers. Recently, in July 2021, Bharti Airtel strengthened its relationship with Cisco to provide SASE capabilities to its software-defined wide area networking (SD-WAN) customers. The new connectivity solution announced by the telco will enable the digital transformation of businesses, regardless of their size. Further, this new solution from Airtel will allow organisations to deliver applications with better security, performance and visibility to their customers.
Key growth drivers
As per industry experts, near-term growth in the SASE market will be largely driven by small- to mid-sized businesses. Some of the key trends that are driving the SASE market are as follows.
- Adoption of SaaS: In traditional on-premises network architectures, backhauling SaaS traffic to the data centre for security worsens latency and increases network costs. As cloud environments become more prevalent, SASE is allowing organisations to move network security services from the data centre closer to remote users.
- Uptake of remote working practices: Ever since the pandemic began, remote working has become more of a norm among organisations. As employees have now started working from varied locations, ensuring security of networks through traditional VPNs is not feasible. Traditional VPNs do not offer granular security controls.
- Evolving threat landscape: Security teams need to continually upgrade and update their infrastructure to tackle new threats. This is a complex, time-consuming work that still often leaves many organisations open to zero-day threats.
The SASE model converges comprehensive SD-WAN and network security functions into single-pass architecture, administered via a unified management plane for networking and cybersecurity. Some of the key components of SASE are:
- SD-WAN: SD-WAN enables resilient, low latency connectivity over any type of network transport, while reducing the complexity compared to traditional router-based solutions. Analysts have highlighted that cloud-native and real-time apps benefit from SD-WANs. SD-WANs provide capabilities such as path selection based on path quality assessment, WAN optimisation, and peering with SaaS applications. In addition, some SD-WANs have network security features such as integrated intrusion detection/prevention systems (IDS/IPS) and simplified set-up of VPN tunnels between branch offices and SaaS apps.
- Secure web gateway: A secure web gateway is an enterprise cybersecurity solution, typically implemented inline as a cloud service that is set up between users and the web. User traffic is forwarded to the secure web gateway for inspection and further action depending on requirement. This is done through built-in network security capabilities such as URL filtering, application control, and anti-malware defence.
- Cloud access security broker: This is another key component of the SASE model. With a cloud access security broker (CASB), an enterprise can manage access control for all approved and unapproved SaaS apps. CASB security solutions are built upon four main pillars – improved visibility; data security for shielding sensitive data from unauthorised access; threat prevention through capabilities like behavioural analysis; and simplified proof of compliance.
- Zero-trust network access: Zero-trust network access (ZTNA) enforces the principle of least privilege on authorised users accessing sanctioned applications. This system evaluates access attempts based on identity information from cloud services like Microsoft Azure Active Directory and parameters like time of day and location. Access may even be granted to applications instead of the underlying network to prevent the lateral movement of threats. Owing to these functional features, ZTNA provides better user experience, tighter security controls and reduced complexity in comparison to traditional VPN solutions.
- Firewall-as-a-service: According to a market study, firewall-as-a-service (FWaaS) implements ingress and egress security controls across an enterprise network to ensure that only trusted traffic may pass. Industry studies suggest that an FWaaS solution can integrate anomaly-based (signature-less) threat detection, network sandboxing, geolocation, anti-malware software and IDS/IPS solutions. FWaaS is often integrated with security analytics solutions for comprehensive protection of data centres, cloud instances and branch offices.
- Data loss protection: Data loss protection is another important component of the SASE model. It is integrated into the single-pass architecture of a SASE platform. A data loss protection engine offers visibility into the data in use, in motion, and at rest. It can effectively isolate risky data or activity, enforce encryption, and send network security alerts to lower the overall risk of a data breach.
- Encryption/Decryption of content: A unique attribute of the SASE model is that the single-pass architecture of SASE allows encrypted traffic to be opened and inspected just once. This helps reduce the latency of traditional security stacks with service-chained inspection engines.
Cyberattacks and threats have increased as hackers have taken advantage of the shift to remote and hybrid work models being adopted by organisations. Today, enterprises need to empower all employees with a fast, consistent and secure digital workspace experience, regardless of their location or device. In addition, IT teams need to become more agile so that they can focus on delivering new digital services rather than spending the majority of their time managing complex networking and security concerns. Addressing these needs requires deployment of a robust security model. As such, there is a growing shift towards cloud-based security and SASE solutions.
As organisations enable their employees to access corporate resources remotely, cloud-based security services and SASE technology are gaining interest as they address the pressing need for fast connectivity and reliable security regardless of device, location or target resource. With users working from anywhere, cloud services improve the performance and availability on a global scale.
The SASE model addresses the limitations of traditional network architectures by converging cloud networking and security. The SASE framework consolidates cloud services to minimise attack surfaces and improve user experience. Further, it ensures that networking and security both evolve and converge. By doing this, the SASE framework enables agile, unified, single-pane-of-glass administration that includes provisioning as well as granular policy control and visibility. It also enables consistently fast and secure app access everywhere by virtue of WAN capabilities that overcome the unpredictability of local internet breakouts. Moreover, the SASE model allows the consistent enforcement of security compliance policies through a global security cloud for all users, regardless of their locations. A look at some of the benefits of SASE…
- Superior user experience: Direct internet access eliminates latency from backhauled connections. However, the SD-WAN and WAN optimisation functionality within SASE solutions is required to ensure consistent performance even as internet performance fluctuates. Single-pass architectures ensure that the inspection and policy engines do not add unnecessary latency.
- Improved security: Identity-aware, zero-trust access is enabled for sanctioned applications. This reduces the attack surface and impedes the lateral movement of malware within the enterprise network. For web and unsanctioned applications, comprehensive, cloud-delivered security ensures a consistent security posture, regardless of employee location.
- Greater IT agility: SASE architectures can help consolidate point solutions across networking and security. Single-vendor solutions offer deeper integrations and unified management, which simplifies deployment, configuration, reporting and support services. Since SASE architectures require moving security to the cloud, the overall hardware footprint is reduced, which in turn improves architectural elasticity and scale.
In line with the increasing adoption of cloud-based computing, remote working and IoT technologies, both networking and security infrastructures are evolving. Going forward, as per industry experts, security and networking industries will consolidate over the coming years. The emergence of SASE, which is a combination of both security and networking technology, is part of a larger trend that will drive vendor consolidation. This changing trend will present ample opportunities for new and existing vendors to foray into the SASE space and secure a stake in the growing market early on.