Businesses are moving from on-premise solutions to hybrid, public cloud solutions and managed networks. Adding to this complexity is the growing use of internet of things (IoT) devices, increased personnel mobility and remote working. As cloud utilisation and device propagation continues to expand exponentially, traditional premise-oriented network defence perimeters are weakening and disappearing.
Protection, detection and timely response can collectively guide effective network security. A new expanded security framework is evolving. Identified by Gartner as the secure access services edge (SASE), it is the augmentation and unification of existing networking and cloud technologies into a single cloud-delivered platform.
SASE represents the amalgamation of cloud and network security, effectively a software bridge between private networks and the public cloud, moving security processes out of the data centre and into the cloud. SASE is designed to extend enhanced security capabilities to the network edge, enterprise networks and into the user access domain.
Challenges of deploying SASE
Implementing SASE is not straight forward and deserves due consideration to ensure, that the corporates security principles are not compromised for the sake of operational efficiency. The challenges include:
- The capacity of virtual private network (VPN) links between SASE and private applications
- High web app traffic for SASE solution to process and validate with zero trust policy
- Potential performance variation under varying load conditions
- The number of connections
- Ensuring redundancy is in place and functioning properly in case of failures or downtime
- Working around distributed multi-cloud platforms
- Cyber-attacks potentially comprising performance, while data is being scrubbed
With many network control functions previously performed by traditional servers, routers and firewalls now moving to SASE, effective, objective and certified performance benchmarking becomes even more critical. To account for different scenarios and mitigate risk, SASE models must be thoroughly tested with real traffic, at scale, across different cloud environments and against various malware and equipment failures.
How to test SASE?
Thoroughly testing a SASE architecture requires a virtualised test tool that can function across multiple platforms in a multi-cloud distributed environment. Metrics that need to be measured as part of these tests are concurrent authenticated web connections, throughput, latency, mean opinion score (MoS) score and quality of experience (QoE).
But, on top of pure numbers, it is important to understand the day-to-day effects on employee activities e.g. how many connections can be added before the performance starts to degrade, will zero-trust access contribute a delay in accessing services, will sandboxing incur a noticeable effect in application performance, etc.
Certain office applications demand a high-performance, low-jitter network that is reliable and scalable. Performance and scalability are two very important tests with MoS scores for voice and video providing a measurable performance metric. Content filtering, sandboxing, remote browser isolation and data loss prevention are all additional security mechanisms for protecting the corporation from being attacked or losing sensitive data.
SASE testing tools
SASE testing tools are containerised, can dynamically scale, support real traffic and can inject malware to assess the functionality of security protocols. TeraVM, is a completely software-based, virtualised and containerised next generation firewall (NGFW) and network validation tool, that runs in labs, data centers and servers (in the cloud or on-premise). It can help identify vulnerabilities across networks (fixed and wireless) and cloud infrastructures, emulate a huge range of potential security breaches; from viruses, spyware and malware, to weak bring your own device (BYOD) policies and impersonation. This tool can be deployed in a distributed and hybrid network with central control.
Businesses need to future-proof their network infrastructure and by converging their networks, cloud and security solutions with SASE, they address the opportunities of today and tomorrow.