Best Practices for Protecting the Network Edge Include SASE

The SASE model for remote access and security could enable the next phase of digital transformation for an MSP’s customers.

4 Min Read
SASE network edge
Getty Images

The increased use of remote and cloud-based resources resulting from the COVID-19-fueled work-from-home trend has highlighted another trend that was already underway before the pandemic: The network edge isn’t what it used to be.

According to a 2019 Gartner report, “The Future of Network Security is in the Cloud,” the entire concept of the network perimeter has rapidly evolved. “The enterprise perimeter is no longer a location,” Gartner says. “It is a set of dynamic edge capabilities delivered when needed as a service from the cloud.”

The data center isn’t at the center of connectivity requirements anymore as companies shift to a dynamic access model. More users, devices and applications are located outside the organization than within.

According to Gartner, complexity, latency, and the need for decryption and inspection of encrypted traffic will increase demand for the secure access service edge (SASE), which consolidates networking and security-as-a-service capabilities into a cloud-delivered service.

That’s because digital transformation is built on anytime/anywhere access to applications and services. Building out from the data center can actually inhibit digital progress.

To ensure low latency, businesses will need edge computing capabilities that are distributed and operate closer to systems and devices.

That’s where the value of SASE offerings will be critical.

According to Gartner, “SASE offerings will provide policy-based software-defined secure access from an infinitely tailorable network fabric. Security professionals can precisely specify the level of performance, reliability, security, and cost of every network session based on identity and context. The emergence of SASE will create a significant opportunity for security and risk professionals to enable the changing security access requirements of digital transformation, providing secure access capabilities to a variety of distributed users, locations and cloud-based services.”

Inspection engines and algorithms will move closer to end users and edge devices. Endpoint identities will include branch offices, IoT devices and individual users operating a mobile device. All of these identities need access to network capabilities across the network.

According to Gartner: “Secure access decisions must be centered on the identity of the entity at the source of the connection (user, device, branch office, IoT device, edge computing location and so on).”

A SASE approach enables security teams to deliver secure network security services consistently, no matter where the network access occurs.

These solutions require robust toolsets. Barracuda, for example, has introduced Barracuda CloudGen WAN, a secure, global SD-WAN service built on Microsoft Azure. Using CloudGen WAN, companies and service providers can create a practical SASE solution in the public cloud.

In a recent report, “Secure SD-WAN: The Launch Pad into Cloud,” Barracuda found that SD-WAN is being used by more than half of organizations that have added security to the public cloud to address lack of access control and backhauling traffic.

CloudGen WAN is a SaaS service deployed directly from the Azure Marketplace for as many regions as needed and administered centrally in the CloudGen WAN portal for all office locations and remote endpoints.

With SASE, organizations can reduce security complexity and costs by consolidating secure access services. SASE also enables new applications and services because they are securely available to partners and contractors. There is also lower latency and greater transparency for users.

SASE also enables zero-trust network access because access is based on user/device identity.

SASE adoption will be disruptive.

Gartner provided several recommendations for shifting to this model of edge/perimeter protection:

  • Require SASE vendors to provide evidence of third-party testing of SD-WAN capabilities and security capabilities, and require network security vendors to show you their SASE roadmap.

  • SASE should be positioned as a digital business enabler that provides greater speed and agility.

  • Security staff will need to deliver policy-based security services, not just manage “security boxes.”

  • Engage now with network architects to plan for SASE.

  • Architect solutions so that inspection engines move to the user session, not the other way around.

  • If possible, reduce network security complexity by shifting to one vendor for secure web gateway (SWG), cloud access security broker (CASB), DNS, zero-trust network access (ZTNA) and remote browser isolation capabilities.

SASE adoption is still low, but Gartner predicts that by 2024, at least 40% of companies will have SASE strategies in place. And while many MSPs may not be working with their customers to deploy SASE, it is important to remember that many customers are adopting cloud apps and services at an unprecedented rate. (Q2 2020 cloud services spending was 30% higher than Q2 2019, per research from Canalys.)

As companies of all sizes continue on their digital transformation journeys, there will be opportunities for MSPs to look among their customer bases to determine who has the need for these types of networking and security solutions offered as a cloud-based service–and then to fulfill those needs using a new and unique approach made possible by SASE.

Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.

 This guest blog is part of a Channel Futures sponsorship.

 

Read more about:

MSPs
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like