SASE: An Evolution in Cloud Security

by Alberto Jimenez, Sr. Systems Administrator

In the early days of the Internet, businesses with an online presence were responsible for hosting their computing infrastructure on premises. This involved not only purchasing the physical servers, storage systems, network devices, and all software or additional hardware required in their management and operation, data recovery, and security, but also providing the physical security, power, and cooling solutions to keep everything running 24x7. As businesses continue to migrate their locally hosted data centers to the cloud, once traditionally on-premises technologies are evolving into cloud-based versions to address the changing needs of a cloud-centric world.


Cloud service models are what define the modern cloud as we know it. The most popular cloud service models include Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), and Desktop as a Service (DaaS). Without diving deeply into each of these service models, their aggregate purpose is the complete elimination of an on-premises data center such that the responsibility is shifted to a cloud service provider (i.e., Amazon Web Services, Microsoft, Azure, Google Cloud, etc.).


As businesses adopted these cloud solutions, inefficiencies were identified in their execution, and therefore, optimized technologies were required to fill in the gaps of a distributed environment. Some of these included the Software Defined WAN (SD-WAN), Firewall as a service (FWaaS), and cloud access security broker (CASB). The result of implementing these disparate cloud solutions was a better application experience for users, stronger security, optimized workflows, and simplified management.


Enter the Secure Access Service Edge, or SASE (pronounced “sassy”). Simply put, SASE is the combination of SD-WAN capabilities with the security capabilities of the FWaas and CASB, as well as those of the Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), Data loss prevention (DLP), and DNS layer security into a single, cloud-native service model. A point of note here is that the SASE framework’s “edge” is provided through the Points of Presence (PoP), which are vendor data centers close to the endpoints (i.e., client devices).

Gartner, a technology research and advisory firm states, “SASE capabilities are delivered as a service based upon the identity of the entity, real-time context, enterprise security/compliance policies and continuous assessment of risk/trust throughout the sessions. Identities of entities can be associated with people, groups of people (branch offices), devices, applications, services, IoT systems or edge computing locations.”


SASE is an attractive solution because it is a single service, reducing the number of vendors a business must interact with, the amount of hardware required at branch offices or remote locations, the number of agents on endpoints, and therefore the cost and complexity to implement and manage. In addition, end users have a consistent experience regardless of their resource needs or where they or the resources are located. Consistent user policy enforcement at the edge also increases security posture.


As stated, the benefits of implementing a SASE solution are numerous to any business hosting services in the cloud. They can be summarized as the combination of added flexibility, cost savings, simplified management, increased performance, increased security, and data protection in one, comprehensive package.

d1e1871a85e906df5b85bace3dbfd254.jpg

INNOVATION FACILITY NOW OPEN

PSI's state-of-the-art Innovation Facility is now open in Valparaiso, FL. It is designed to provide a cyber secure ecosystem for development of new technologies and approaches, illustrating the company’s commitment to deliver excellence to its customers. Watch a video about the Innovation Facility.