November 18, 2021
Successful SASE Deployment Relies on Security Components and Strategy
Explore the network security components and various strategies for implementing SASE.
A benefit of secure access service edge (SASE) is the ability for users and equipment to connect to a centralized cloud-based service. This delivery system supports users wherever they are located, permitting flexible working environments.
However, organizations are faced with scaling their existing platforms to deliver consistent connectivity and security to hundreds or thousands of remote users in multiple locations.
With SASE architecture, it’s possible to meet these demands without compromising security or performance. Through simultaneous delivery of multiple security components and comprehensive SASE deployment strategies, organizations can implement SASE architecture seamlessly.
4.4x
The increase in extremely satisfied line-of-business users in organizations that have prioritized SASE and realized cloud acceleration benefits
Source: Enterprise Strategy Group, “Quantifying the Benefits of SASE” (PDF), 2021
Network Components
The security components of a SASE deployment play a vital role in protecting users and devices from cybersecurity risks. However, these are effective only if they are delivered to endpoints as a bundled set of security services. The network components of a SASE deployment offer this delivery service.
VPN as a Service: SASE deployments provide users with a robust set of secure network services wherever they travel. This approach replaces traditional virtual private networks with a bundled service offering that uses VPN encryption to protect network traffic to and from endpoints while also adding on the other layers of SASE defense.
SD-WAN: Software-defined wide area networking rests at the heart of an organization’s SASE deployment. The SD-WAN approach uses intelligent orchestration software to provide secure, reliable interoffice connectivity over internet circuits, rather than relying on expensive private circuits. SD-WAN allows organizations to avoid overtaxing their data centers with internet traffic by allowing remote offices to access the internet directly. SASE enables this approach by moving security to the service edge, allowing organizations to confidently move forward with direct internet access for remote offices.
Circuit aggregation and consolidation: SD-WAN and direct internet access allow organizations to dramatically reduce their connectivity costs by aggregating and consolidating communication circuits. Offices no longer require multiple circuits to connect to other locations; instead, users can rely on a single commodity internet connection (and perhaps an LTE/5G backup) to connect them to the SD-WAN environment.
Strategies for Effective SASE Deployment
As organizations consider the future of SASE deployments, they should also rethink both their security posture and their network connectivity model. Changing to a decentralized enforcement of centralized security policies marks a major paradigm shift, but it comes with the significant benefits of reduced network costs and improved security posture. With the right planning, SASE initiatives can deliver tremendous business value.
SASE deployments differ from other security projects organizations undertake. The cloud-based nature of SASE components requires organizations to make minimal capital expenditures because there isn’t much hardware to purchase. This approach also dramatically reduces the risk of sizing and scaling the security components of a SASE deployment. Cloud-based SASE components can simply scale with the business, expanding and contracting to meet changing requirements. SD-WAN connectivity is perhaps the only area of a SASE deployment that requires careful sizing prior to selection.
The service-based nature of SASE solutions also provides a significant degree of flexibility over traditional tools. Organizations can avoid “big bang” upgrade and migration projects that cause service outages and instead opt for small, controlled pilot testing of new technology with isolated test groups. Once they’re confident that the technology works properly, rolling it out to the entire organization is often as simple as flipping a switch. This approach improves the user experience and limits the negative impact of changes.
SASE solutions also fit nicely into efforts by organizations to automate their security operations. Application programming interfaces offered by SASE component providers enable the direct integration of SASE tools with security orchestration, automation and response platforms. This allows both internet-based tools and on-premises security devices to play a role in the organization’s automated responses to changing cybersecurity circumstances. By working cooperatively with other security tools, SASE components provide IT teams and security leaders with both enhanced visibility into their current security posture and rapid response capabilities when things go wrong.
The future of SASE deployments is bright. As these technologies mature, organizations should expect to see even greater benefits from their security ecosystems. SASE components will likely offer even tighter integrations with identity providers that help enable zero-trust initiatives. Security teams should also expect to see enhanced integrations with mobile device management and other security configuration tools, providing centralized and robust control of both devices and the network connections that serve them.
Story by:
Phillip McClure, a senior IT professional with over 35 years of experience in a variety of disciplines at both staff and management levels. He specializes in architecting, implementing, and managing complex multi-vendor enterprise network and security infrastructures. As a solution architect for CDW, Phillip collaborates with customers to build a strategic vision for their network and security frameworks that enables cost-effective, secure, reliable and scalable services. Phillip’s networking vendor experience includes Aruba, Cisco, Meraki, Juniper and Extreme wired, wireless, WAN and management solutions as well as Cisco, Check Point and Palo Alto security solutions. He holds numerous manufacturer and industry networking and security certifications. Before joining CDW in 2019, Phillip was a Principal Network Security Architect for over 17 years working with clients in the DoD; state, and local government; K-12; higher education; healthcare; and financial sectors on network, network security and security compliance projects. Phillip’s previous roles include Principal Solutions Architect for Enterasys Networks; and Assistant VP - Data Communications, Mainframe and Distributed Systems for Citizens Financial Group.
Pete Schepers, who has been with CDW for more than 13 years and has worked in roles on the Professional Services side of CDW and most recently as a Secure Network Access Solution Architect. Working with professional services allowed Pete to have in depth experience at deploying both small- and large-scale networks across technology spaces. The technologies include security, networking, and wireless. Pete can help customers align business strategies with technology solutions in wired and wireless infrastructure. Pete helps customers create value with IT stakeholders and become a more relevant part of the business. Solutions focus includes security at the edge , SD Wan technologies, and digital transformation.
70%
The percentage of IT professionals who consider application security to be of high importance when enabling remote access
Source: checkpoint.com, “Secure Access Service Edge (SASE) Solutions are the Future: Survey Uncovers Organizations’ Security Priorities for Hybrid Working,” July 8, 2021
To learn more about how network security components can help implement SASE architecture, read the white paper “How SASE Can Improve Security” from CDW.
MKT49863