Open in app

Sign in

Write

Sign in

SASE Evolution, Trends and Predictions - Part 1

Rishabh Parmar
9 min readJan 5, 2021

--

Introduction:

We have been hearing about the Secure Access Service Edge or SASE model for the entire 2020. It is said to be a perfect integration of connectivity and security which can be useful for numerous use-cases if deployed wisely. Is it revolutionary or hype in the secure connectivity world? What will be the new security trends for 2021? We’ll explore that in this article.

SASE is a package of technologies that includes network security, FWaaS (firewall-as-a-service), ZTNA (zero-trust network access), VPN, DNS, (SWG) cloud secure web gateway, (RBI) remote browser isolation and CASB (cloud access security brokers), for a hybrid cloud-based service model over (WAN) wide-area networking. Some of the key attributes for SASE include:

  • Global SD-WAN footprints via Gateways and PoPs
  • Distributed Inspection and Policy Enforcement
  • Support for the Cloud Native Architecture
  • Identity and context-driven security (User, Device, and Application)

Fundamentally, SASE is all about delivering rules/policy-based networking and security services while utilizing cloud-native attributes of agility, scalability and elasticity with a lower cost of ownership to support the digital transformation.

Gartner introduced SASE over a year ago and according the latest SASE forecast by 2024, more than 60% of SD-WAN customers will have implemented a SASE architecture, compared with about 35% in 2020.

Evolution:

For years, the industry has relied on a hardware-centric, trust-based model that has become increasingly inflexible and insecure. Early generation networking devices were dependent on custom-engineered hardware and ASICs to deliver the performance required by the individual features which created performance ceilings and shelf life for these devices. It also meant large CAPEX for new deployments and upgrades, leading to high switching costs for customers.

A software-defined and cloud-centric model that leverages expendable hardware appliances means innovation occurs at a much faster pace.

Customers now benefit from continuously improving products without large CAPEX expenses, while vendors now benefit from the speed of innovation.

The advent of SDN brought improvements to various networking technologies including WAN Optimizations, Bandwidth Aggregators, and next-generation SD-WAN. One of the key drivers of improving enterprise branch level connectivity has been SD-WAN, which is the cloud-driven enterprise network connectivity with improved management, automation, integration to provide network connectivity at the edge.

Networking products traditionally included a basic security feature set which was not adequate as network attacks, and attack vectors advanced at a much faster rate than defense vectors. Defense in depth or multi-layer security practices were implemented by the enterprises which often utilized state of the art security products like firewalls.

The protection vector improved over time but the attack vector expanded at a much faster rate.

With the emergence of Cloud Networking, SDN, and SaaS, the need for secure connectivity in the next generation microservices based architecture exploded. Next-generation SDN platforms in various form factors included built-in L7 security features which were inadequate for enterprise-grade security requirements. This led to SD-WAN vendors partnering with major security vendors to provide customers with breadth and depth of security features via service chaining, integration, or joint deployments. So even before the formal term SASE was formed, the industry was already on its way to merge the next-generation networking technologies and security to solve the customer use cases.

New Developments:

As businesses understood the need to be agile in today’s world, it led to the migration of on-prem workloads to the cloud or hybrid. It is not about SaaS, PaaS, and IaaS anymore, it is about everything as a Service.

Various networking and security elements being capable of consuming as a service helps businesses become agile and shorten the deployment times.

According to Forbes & IDC report, Cloud computing spending has been growing at 4.5 times the rate of IT spending since 2009 and is expected to grow at better than 6 times the rate of IT spending from 2015 through 2020.

Many companies are going through a digital transformation activity and certainly, the pandemic has accelerated many companies’ desire to move more towards the cloud or hybrid environment. In this Pandemic world with a remote workforce, secure access, faster & secure connectivity, application performance and the need to maximize bandwidth are of paramount importance for businesses to stay on the top. Enterprises are now relentlessly relying on network automation to achieve increased service velocity and revenue, dynamic services, simplify network lifecycle management, improve network security, reduce operational costs of the network.

Customers care about winning so they need to innovate, need to be fast, need to be agile, need to be cost-effective.

Customers want to securely access and use the applications, no matter where it is and where they are. From a business perspective, IT needs a platform-based approach that is simple, agile, and automated to manage users, devices, applications in one platform. This emphasizes the need to have a unified platform that can be consumed as a service for both business and customers.

With SASE, it’s a win for businesses and customers alike, as all organizational assets and resources like branch offices, edge compute locations, data centers, devices, users, and applications are supported with software-defined, secure, and cloud orchestrated network.

Trends:

Most of the networking solutions are trying to solve the same problem differently. SD-WAN’s goal is to create a common fabric across multiple transports and seamlessly tie it to existing on-premise infrastructure. Then came the SASE trend, where we are trying to bring security services together with the SD-WAN space. It is a very specific security solution set that is independently offered by security service providers. Customers can tie them on a one-off basis to the existing environment whether it’s cloud or on-prem.

It was not that long ago that a wide variety of security and networking technologies erupted in the market. Firewalls, anti-virus, IDS/IPS, web gateways and VPNs were offered by various vendors on dedicated appliances. From this chaos came the next-generation firewall (NGFW) that integrated these products into a single platform with a centralized management console.

Deployments and configurations have been easy for customers with the security features needed today and with an understanding that the platform would be able to quickly add additional features, as security needs and products grow.

SASE is an umbrella term that includes networking and security functionality mix which is being delivered as a Service. Today, the biggest challenge for all the cybersecurity companies is to justify that they support various SASE solutions set for the customers who are looking for the latest innovative security trends.

Customers do not necessarily require the entirety of components in the SASE solution set but a mix of technologies as per their network architecture and use cases.

This suggests the need for SASE as an umbrella solution where customers can pick and choose to deploy various networking & security technologies as needed.

There have been more than a dozen SASE announcements over the past 12 months by vendors trying to position themselves in this competitive market. It is getting confusing as vendors interpret SASE differently to fit their current solutions and strategies. Every security vendor is looking at unique ways to support SASE in their platform and some of them are even rushing to develop a SASE offering while most of the customers do not even understand or even need those components of the SASE solution set.

The breadth of services required to fulfill the diverse SASE use cases implies that very few vendors will be able to offer a complete solution in 2021, although many vendors already deliver a broad feature set. However, to bring SASE solution, faster to the market, this new wave of partnerships and consolidations will emerge as vendors struggle to invest as well as compete in this highly disruptive and rapidly evolving landscape.

Today, various security solutions are used in every consumer, enterprise, and service provider network. SASE is starting to experience a similar trajectory of adoption. Currently, adoption is strongest in the SMB space but many large companies are keeping an eye on the SASE trend. As product offerings from the security and networking vendors grow, enterprise adoption will also grow.

Predictions for Cloud Security:

As companies inevitably adopt the remote workforce trend, there is a shift in working with local data center-based applications towards cloud-based applications. The security perimeter is dissolving with Zero Trust designed around the concept that users on the local network (LAN) are now considered high risk as well. As this trend continues into 2021, below are few security predictions expected to impact enterprise networking as business needs and threats both continue to evolve:

  • Security Stack Migration to the Cloud- There is a consensus across the industry that the security perimeter needs to be defined around the user and data rather than work locations. This means delivering security directly from the cloud rather than backhauling user traffic to the data center to consume security services there.
  • Everything as a Service- Businesses are gravitating toward centralized management. The idea behind a comprehensive platform that enables service chaining of security functions eliminates complex integrations. In terms of network connectivity, this must include both network as a service and security as a service.
  • Zero-Trust- It makes more sense to look at security in terms of what users are doing and what information they are accessing, rather than solely in terms of where their device is connected. Zero-trust enables security admins to limit the attack surface, continuously verify that users and ensure they are only accessing the data they are supposed to.
  • User-centric Network Security- SASE technologies are a new option in network security that enables organizations to provide people-centric, manageable, scalable, and agile access to secure networks, services, and applications. With SASE-based networking, users are freed from the frustrations of traditional networking and security platforms.
  • Further convergence of Networking and Security- The network is now everywhere and it’s time to think of the enterprise network as virtual rather than physical and to ensure that the perimeter follows the user no matter where they are. Converging further network & security stack together will only help next-generation use cases like 5G, MEC, IoT, Edge computing.

ROI and Pricing Model:

Security products like NGFWs & SWGs, and connectivity platforms like SD-WAN have been generating solid ROIs when compared to the sum of costs of individual as well as integrated products. The pricing models have been a combination of upfront capital expenses and annual recurring subscriptions. With recurring subscriptions, ROI will be more difficult to achieve against legacy pricing models, however, businesses have been open to the benefits and value proposition of subscription/OPEX models.

The cloud-native approach to SASE presents a lower vendor switching cost to customers as well as an option to go for subscription or pay per usage-based.

Automated migration tools common in other PaaS/SaaS platforms will eventually come to SASE. Customers need to evaluate their networking and security requirements and then choose what services from the SASE umbrella fits their network architecture. Blindly adopting the SASE solution set without understanding the actual need could turn out to be exorbitant.

According to Gartner’s report, by 2025, 50% of enterprise workloads will be on IaaS/PaaS of a hyperscale provider either in public cloud, on-premises, or at the edge. In another Gartner’s report, by 2024, the majority of enterprises will continue to struggle with appropriately measuring cloud security risks.

discrimiNAT and SASE:

discrimiNAT firewall is a cloud-native solution to being unable to specify hostnames/FQDNs in Google Cloud Firewall Rules and AWS Security Groups for scalable egress filtering. The firewall’s custom Deep Packet Inspection engine works by monitoring and blocking traffic without decryption. It is transparent and fast and deployed inline as a high-availability NAT Instance on the egress of your VPC network. Some of the attributes of discrimiNAT include:

  • Simple configuration and deployment
  • Encryption standards and compliance
  • Integrated logging for audits
  • Policy enforcement
  • Cloud-native configuration and logging

discrimiNAT currently supports SASE use cases by providing secure access for AWS and GCP workloads, secure connectivity via TLS 1.2, TLS 1.3, SSH v2, secure egress filtering, fast and transparent firewall capabilities, data loss prevention, protection against RCE (remote code execution) vulnerabilities, the SSRF attack vector, monitoring and logging for audits.

Sase
Network Security
Cloud Security
Cybersecurity
Zero Trust

--

--

Rishabh Parmar
Rishabh Parmar

Written by Rishabh Parmar

2 Followers
2 Following

Product Management | Cloud | Connectivity | Cyber Security | Network Security | SaaS | SD-WAN | IoT | 5G |

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams