Another day, another security acronym splashed across vendor marketing brochures. In present times, the most popular term you’ve probably come across is SASE, which is enjoyably pronounced like ‘sassy’.
SASE stands for secure access service edge. While the term is everywhere at the moment, if you’re an MSSP looking to bolster your security offering to clients, we strongly advise being cautious of SASE.
You’ve probably wondered if SASE is just marketing hype. In truth, it is. Below, we’ll explore how SASE works, why you should be cautious of investing and what to implement instead.
What is SASE?
To define SASE, it helps to first look at why the need for SASE has arisen. It’s well-known today that we are in the age of hybrid, remote, cloud-based work.
This new world of work has brought about new challenges. Specifically, many remote workers suffer from latency issues and poor connectivity while, at the enterprise levels, companies are increasingly concerned about data privacy and compliance.
As Gartner puts it in a slightly more fancy way: “Complexity, latency and the need to decrypt and inspect encrypted traffic will increase demand for consolidation of networking and security-as-a-service capabilities into a cloud-delivered secure access service edge (SASE, pronounced “sassy”).”
In essence, then, SASE is not a new technology, but an integration of already existing tools into one streamlined, cloud-delivered security service that protects data at the edge, while delivering high-speed functionality that improves the end user experience.
What are the components of SASE?
Here’s a more in-depth look at the components of a solid SASE solution:
- SD-WAN: SASE relies on SD-WAN to deliver network functionality that reaches users and applications at the edge.
- FWaaS: SASE uses FWaaS to put the traditional firewall in the cloud. FwaaS scales elastically to the needs of the enterprise, meaning security policies can be enforced across the entire network, wherever employees are working from.
- Zero-trust Network Access: As explored in our recent blog, Zero Trust is less a security technology and more a principle. It’s the notion of “trust no-one” and verify everyone. Next-generation data loss prevention solutions (DLP) have zero-trust principles built into their models. They utilize dynamic verification capabilities to let users access, upload or download sensitive company data.
- A Secure Web Gateway (SWG): SASE utilizes SWG to mitigate malicious internet traffic and enforce security usage policies for accessing the web.
- A CASB: With a CASB, SASE helps organizations to secure data in their cloud-based applications and eliminate shadow IT usage.
What problems does SASE address?
SASE promises to be the security and connectivity solution for the new world of work. Right now, many companies are in a weird limbo between networking technologies and next-generation cloud services. As a result, they’re suffering from high costs, complexity and a fragmented technology ecosystem that faces interoperability issues.
SASE basically aims to solve all of these problems by bringing the user closer to security and improving network speed. The result is low latency, a great user experience and unparalleled security.
It sounds a bit too good to be true right? That’s because it is!
What holds back SASE adoption?
While SASE may be the future of corporate security, the solution is still in its nascent stages. Before investing in any one vendor, MSSPs need to be aware of the following obstacles:
Complexity: Networking and Security are two separate disciplines with strong interconnections. With SASE, these two disciplines combine into a new speciality altogether. MSSPs will need to have a firm understanding of both disciplines, and how they interact within SASE, for a successful deployment.
PoPs: The edge of SASE relies on the set of cloud gateways ( known as POPs) they leverage. A successful solution will need to utilize POPs at scale to provide full coverage and high-speed performance. For smaller enterprise customers, generating a system like this will likely be too expensive.
Integration: A successful SASE deployment is a complete movement away from traditional network security. It will be a huge challenge for MSSPs to overhaul customer legacy systems and roll out SASE instead. Poor deployment could undermine the whole solution.
Hype!: From looking at vendor solutions, there’s widespread opinion that no one company has really got SASE down yet. They might say they do, in the hope that they can win new customers and prospects – but the delivery won’t live up to you – or your customers’ – expectations.
What should MSSPs choose instead of SASE?
MSSPs are in more demand than ever. In particular, companies are looking to these providers to help them manage cloud and SaaS security, which are fast becoming cybersecurity and data privacy headaches.
While SASE isn’t a sensible option for now, it does offer some core principles that you can apply to your clients’ cloud infrastructure. Namely, we advise that you focus on delivering agile, cloud-based, data-centric security.
This is where our solution comes in. Polymer’s DEP engine uses APIs to secure cloud apps accessed by unmanaged devices and endpoints, offering comprehensive and borderless protection, reaching beyond the firewall to secure, check, and analyze any incoming traffic to your cloud applications.
As more organizations rely on applications like Slack, Teams and Google Workspace, working with a cloud-based DEP vendor is one of the smartest moves MSPs and MSSPs can take to secure enterprise data in the cloud.
Our solution helps you to secure data as it travels in and out of collaboration tools and cloud applications. Benefits include…
- Visibility: Achieve granular visibility into cloud application usage, including which employees are using cloud services, how they are accessing them and what information they are trying to upload, download and store in the cloud.
- Compliance: You need to know where client data is to secure it. With Polymer, you can see precisely where information is, where it’s been and where employees are trying to move it too. Not just that, though, you can actually control the flow of data. Using predefined policies, you can ensure that no data in the cloud is moved, edited or deleted without the IT team’s approval.
- Data Security: Enforce policies like encryption, redaction and authentication to ensure that data is only accessed legitimately. The best in breed of these solutions also embed employee training into the daily workflow, nudging users to make security-conscious choices and protect data as they work.
- Threat protection: With access and authentication controls in place, our framework helps you manage cyber risks and subvert malicious actors trying to get their hands on client data.