Why Your Digital Enterprise Needs to Rethink Networking and Network Security
Myo Zarny | March 31, 2020
Myo is a Senior Director, Product Management for SD-WAN and Cloud Security at Open Systems
The world of digital business is changing. And changing fast.
The traditional hub-and-spoke enterprise data center — designed to connect each user location to apps and data stored in the enterprise data center — no longer reflects the reality of digital business today. Users are working on the road or remotely, and often are no longer tied to devices assigned by IT. Apps and databases are increasingly leaving the data center, too, as more are stored in and accessed from hybrid and multi-cloud environments.
In this new untethered IT landscape, apps and data can be stored in a variety of places, while users may be located anywhere in the world. The increasing availability of 5G is accelerating this trend, while the rise of IoT is further complicating matters.
The Move to SASE
Secure Access Service Edge (SASE, pronounced “sassy”) is a new approach to network security based on the movement of digital business away from the enterprise data center. Instead of setting policies and controlling access from the center, SASE combines networking and security services, and moves these functions out to the edge, wherever users and devices are.
Think of SASE as a worldwide fabric, providing cloud-delivered, policy-based security capabilities on demand, and session by session as required by enterprise security policy. This new approach to network security offers a number of benefits, including:
- One-source simplicity. SASE integrates cloud-based network and network security services. This convergence enables security teams to tailor every single network session according to the entity identity and context, not just the IP address or physical location of the device. The user, device, risk/trust assessment of the device, branch office, time of day, geo-location of the user, sensitivity of the data, and/or application are all taken into account.
- Enhanced security. Identity-based network access makes it possible for businesses to apply security policies seamlessly and consistently across all users, devices, and sessions, with end-to-end encryption of the entire session if deemed necessary. Inspection can be applied across all connections for sensitive data, malware, and other red flags. Your organization can also make these security policies available to partners and contractors, further reducing risk and security gaps.
- Improved performance and ease of use. With SASE, latency is greatly reduced because traffic no longer goes through the enterprise data center, but instead directly to the cloud network, which provides the security controls. Policy-based decisions that take into account users’ intent can ensure consistent routing optimization to reduce latency. This is especially important for applications such as video, collaboration, VoIP, and web conferencing.
In addition, users can count on consistent access anywhere. And because access is based on identity, SASE avoids conflicting policies that might interfere with the desired access.
- Cost-effective and flexible for the future. By combining network and network security services, SASE enables businesses to consolidate vendors and reduce expenditures, as well as reduce the complexity (and cost) of access security services.
Cloud-based SASE also makes it easy to keep access policies updated as new threats and risks arise — no need to invest in additional or upgraded hardware or software. In addition, as your business grows and evolves, SASE will allow for fast, agile adoption of new capabilities.
Leveraging the Best Expertise
By combining network and network security services, SASE enables businesses to leave service management and delivery up to their vendor. This lets the businesses’ network security staff focus on evaluating and developing access requirements and applying these to SASE policy and specifications.
Count on a Trusted Partner
Open Systems has a track record of more than 20 years in networking — including SD-WAN (software-designed wide area network) that goes beyond the standard provisioning. We focus on simplicity, security, and performance. And we can help you work toward the shift to SASE, beginning with SD-WAN for an organic building out to SASE.
See how Open Systems can help you make the move to SASE. Contact us today.