Are you SASE-ready?

March 19, 2021

6 min read

Article content

The concept of ‘flexible working’ has undergone a fundamental transformation over the past year. Until recently, flexible work described the ability to hot desk, or to create more dynamic teams based on selected skills rather than official job titles. Ultimately though, it required employees to work predominantly within corporate office environments.

Fast forward to 2021 and we now have working arrangements that are far more deserving of the title ‘flexible’. While the COVID-19 pandemic accelerated requirements for a truly remote and distributed workforce, these changes will leave a lasting legacy, as employees will be encouraged to persist with a hybrid mix of in-office and remote working styles going forward.

This hasn’t been an easy transition for a lot of businesses, and those that hadn’t implemented the right strategies to work from home were most impacted by this new way of working.  Business architecture must focus on agility and mobility as these are fast becoming sink-or-swim factors in a post-pandemic sphere.

Employees and devices are no longer safeguarded by the four walls of the office, which can have a significant impact if a business is not operating in the cloud. As the edge of the network becomes more distributed, organisations must look at security in a different capacity.

SASE architecture has risen to the fore as a remedy for this situation, with an explosion of deployments over the past 12 months.

What is SASE?

SASE is short for Secure Access Service Edge and has been positioned as the next evolution of network architecture. It combines an organisation’s network and security functionalities by design, delivering networking as a cloud service that operates closer to users and devices.

According to Gartner, the originators of the term, “SASE combines network security functions, with WAN capabilities to support the dynamic secure access needs of organisations.” Rather than one specific toolset, SASE describes a new package of technologies made up of a few key elements:

  • Cloud-native architecture – SASE capabilities are primarily delivered as a service (such as Firewall-as-a-Service), shifting focus away from the network infrastructure and towards connecting users and devices via the cloud.
  • Global SD-WAN – SASE employs and builds on SD-WAN architectures, bringing together SD-WAN’s core benefits with increased security.
  • Identity driven – zero-trust design is a core element of SASE, reducing the attack surface by prioritising identity-based access to applications, rather than privileged-based access to network segments. This allows employees to work from any location in a highly-secured way, as all users and devices require authentication and are only granted access to specific applications after being authorised.  
  • Distributed Inspection and Policy Enforcement – Security at scale, SASE unifies traditionally disparate security technologies, providing a highly scalable capability to observe, define and enforce critical controls across the cloud, network, data and endpoint. This delivers a seamless and consistent approach to your entire digital footprint. SASE also involves the deployment of a tool or service - such as a Cloud Access Security Broker (CASB) – to monitor all traffic and ensure compliance with an organisation’s security policies.

Preparing for SASE

Implementing SASE is not as simple as installing a new product or flicking on the switch of an off-the-shelf offering. SASE is a concept that requires a multi-step implementation process, this includes reviewing network infrastructure, implementing cloud services and updating applications. To make the most of it, organisations require a modern IT infrastructure stack with key elements set in place. These are:

Modernised cloud-based application stack

Organisations will need to rethink any on-premise, legacy or monolithic applications — these aren’t going to be compatible with SASE architecture. As a best-practice, businesses should be moving towards a fully cloud-native, microservices-based application environment to ensure the highest degree of agility.

Adopting zero-trust away from a traditional VPN

As mentioned previously, zero-trust is more of an ideology than just a toolset, although it will require the adoption of Zero Trust Network Access (ZTNA). While VPNs were fit for purpose before fully hybrid ways of working came to the fore, they can no longer carry the load of a fully distributed network.

ZTNA encompasses a variety of technologies that deliver enterprise network and security services over the cloud, making user identity the focus of access control.

Move towards an SD-WAN based network

Traditional MPLS-driven networks aren’t cut out for the needs of a modern enterprise in 2021 and beyond.  SD-WAN allows organisations to leverage a variety of private and public infrastructure to service a far higher number of employees from more remote locations.

Global edge network

To account for an increasingly distributed workforce, organisations will need a high-performance, high-capacity edge network. This will bring processing power closer to the source of the data (speeding up latency) and provide support for ‘cloud heavy’ communications.

Finding the right partners

Deploying and maintaining SASE architecture requires a level of technical networking and security expertise that most organisations are unlikely to be able to achieve themselves. The ideal SASE partner is vendor agnostic, understands what your business is looking to accomplish, how it operates and will recommend products that suit your business needs.

Some of the key things to consider when looking for a SASE deployment partner include:

  • A proven track record in security – your partner must have demonstrable security expertise, with a deep, nuanced understanding of the security landscape. They must also have a long-standing view on securing staff from any location.
  • A cloud-first perspective – SASE is primarily delivered via the cloud, partners must have expertise driving transitions to cloud-native environments. This includes using public and private clouds to build architectures to suit specific needs and connect all elements together.
  • A solid networking foundation – network performance underpins the end user experience and can have a significant impact on business outcomes. Network partners must provide global reach with high-speed infrastructure in order to bring SASE together as a holistic solution.
  • End-to-end visibility – organisations need to have visibility over all aspects of their SASE architecture and enterprise applications, while being able to advise changes as requirements shift. Partners can help organisations take stock of all assets, work teams, digital services, workloads, processes, network traffic flows and critical dependencies. They can also help deploy tools that automate the discovery process and create real-time visibility over these components.

Telstra can help you achieve your SASE environment, bringing together disparate elements to meet the needs of the global enterprise. We offer best-of-breed networking infrastructure and a team of dedicated network and security experts that can design unique architectures for the specific needs of any business.

Interested in finding out more about how Telstra can help you design your next-generation SASE architecture? Speak to one of our experts now via the contact us link.

SASE is just one step in any organisations Digital Transformation journey. Discover Telstra’s latest research on the APAC Digital Transformation Vision.