DRIVING DIGITAL VIGILANCE
Secure Access Service Edge (SASE)
For a long time, the “edge” of the corporate network was a PC that connected directly to a port in an office. As laptops overtook desktops, staff had increased mobility and started working from cafés near a client office, on trains or in airports while waiting for a flight. 2020 saw a huge segment of the workforce having to operate from home.
Essentially, wherever the nearest point of Internet connectivity for the user was became the new corporate network “edge”. However, this situation provided none of the cyber security an office could offer, none of the network control, and no visibility at all into which applications or cloud services were being used.
The result?
A significant lack of control and visibility into user activity and protection. Companies tried to mitigate the situation by deploying small “take home” firewalls or bolstering VPN connectivity back into the office, but these became too expensive or incredibly time consuming to manage and a single point of failure.
SASE (Secure Access Service Edge) is a software solution that securely connects a mobile device to a cloud-based private network, authenticates the user, and dictates specifically which application services they can use.
All firewalling and intrusion detection capabilities are managed in the SASE cloud network, so there is no need to enhance those devices at physical locations. The solution provides full control, visibility and protection of user application access, regardless of where they are connecting from.
SASE Benefits
- Full application access control for users, supporting Zero Trust Networking
- Efficient cloud-scale cyber protection
- Central visibility and control of application access (cloud-based, or on-premise)
- Agile configuration, flexible & scalable
- Cost reduction in physical firewall and bandwidth capacity requirements
- More efficient use of bandwidth where users do not have to route through your datacentres to be able to reach SAAS services
Have you had to begin supporting a remote workforce because of Covid? Do you have to regularly manage access to corporate and SAAS applications for contractors? Have you struggled to implement the extra communications infrastructure required to meet capacity? Are you spending a disproportionate amount of time managing remote user connectivity and changes? Then, yes, SASE solutions could transform your business.
A SASE solution helps you manage user to application connectivity in a secure, agile way so the “business intent” of, for example, allowing a finance department member access to finance applications is configured by username and app name, not by low-level IP addresses, so you can keep up with the rate of change demanded by the business.
SASE also helps you keep on top of compliance by enforcing application access standards and providing easy auditability as evidence. Start your journey to zero-trust network with a SASE consultation.
A a single network that connects and secures any enterprise resource – physical, cloud, and mobile – anywhere and has the four main characteristics
- Identity-driven. User and resource identity, not simply an IP address, determine the networking experience and level of access rights. Quality of service, route selection, applying risk-driven security controls — all are driven by the identity associated with every network connection. This approach reduces operational overhead by letting companies develop one set of networking and security policies for users regardless of device or location.
- Cloud-native Architecture. The SASE architecture leverages key cloud capabilities including elasticity, adaptability, self-healing, and self-maintenance to provide a platform that amortizes costs across customers for maximum efficiencies, easily adapts to emerging business requirements, and be available anywhere.
- Supports All Edges. SASE creates one network for all company resources — datacenters, branch offices, cloud resources, and mobile users. For example, SD-WAN appliances support physical edges while mobile clients and clientless browser access connect users on the go.
- Globally Distributed. To ensure the full networking and security capabilities are available everywhere and deliver the best possible experience to all edges, the SASE cloud must be globally distributed and deliver a low latency experience.
SASE extends your corporate network to the cloud, so as far as any user is concerned, the access “edge” now becomes any Internet gateway.
Ordinarily, a SASE agent would be installed on an end user’s laptop which, upon connection with the internet, immediately establishes a secure link to a corporate cloud hub. The hub will then authenticate the user either directly or via identity sources such as Active Directory or Okta.
Centrally-controlled policies then map the user ID to the allowed applications (SAAS or on-premise) and only let through requests for authorised services. This approach leads towards the ability to implement Zero Trust Networking which is a key Cyber Security initiative.
Depending on the vendor, additional features can be optionally added to the SASE cloud hub such as in-cloud next generation firewalling and intrusion protection, end-user experience monitoring, and patch management.
Prisma Access Architecture
| Feature | SASE | SD-WAN |
|---|---|---|
| Deployment | Software, on end device | Hardware (typically), in office |
| Control | Central, cloud-control & visibility | Central, cloud-control & visibility |
| Configuration | Map by username, application name | Map by username, application name, site name |
| Time to deploy | Fast – SAAS cloud instance created, agents deployed to end devices | Medium – connect to network links, add extra link for resiliency (if needed), configure existing network to use SD-WAN device (if required) |
| Protection | Secure connection to hub, then cloud-scale next generation firewalling & intrusion protection at that point | Traditional VPN access for end users. Some solutions have next-generation firewall capability, security features as an add-on. |
| Best for: | Managing a dispersed workforce. Securing remote users working on open public Wi-Fi. | Managing site to site and site to cloud platform connectivity. Locations where a physical presence is required (e.g. manufacturing, retail stores) |
| Remote Access | Built in | Add on service |
SASE provides centralised management of your distributed workforce, giving you the confidence that they are connecting securely to the applications they are authorised for, wherever they are and however they are reaching the Internet.
Self service.
We can help you deploy a cloud-based SAAS solution to administer, configure, and manage your SASE environment, user authentication and application access mapping. In addition to the core SASE deployment, we will help with the general deployment (cloud and agent), and configure the solution to provide a foundation solution that meets your business needs.
- Protect your remote workforce, wherever they are and however they connect
- Protect your users with cloud-based firewall and protection capabilities – no need to deploy security devices to their homes
- Faster configuration changes – define access policies by user and app name
- Gain visibility into the application usage of your users
Managed service.
As a vendor-backed SASE provider, our specialist team can help you design and efficiently deploy a managed SASE solution for your company. Following deployment, they will then manage and monitor everything for you. This allows you to free up your own IT team to focus on your business goals, safe in the knowledge that your new cost-effective, highly available, secure, performant & resilient use access.
- Initial solution implementation, including assistance with set-up of the SASE cloud hub, agent deployment, user authentication interfaces, security options and user to application mapping
- Proactive monitoring and maintenance of the solution
- Changes to user access and application mapping
- Defining new application entries for on-premise or cloud platform-hosted services
- Ongoing advice, optimisation and maintenance of the solution for undisturbed business
Speak with one of the team.
We can help you deploy a public cloud-based service to monitor your end-user digital experience. In addition to out-of-the-box applications, we can customise the solution to track specific application transactions for a more granular measure of critical staff activities.
If you’d like to book a free consultation with one of our team, fill out a form or call us.
We’re ready to speak with you.
Looking for more information? Download our information sheet.