In 2019, the technology research and consulting group Gartner published their seminal report, The Future of Network Security Is in the Cloud. They described a preliminary form of an improved cloud-native solution based on improvements to the secure Internet gateway (SIG) concept devised in 2017. As the standard security protocols and services of SIG were enhanced and applied to achieve network functionality convergence, secure access edge service (SASE) was born.
The Impetus for Change
As more digital assets started moving to the cloud, methods of managing this profoundly new networking environment also needed to transition. At first, security for cloud storage providers was about the same as you'd expect from websites generally. This quickly changed when it became apparent that data of more importance was shifting to the cloud, which drew more attention to the need to protect decentralized business networks.
Why Was SASE Needed?
When data centers were the standard, security could operate on trust-based systems far more than is reasonable with cloud-based hosting. It's become necessary to transition to trustless security methods to maintain robust security controls with digital assets outside central data center locations. Using traditional perimeter security appliances to protect a cloud network's environment is impossible because there is no such perimeter to defend.
The same dynamic was taking place at the user end, as policies built around only managed devices gave way to multi-device logins as employees were driven to access information with any number of devices, especially in organizations with BYOD strategies. As a result of changing security and access needs, traditional IT organizations could not leverage the same control over their network as they used to — at least, not in the same way.
Bridging Methods
At one point, many network designers built models that backhauled all data requests to their trusted entity to apply security policies. More plainly stated, they routed all connections between the cloud and the users back through the central data center where security policies were applied. They still had complete control over their network and did not need to develop wide-scale trustless network architecture.
However, as cloud solutions took off, central data centers (and trust-based data-sharing models) are becoming more of an exception than the rule. This drove network technicians to develop a proper ZTNA (Zero Trust Network Architecture) that changed how every user would connect and how an organization would handle those off-premise connections.
A New, Decentralized Model
The basis of the Zero-Trust framework is to provide every authorized user with a security profile that identifies and authenticates the user while accessing each individual resource — not just sign-ins — to the cloud's access edge.
The result is secure and reliable access to the business's proprietary data and apps from any device the user logs into with their security profile. When a connection request is made, the Zero-Trust architecture analyzes the security profile to determine what level of access the user has been granted. This is how customized SASE solutions make it possible to control not just whether or not a user has access but what level of access they have to the requested data.
With SASE, the network manager can easily set each user's level of access. They can grant or revoke access privileges and categorize digital resources and assets according to access tiers and other custom parameters. A lot more goes on to block unauthorized requests to cloud network access reliably. Still, these general principles have made SASE an extremely popular, reliable, and adaptable solution in recent years.
Continually Advancing Features
This begs the question of which cybersecurity methods SASE relies upon to restrict unauthorized access. As mentioned before, SASE relies on many of the same security protocols of an early cloud-native solution, SIG, including:
- Domain Name System (DNS) security
- Secure Web Gateway (SWG)
- Firewall as a Service (FwaaS)
These protocols are robust and cost-effective, mirroring the trend of IT technicians adopting pay-as-you-go cloud network services.
This is extremely important, as a significant driving factor in the transition to cloud computing is affordability, giving SMBs a chance to compete with companies that used to maintain certain advantages inherent to hosting large physical server farms. Now that cloud-native security services have also achieved greater affordability, cloud network solutions, in general, have become a much more complete package.
Fully Adaptable
SASE also provides greater flexibility. Managing risks no longer has to be done in a one-size-fits-all way — in fact, it must be multi-faceted to adapt to continually changing security issues.
The architecture of SASE intrinsically takes into account the nature of each connection, user, device, and location as well as its inherent risks. That goes all the more for frequently changing devices and networks, where busy professionals on the move may need to access their company's data from multiple different networks at different locations on any given day.
Because SASE has built-in security, it does not need to identify each new request as a threat sufficient to block total access to a network. At the same time, however, it can determine how risky those requests are and modify system access accordingly. For example, some information may be so sensitive that it isn't provided over large public networks, even if the user has authorization.
Instead, SASE can categorize requests according to the level of risk of the device, user, and even location from which a user requests access. Then, it can automatically adjust access levels to secure sensitive data based on these factors. In such cases, organizations should coach employees on the most secure log-in and network practices — particularly, which types of data are best suited for private or public networks, and which additional security requirements are expected of them.
Cloud-Based Security Evolved
In the end, organizations can't afford weak security at any cost, and changing security threats cannot be allowed to dictate the speed of their business. That's why they need a fully customizable infrastructure and technology stack with true set-it-and-forget-it IT solutions and white glove customer service.
For integrated software support and services from a single source, including the latest advances in SASE Zero Trust network security, get started with BCM One today. For over 30 years, we've provided secure, compliant, and cost-effective bundled services for mid-sized businesses at the forefront of advanced IT solutions. With BCM One's fully custom SASE configurations, you can stay at the leading edge in a quickly changing digital business environment.
