As we distribute applications in the cloud, there’s one critical function that’s remained centralized: security. The standard approach to security continues to ship traffic to a centralized point in the data center for inspection before passing it along to its intended destination.
The problem with this approach is that it can be costly, requiring dedicated circuits, and is inefficient, introducing latency. Worse, it makes end-users inefficient. The latency can be perceptible to users, they may need multiple agents installed on their devices, and access to services may be limited depending on how users connect to corporate resources.
These problems can be avoided by implementing a secure access service edge (SASE), which flips the traditional approach to security. Instead of bringing traffic to the data center for security checks, security is brought to the edge where the traffic and its users are located. This provides a better user experience while still ensuring resources are protected.
SASE Leverages Existing Technologies More Effectively
SASE isn’t a new technology. Instead, SASE is a new approach to utilizing existing technologies to deliver more effective security. SASE combines wide area networks (WAN), computer access security brokers (CASB), firewall as a service (FWaaS), and the Zero Trust security framework to create a service-based security solution. Since it’s provided as a service, using SASE eliminates the complexity of managing multiple individual products. In addition, SASE allows security checks to be performed in the cloud, where the data resides, rather than imposing an intermediate security check in the data center.
The combination of technologies works as follows:
By using a software-defined wide area network, branch offices and other edge locations connect via cloud rather than physical hubs. Traffic to the SASE is routed through a virtual private network and then to the cloud. Zero Trust Network Access ensures that the Zero Trust requirement that any individual or system accessing data are validated no matter their source and without redirecting them to a gateway. With Firewall as a Service, next generation firewall features are provided without any physical hardware at remote locations. CASB controls on user access to data are integrated into SASE. Management of all the services is provided through a single interface.
Benefits of SASE Go Beyond Security
The chief benefit of SASE, of course, is that it provides a consistent and comprehensive security mechanism across all locations and all access types.
There can be significant cost savings, due to the cloud-based nature of SASE and the elimination of multiple products, licenses, and maintenance costs. Other cost savings result from the simpler management, which reduces the load on staff.
Application performance and the end user experience are improved as the latency introduced by data-centric security measures is eliminated. Users are spared the confusion of needing multiple agents installed on their devices and have the same experience no matter where they are when they attempt to access data.
With security products from Palo Alto Networks, VAST IT Services delivers secure environments for critical cloud services. Contact us to talk about why SASE may be the right security solution for your business.