How SASE is transforming enterprise network security [Q&A]
Securing enterprise networks used to be a matter of simply defending the perimeter, but in the new normal world of much higher levels of remote access, things have become more complicated.
One of the technologies being used increasingly by businesses is Secure Access Service Edge (SASE). We spoke to Mike Wood, chief marketing officer of Versa Networks, to discover more about SASE and what it can deliver.
BN: What is SASE and why is it important?
MW: My perspective on SASE is that there's nothing new in the technology. What is new is a composite of factors and one of those is the idea of integration. This is something that occurs in every technology industry and market, over time you begin to integrate more and more capabilities. That's happened with smartphones, it's happened with routers and networking devices. With SASE the conversation really begins in the cloud, with networking in the cloud and network security in the cloud. In the past, a lot of these services have been delivered as disparate capabilities. My view on SASE is that this is really all about integrating and bringing these things together in one single solution.
The second factor is this idea of being able to run services in the cloud, but also to be able to run them on premises. So if you think of a bank, it may have very large locations which maybe have wealth management, maybe they have mortgage services, maybe they have brokerage services and certainly financial banking and retail banking services. And at those very large locations they may want to have more services on premises, that includes networking and security and analytics and SD LAN services. In smaller locations they want to be able to run more services in the cloud, so maybe 90 percent of the services in the cloud and 10 percent are on premises. A business such as this may want to may decide to run services, either in the cloud or on premises and needs to have the flexibility to do that.
This whole SASE idea means that I can literally run the same policies -- networking policies, security policies, business policies and access policies -- whether my services are being run on premises or whether they're being run in the cloud and these policies absolutely must be consistent across all platforms. Our customers have the ability to turn these services on in either location, or they can actually overlap and run services both in the cloud and on premises. For example a firewall, it might be a full set of firewall rules and policies you want to have running in the cloud, but another set of policies -- and maybe some of them overlap -- that you want to run on premises.
BN: Recent months have seen a big shift towards remote working due to COVID, how can SASE help businesses facilitate that?
MW: One of the services that Versa offers as part of the SASE solution is secure access and the way that this works is, I'll have the network and all the network security services delivered through cloud gateways distributed around the globe. Employees of a business run a client on their laptops, or their smartphones, or their tablets. Those clients can run on any device and that's very important because often times our phones, or our laptops, might be BYOD or might be corporate issues, so I need to have the flexibility to run those on that service. As an employee what I do is a literally just download a client, from an app store and that application then begins and instantiates, my application segmentation, my security, and my software-defined networking services. You can improve the performance of particular applications that are important to an individual user because of who they are. So the CEO for example may want all of his Zoom calls to be top priority. SASE is used to deliver literally instant, secure, high performance and segmented access, based on identity, to every single employee within a company.
BN: How does this also tie in with the greater interest that we're seeing in many places now for zero trust?
MW: When I enter into the system I authenticate on my device, laptop or smartphone and I'm immediately identified as this individual 'Mike' I have access to this set of applications so this is the priority that I'm going to be given for those particular applications. Now that trust has been established by my identity this model integrates with existing enterprise identity systems that are already in place. But what's important is that my trustworthiness and my credibility may change over time. Maybe I log in today and everything's great I've got access to all these applications, but the next day I happen to be in another country, the solution will note that and still give me access to all the applications, but maybe at reduced priority.
But now I’m actually attempting to access an application which I normally don't attempt to access. Maybe I’m looking to download the company's directory and that's kind of odd because I’m not in HR and normally don't do it. So the zero trust network access will identify that this particular set of actions looks suspicious and may at that point, require me to re-authenticate or may even say I need to reset my password or use a two factor authentication model.
BN: Can SASE benefit all kinds of organizations?
MW: Yes, though it's especially applicable to a business that has a multitude of environments. As we've already seen a bank for example that may have different profiles for the branches, for contact center services and for head office, but also may differentiate between smaller and larger branches.
It also applies to those with an SaaS model delivering software from the cloud. It gives you flexibility when it comes to having people working from remotely, because you have the SASE client on your device so you're protected wherever you are, whether it's in the office, at home or in a hotel, since the policies follow you as an individual.