When it comes to implementing digitalisation projects, the benefits of secure access service edge (SASE) frameworks are clear. SASE is a strategic method used to redesign and realign IT infrastructures. With SASE, applications, networks, and security aspects are all equally considered. By looking at the bigger picture from the start, companies can avoid having to adjust their plans in the middle of a project. Considering bandwidth, security for cloud access, and multiprotocol label switching (MPLS) costs at the beginning, can help prevent frustration. Despite this, many organisations continue to struggle with highly integrative projects which require them to rethink and revolutionise their established IT environments.
One of the key issues for this is a lack of knowledge and in-house experts, but companies sometimes also find it difficult to break away from traditional infrastructures. When introducing any new technology, the SASE framework is set to fundamentally change established processes and create some initial resistance. If the existing systems are becoming increasingly difficult to work with, it is much easier to get things moving.
Disrupting traditional procedures
There is constant “firefighting” involved in a work-from-anywhere approach or sprawling multi-cloud environment. The daily struggle to cut back the never-ending flow of administrative tasks, deal with user complaints about system performance, close gaps in security, and stop costs from spiraling out of control can wear decision-makers down and ultimately cause them to start rethinking their strategy. A SASE project could be the solution to all of these problems, as these projects are designed specifically to provide secure, high-performance access to applications from any location, no matter where they are hosted. Decision makers will often already have considered these issues to some extent but will only have looked at each point in isolation, rather than taking the holistic, highly integrated view that the SASE framework suggests.
SASE is a whole new way of thinking about how network architecture, connectivity, and security interact. Some aspects of SASE are already very well-known. For example, firewalls are always associated with the creation of rules, and virtual private network (VPN) systems always require companies to decide exactly who gets remote access. Pre-SASE, these easily overlooked constructs could all be tackled as individual, unrelated decisions. However, cloud technology has disrupted these traditional, controlled perimeters, leading to a whole new set of requirements. The result is a diverse landscape of divergent technologies that need to work together seamlessly, despite their differences.
A new way of thinking
To adopt the SASE approach, siloed thinking needs to be eradicated, which is why there is some reluctance to dive into the change process. Cross-departmental collaboration is essential in getting the ball rolling, but sometimes that prevents companies from making a start. The goal is not to just “lift and shift” applications from data centres to new, cloud-based environments, but to get the specialist departments, network architects, and IT security team sitting together at one table to build a holistic solution. But who should take the initiative and make the first approach to the other departments to take some of the fear out of the concept?
SASE brings connectivity and security together. Previously, the missing link in the chain was an overarching control mechanism to ensure employees were connected to the right applications. This is where the principle of least privilege comes in. Zero trust network access provides a mechanism that is essential to the application of the SASE framework. This mechanism continuously verifies that the user is accessing the correct application. It also provides additional security for companies through granular micro-segmentation, whereby users can only access applications they are authorised to use, rather than the entire network, which has significantly reduced any attack vulnerabilities.
Compared to traditional network segmentation, this approach also lightens the administrative workload, freeing up the capacity for the IT department to tackle new projects. Although automation can be incredibly helpful, switching to a Zero trust approach does take some work. Companies must decide who can access which applications and have an idea of what applications are needed in their network or cloud environments.
It is essential for organisations to find the starting point they need for a SASE project in their response to the pandemic. In recent months, the shift to home working and remote access has given companies an opportunity to see which applications their employees really need, and which are clogging up the network and not being used. With this data in hand, they can start to work out who needs access to which applications. Once the first step towards SASE implementation is taken, teams can work together much more easily for the remainder of their collaborative journey.
