Table of Contents
“It’s where this world is headed and, frankly, if you just step back and think about security as an industry it is incredibly complex, overly so. This is why so many are being constantly challenged, because they have to focus on two separate disciplines, which I believe is fundamentally the wrong approach. Divorcing the two is foolish. By combining them you end up with efficiencies, operational agility, and give your network and security teams time back in their day to focus their energies on other business critical tasks.” – Mike Spanbauer, Juniper Networks
Just as technology decision-makers have started to wrap their heads around the idea of a Software-Defined Wide Area Network (SD-WAN), a new reality has emerged. While SD-WANs go a long way towards keeping pace with the evolving requirements of today’s digital-first enterprises, they also drive an emerging requirement to combine networking and security.
This basic concept applies equally to the networks that tie our offices to our data centers, to our multiple clouds, and to our remote users and devices. In today’s cloud-based environments, you have very little control: every part of your network – the laptops your team uses, the Wi-Fi they use to connect, the applications they connect to – is outside your jurisdiction.
How, in this situation, do you keep all such elements “safe” and secure? The old, zone-based, inside/trusted versus outside/untrusted perimeter firewall paradigm no longer applies. This creates numerous challenges: the architecture of IT has shifted underneath us all, driving a fundamental change in the way we approach security and act to secure our distributed resources and users.
Increasingly, organizations are looking to deploy a Secure Access Service Edge (SASE) architecture as the solution to this challenge. This architecture combines multiple features to reduce complexity and security-related risk, helping organizations prepare for the security challenges of the next 20 years. While the principles behind SASE are sound, it is not a “one size fits all” solution: each deployment is unique and needs to be considered in a way that addresses the needs and practices of the organization concerned.
In this paper we consider what SASE is, how to deploy it, and what lessons can be learned from those already on the journey to better security in a digital-first world, across tools and processes, not least in importance: partnering with the right vendor.