The Days of the “Security Stack” are Over, Long Live SASE

Words are sticky and persistent. We’ve seen brand names, such as Kleenex or Post-it, become synonymous with their marquee products. This same phenomenon is why we continue to refer to movies as “films” even though they’re produced digitally. 

Today, we’re seeing this at play with the words we use to describe our IT and security systems. Specifically, in our obsession with the word “stack,” which once described how pieces of on-premises hardware were physically stacked on top of one another. With recent research predicting as much as 80 percent of enterprise workloads will be in the cloud by 2025, the days of physical stacks and racks are over. It’s time to start speaking in new terms.

Enter, the secure access service edge, better known as SASE. This evolved concept of cloud security architecture was coined by Gartner in a 2019 report, which outlined a convergence of multiple security functions to offer identity-based secure access. As such, it is the new concept that everyone in the industry is striving to integrate.

To best understand SASE, you need to be aware of the elements that are transforming to make it a reality, which I have broken down into five key criteria:

1. Distributed – When the concept of the “security stack” was initially defined, all of an organization’s IT investments resided within its own walls (or perimeter). That could not be further from the truth today. The explosion of mobile devices has only been compounded by the rise of cloud computing, meaning the stack has become less centralized. This dissolving of the perimeter opens up the potential for SASE solutions, which expand beyond the confines of the traditional data center and allow you to move your security into the cloud.

2. Cloud-native – Due to the distributed nature of our infrastructure, the modern security architecture is comprised of solutions that were purpose-built for the cloud, not repackaged as SaaS offerings after the fact. While not all enterprises have fully transitioned to the cloud yet, that is the direction everyone is headed. Whether your security is still on-prem or you have deployed a hybrid model, future-proofing your architecture for cloud-first future is essential. As a result, SASE solutions are built around the convergence of these security functions, bringing together the functionality of CASB, NG-SWG, SD-WAN, DLP, AI/ML, and much more under one cloud-native solution.

3. API-based – The internet is very different than it was when the old traditional hardware security stacks were built. Application Programming Interfaces (or APIs) are the new language of the web. APIs allow different solutions and applications to communicate at the code level. This provides added context that can’t be communicated through a simple interpretation of HTTP/S protocols and looking at URLs, and is necessary to account for the complexity of the modern enterprise – where the average number of cloud apps used is in the thousands. Without this context, businesses can essentially see who is talking to whom, but they can’t see what they are talking about or what they are doing. In terms of security, that means being unable to view the data being shared both inside and outside of your organization and the activities being performed with that data. This visibility is key to SASE solutions being developed, integrating the context-awareness of SWG’s applied to organizations traffic, making API’s less of a blindspot.

4. Open and explainable – Businesses are fed up with black boxes. Buyers are no longer happy just understanding what a product does, they want to understand how it does it too. This goes against the traditional IT sales model, where demos were scripted by engineers until contracts had been signed and invoices created. The modern security stack needs to strive for interoperability, open interfaces, and explainability, as this is the only way to ensure its various parts interact as intended. Without understanding how your various solutions work on their own, you stand no chance of getting them to work as components of a larger framework. 

5. Lean and mean – There are over 2,500 cybersecurity startups in existence today, and the average enterprise has over 50 security solutions in place. Given that security budgets have continued to climb, it’s easy to see how we’ve come to be in the situation we’re in. But now the seams of our piecemeal security stacks are beginning to come undone. The modern security architecture, which is quickly becoming SASE-enabled solutions, is much smaller than the legacy security stack, relying on a core, converged set of network and security platforms for increased efficiency and security. These technologies include enterprise staples, such as identity and access management platforms for authentication, but also platforms specifically designed for application security and compliance. The day of the point solution is behind us, and you can expect to see security teams focusing their attention on the security platforms that matter most. 

As SASE solutions grow in the cybersecurity industry and become more robust, the old conceptions of security become fleeting memories. With traffic traveling outside of your data center and solutions becoming cloud-native and offering better visibility, the future is looking a lot more like SASE than anything you have sitting on-prem.

Instead of the stack, we now have SASE. SASE solutions will help make the security cloud more robust in how it protects your data while giving you the identity-based secure access organizations need to safely traverse the reimagined perimeter of the cloud.