Getting Networking Right in the SASE Era

In 2019, when the term Secure Access Service Edge, or SASE, was first coined, it was to define a useful way of setting up the network and security infrastructure to satisfy a cloud-first future with services at the edge. Since then, SASE has been long on hype and discussion, but short on actual, practical advice. What does SASE mean for your digital transformation strategy?

The first thing to recognize is that organizations today are typically using hundreds or thousands of cloud applications—more than 2,500 for larger enterprises—and more than half of this traffic contains sensitive business data. The most alarming part is that the vast majority or upwards of 90% of these apps are unmanaged or what’s commonly referred to as “shadow IT.” The bad guys have clearly figured this out; cloud-delivered malware is now responsible for more than 65% of all malware delivery and SaaS apps are the number one target for phishing attacks.

With these challenges, SASE is even more important. The volume of apps and data residing in the cloud will only continue to increase, plus over the last 18 months, the global pandemic has made us familiar with working from anywhere. Workers now just expect to have the flexibility to work remotely and even with some returning to the branch, this expectation is here to stay.

Between the apps and data moving to the cloud, and workers now remotely accessing from everywhere, from a myriad of devices, the simplest way to think about all of these shifts is what they collectively mean for the business in terms of both security posture and network access. While heightened awareness of security risks and threats move the market to not only take a deeper look at the security measures required for safe cloud access (e.g. personal instance awareness, insight on device posture, targeted isolation or “air gapping” of traffic, or additional context on the user), as teams get closer to the SASE ideal, they also must be considering the companion networking requirements.

The reality is that customers can buy all the security technologies they want; layers upon layers, software, appliances, or services, from dozens of vendors, but if the network performance degrades because of that security, then the user experience and application performance will suffer as a result, and ultimately business productivity will slow to a crawl. It’s even more challenging with the cloud paradigm, when aspects of the network are clearly outside your control, like how you connect to Microsoft for O365 or public clouds like AWS for app workloads. A true SASE-ready architecture takes into account the characteristics of the cloud and the fact that users ultimately expect fast, direct access to their apps and data, and demand that access is from anywhere, any device, and that it’s secure. 

Ultimately, security and networking can’t be a trade-off, and teams are misaligned if coverage and performance can’t match the data-centric security controls necessary when intercepting and inspecting traffic bound for cloud apps. Our new paper The Network is the Security can help you identify some of the key things to consider when embracing SASE and building an exceptional, well-operating converged security and networking architecture. Get your copy here.

To learn more about Netskope and the underlying network infrastructure, or what we like to describe as our security private cloud called NewEdge, that powers all the world-class security and data protection capabilities of the Netskope Security Cloud, please visit: https://www.netskope.com/netskope-one/newedge.