As offices worldwide sit abandoned, many of the millions of employees ordered to stay home are actually keeping hard at work, taking advantage of residential broadband connections, VPNs, email, video conferencing, and instant messaging applications to do their jobs.
Thank the corporate world’s willingness to let employees occasionally work from home for the necessary IT infrastructure. However, as much as we’d like this alone to solve the business continuity challenges, enabling a handful of employees to work from home once a week is trivial compared to ensuring all of a company’s employees can do so for months on end.
And as useful as general productivity applications like Office365, Slack, and Zoom are, many employees also use applications that are specific and critical to their job function. Remotely accessing these applications – which are often hosted in data centers – can be challenging due to slow and inconsistent network connections and inherent latency due to security functions being enforced at the datacenter. This combination often results in lengthy delays that lead employees to sidestep security, creating opportunities for hackers to access HR, finance, engineering, sales, and other departments.
SASE to the Rescue
A potential solution may be the Secure Access Service Edge (SASE) architecture defined by Gartner as it is intended to address the increasing numbers of employees working remotely – either at home or on-the-road – and who access corporate networks using a variety of devices. SASE accomplishes this by combining cloud-delivered Software-Defined Wide Area Networking (SD-WAN) with integrated security services.
SASE addresses critical connectivity requirements by firstly allowing the rapid deployment of remote access concentrators to support all the employees logging-in remotely. SASE also allows network capacity to be quickly scaled up to handle the associated increase in data traffic required by all of these employees.
Establishing reliable connections with offices in hard to reach locations is another advantage of SASE’s SD-WAN capabilities, allowing companies to work with the local carriers to select the best network – or networks – to meet their specific needs. For instance, a company could use lower-cost private Internet lines for local web browsing while using premium Internet lines for more important international and business-relevant traffic.
Impatient remote workers sidestepping standard security steps to access key applications have been an issue for some time, but the security consequences have been significantly magnified with literally tens of millions now working from home.
Irritatingly slow performance, often due to security requirements, is the chief cause and SASE overcomes this by applying security functions at the network edge, rather than centralizing them at a datacenter. This minimizes latency and allows remote users to access critical applications and data without compromising security more quickly.
The primary security elements of SASE can include a Secure Web Gateways (SWG), Cloud Access Service Broker (CASB), Firewall as a Service (FWaaS) and Zero Trust Network Access (ZTNA)
Recognizing that implementing SASE is a non-trivial effort, Gartner recommends that companies work with a managed service provider rather than attempting it themselves.
Relying on a managed service provider ensures that dedicated teams of networking and security experts handle their respective domains, not in-house IT teams that will likely lack the necessary expertise. This is particularly important for running the Managed Detection and Response effort, in which security experts use the considerable security capabilities of SASE to identify and contain cyber threats early in the ‘kill chain,’ eliminating the need for companies to build and staff their own Security Operations Centers (SOC).
A managed service approach further enhances security by ensuring that security updates and patches are implemented promptly, not when internal IT staff can get to them. Complementing this, companies are not affected by shortages of qualified networking and security experts, nor impacted if IT staff should be required to work remotely.
OPEX versus CAPEX
Cost is always an important consideration and another area in which SASE shines. As a managed service, SASE is an operational expense, with no expensive hardware or other “capital” to purchase and maintain. Companies can also use SASE to move away from costly MPLS networks to much more cost-effective options, including cable and wireless networks.
Gartner had estimated that 40 percent of companies would adopt SASE by 2024, but I think the actual figure could be much higher as this prediction was made before the emergence of COVID-19. Seeing SASE prove itself as a business continuity solution in 2020 will only encourage enterprises to make a move sooner.