With the recent change from working in the centralized IT environment to work from home or even Bring Your Own Device (BYOD), the security network has been in danger from multiple threat. Thankfully, SASE is here to answer that concern regarding cyber security in IT department. SASE or Secure Access Service Edge is a cloud native architecture that unifies SD-WAN with security function like SWG, CASB, FWaaS, and ZTNA into one service for everyone to use to connect to internal network. With SASE, anybody can access to internal network from home with whatever device they chose.
There is reason why I bring SASE in today brief explanation, and that is because it connects with Zero Trust security that I have explained in the past. Now, SASE is actually the next step to fully utilize Zero Trust Network Architecture, ZTNA is there to make anybody in the cloud to authenticated themself every few hours and only have limited number amounts of resources they can access.
Now in the beginning, I explained that SASE is a combination of SD-WAN, SWG, CASB, FWaaS, and ZTNA combine into a single cloud service. But what exactly are they? Well, they are as follow:
- Software-Defined Wide Area Network (SD-WAN) SD-WAN is an overlay network use to control the entire cloud network using build security or access control. Combine with SWG, FWaaS, CASB, and ZTNA; SD-WAN become the main control panel to make sure everything working as intended in the Cloud Service.
- Secure Web Gateway (SWG) SWG is web filtering tools to monitor user web sessions. SWG usually provide URL Filtering, SSL decryption, application control, and threat detection and prevention to make sure every user is using website safely and not putting the entire network in danger.
- Firewall as a Service (FWaaS) FWaaS is your necessary firewall protection whenever you create an internal network. FWaaS comes with cloud-native, next generation firewall, providing Layer 7 inspection, access control, threat detection and prevention, and other security services you need in a cloud architecture security.
- Cloud Access Security Broker (CASB) CASB does its job by oversees sanctioned and unsanctioned Software as a Service (SaaS) application to make sure everything is in order. And as Data Loss Prevention (DLP) solution, it also ensures visibility and control of sensitive data in SaaS repositories.
- Zero Trust Network Architecture (ZTNA) ZTNA is a model that always make everyone verified themself to continue using internal resources. And in SASE, ZTNA provides continuous verification and inspection capabilities to protect organization sensitive data and applications.
Now, SASE is NOT "one size fits all" architecture, so don't force your company to immediately implement the whole SASE and throw away the previous Architecture. Always remember your organization short- and long-term growth strategy, Complexity of the implementation, and the costs of migration.
Sources: