Converging networking and security with single-vendor SASE
SASE (which stands for "Secure Access Service Edge") is a network architecture concept that combines wide-area networking (WAN) and network security services into a unified cloud-based platform hosted and managed by the SASE vendor.
Employees and applications are "anywhere"
SASE is rapidly gaining traction, driven by two trends reinforcing each other. On the client side, requiring remote access via VPN is now less an exception and more a norm: the hybrid workforce is working from anywhere and expects the same level of access as in the office (even accounting for the recent reversal of pandemic work-from-home practices). Backhauling all traffic to the office or using split-tunnel VPNs now looks increasingly like a solution invented for a time when only a minority of the workforce was "dialing in" remotely into the headquarter office at any given moment.
But what is the "office" the employees are connecting to? That's being disrupted by the second trend, the move to the cloud. As more applications and servers are moving into managed cloud services (SaaS, IaaS or PaaS), there is less reason to connect or backhaul traffic into the physical headquarter premises, rapidly exposing perimeter-based security as obsolete.
And so the two trends are prompting for a rethinking of remote connectivity and the networking infrastructure supporting it, as well as the traditional perimeter-based security, as new security gaps become apparent.
Redesigning an organization's networking infrastructure is not something to be taken lightly. On the other hand, bolting on an additional SASE layer on top of existing infrastructure can introduce administration overhead and operational complexity.
That's why a single vendor SASE approach consolidating existing networking infrastructure and expanding security coverage to account for the above trends - looks appealing.
With single vendor SASE, organizations can consolidate multiple point security products with fewer management consoles to monitor. Ideally, on-premises firewalls, virtual firewalls, SD-WAN devices, client security agents and cloud-delivered security, should all be managed from a single management console.
Recent "Universal SASE" announcements from Fortinet, building on the single-vendor approach, are an example how fast existing vendor portfolios are converging with SASE functionalities.