State of Security 2024: SASE

proudly sponsored by
Fortinet

With more and more workloads moving to the cloud, and workers accessing them from a growing variety of locations, the need to ensure the security of the wide area of connections that link them together has never been greater.

This is the goal of SASE (secure access service edge), a concept that eschews traditional data centre-centric security models, and instead delivers wide area network and security controls directly to the source of the connection.

By converging network connectivity with security functions, SASE delivers a unified approach to connectivity and security across decentralised networks, along with a simplified and consistent experience – in theory, at least.

The reality is that many organisations are only partway along their cloud journey, and are often maintaining a variety of legacy security architectures, meaning that SASE implementations are unable to protect the entirety of these environments

Even for those organisations that have embraced the SASE vision, integrating the numerous components and vendors needed for a SASE architecture – which may include SD-WAN, secure web gateways, CASB, ZTNA and encryption – into a comprehensive environment can prove challenging.

The reward for those organisations that can pull these components together is a flexible, policy-based network that provides consistent, enterprise-grade security and safe access.

According to Markets and Markets the global SASE market size is projected to grow from US$1.9 billion ($2.88 billion) in 2023 to US$5.9 billion ($8.93 billion) by 2028, with Gartner reporting that SASE was one of the top two technologies that CIOs planned to invest in in 2024 (along with generative AI) to simplify the delivery of critical network and security services via the cloud.

The challenge of building a SASE architecture can mean that its full benefits are only realised over the long term, with implementation often taking between three to five years.

Security leaders must also make decisions that can have a long-term impact on their eventual outcome, such as whether to pursue a single vendor framework or seek a best-of-breed approach that integrates components from multiple suppliers. Even opting for the former requires the converging of SD-WAN services with security tools. Either decision may demand the replacement of existing investments to deliver the desired outcome.

That long deployment period will also see security professionals choosing from a set of components that will themselves evolve, especially as vendors bring more AI and ML capabilities into their tools.

These trends may prove highly beneficial for channel partners, who will increasingly be called upon to provide the security expertise needed to implement and manage SASE initiatives. For MSPs, there is also the growing opportunity to offer subscription-based SASE services using a consumption-based model.

As is often the case with cyber security, creating a simplified environment will only come through navigating a series of complicated decisions.

But for those organisations that are seeking to create a decentralised cloud environment while maximising flexibility for workers – and also reducing complexity and costs – these challenges are worth overcoming – at least until the next great idea comes along.

The Australian Computer Society’s (ACS) environment supports an array of workloads - from standard corporate functionality, to a large guest network and a startup community of organisations operating within the same premises. Users are geographically dispersed across Australia, with many working remotely. The Society is also cloud-first, making use of multiple SaaS and PaaS providers.

It had been servicing these diverse user needs and workflows with a “blend of MPLS and SDWAN, resulting in high bandwidth costs on underutilised circuits,” ACS CIO Rich Wiltshire explained.

“To support this, we had complex support agreements with multiple support vendors and hardware providers. We lacked any real control on who was accessing what, and regularly faced network congestion across locations.”

Wiltshire says the move to a converged enterprise SASE network enabled the ACS to remove the MPLS and SDWAN network and associated hardware from its offices, centralise networking and security “as a service” to its guests and start-up community, and drive cyber security improvements across the board.

“From a cost perspective alone, the ROI on the implementation of SASE along with a full refresh of our entire LAN environment, was under six months,” he said.

“Strategically, SASE changed the game in our network and cyber security strategies and allows us to get on with offering value to our customers while providing a highly reliable and redundant environment without the complexity and cost of a traditional MPLS or SD-WAN network.”

The ACS’ operating environment now comprises “a series of Local Area Networks primarily over WIFI 5 and some structured Ethernet for fallback and limited workstation use.”

“Our SASE Edge is serviced by internet breakouts that can be negotiated on a location-by-location basis with the telco provider that best services that location, rather than locking into large contracts that only service some regions,” Wiltshire said.

“We leverage our provider’s global private backbone to deliver and optimise global application access using smart egress capabilities that allow us to exit specific traffic at a geographically designated POP. This is particularly useful for our start-up community who traditionally work at a global level.

“To control access to the network we utilise ZTNA/VPN for all access, whether in the office or remotely. This allows us to define policies rather than use complex routers, firewalls etc to segregate our workloads. The ZTNA workstation client allows staff to connect to any network with the right degree of access to protect them from threats, but while also allowing them to function.”

According to Wiltshire, the value of SASE was recently demonstrated when a customer connected to the guest segment of the network using a compromised computer that tried to move laterally.

“Our platform automatically blocked the lateral movement but allowed our customer to continue to operate unaware. Our engineers were able to pinpoint the persons’ location and advise them of the issue prior to returning to their home network, potentially avoiding a disaster.”

 

SASE Champion

Browse by Category

Click on the tiles below to see how each of the categories are responding to security threats in their sector.

Security Champions

The 2024 State of Security sponsors have worked tirelessly to improve the safety of enterprise and channel companies.

We are proud to present this year's State of Security champions, and showcase the work they do.

Mimecast
Jamf
Zscaler
Lacework
Interactive
Brennan
Sysdig
Arctic Wolf
Fortinet
Stellar Cyber

Log In

  |  Forgot your password?