SASE Access Architecture Becomes the Future of Cloud Security
Knowledge

SASE Access Architecture Becomes the Future of Cloud Security

Remote access and cloud computing access have become the new normal of global business after the epidemic. Enterprises are faced with many problems such as hybrid cloud configuration, diversified network access, key data security protection, and network access management.
Published: Jul 07, 2021
SASE Access Architecture Becomes the Future of Cloud Security

How to Remote access?

"Remote access" network security protection is the most concerned market. Mobile users access important enterprise applications, transfer key enterprise application data to cloud computing, or enterprise adopts hybrid cloud architecture, all of which connect the network infrastructure. The demand for the integration of online functions and network security functions has emerged. In response to this trend, Gartner has defined a SASE (Secure Access Service Edge) model based on cloud service SD-WAN technology and centered on user identity, which is considered the most important development trend of network security access architecture.

Remote access and cloud computing access have become the new normal of global business after the epidemic. Enterprises are faced with many problems such as hybrid cloud configuration, diversified network access, key data security protection, and network access management. Secure Access Service Edge (SASE) seems to be the best solution for cloud security at present. It integrates the needs of today’s enterprises for the network as a service and information security as a service and integrates comprehensive wide area network WAN functions (including SD-WAN, CDN, etc.) Integrating with network and cloud security functions (such as SWG, CASB, FWaaS, and ZTNA), is based on user identity (maybe specific individuals, branch employees, third-party vendors, specific IoT devices) at the edge of the network. Network access permissions are shunted, and then applications or smart data are accessed directly to corporate data centers or public cloud applications or platforms, instead of importing network traffic to the head office and then transferring it to the cloud, which would increase data transmission risks from attack.

SASE network edge security access service architecture introduction:

Under the impact of the 2020 epidemic, VPN (Enterprise Virtual Private Network) was the first remote access solution for enterprises. However, with the new normal operating model of a remote office, enterprises are accelerating the deployment of many cloud services and applications. With the rapid development of cloud data centers and mobile offices, VPNs are facing great challenges by breaking the familiar network boundary protection. Only by establishing a "trusted" security management model can the user's authentication and authorization be credible, and the information flow and information security risks can be visible, controllable, and manageable.

The Zero Trust network security framework (Zero Trust) believes that any network access requirements should be preset to be untrustworthy, and only after authentication can they be accessed by the management policy authority. However, the zero-trust architecture does not refer to a specific technology, but the concept of application integration of multiple technologies. Therefore, the SASE (Secure Access Service Edge) market has become the best practice for "zero-trust" security in enterprises now.

What is SASE?

SASE is to implement identity management on the terminal equipment and the edge of the network, while network traffic is diverted to the application cloud platform or the data center in the enterprise according to the identity management policy, and the network security functions and equipment are all Built-in cloud solutions. Especially in the long-distance working mode after the epidemic and the advent of the 5G era, this trend will become more and more obvious, and the market demand will continue to grow. Under the new normal, the use of traditional network access mode in this environment will bring very complex network management configuration problems. With SASE architecture, wide area network connection capabilities (such as SD-WAN) and network security protection capabilities (such as SWG, CASB, FWaaS) are integrated, thereby effectively reducing the complexity of network control. Not only can it provide a flexible and expandable network, but it can also provide software-defined security access services based on user rights policies. This flexible network provides unprecedented network visibility and manageability for the security teams of digitally transformed enterprises. The network connection can be precisely specified according to the user identity and the context of the packet content. The security team can provide secure data access, QoS performance, reliability, and security for mobile users, and branch teams, with cloud-based application services, to safely realize the dynamic storage required for digital transformation.

The SASE network edge secure access service architecture has the following characteristics:
  1. Focus on user identity: Network Edge Secure Access Service (SASE) is a new center for using identity as the access decision-making center, not the access authority of the enterprise data center. Therefore, network access permissions are based on identities such as user identity, connected device identification, and application access permissions, rather than the IP address or geographic location of the device as in the past. It is this logic-level conversion of defined policies that greatly simplifies security policy management.
  2. Take the cloud application as the native architecture: The biggest assumption of SASE is that enterprises will gradually cloud important data and services, or directly adopt public cloud SaaS services (such as CRM, Mail, office software...), so they are outside the company. Mobile users or overseas branch offices will not redirect all network traffic back to the headquarters due to the use of VPN, nor will they allow free access to wide-area network services and lose network security protection. SASE makes full use of the main features of cloud computing in its architecture, such as flexibility, self-adjustment, automation, self-healing ability, and self-maintenance.
  3. Simplified architecture of network security equipment and configuration: By integrating secure access services from third-party security product providers, it will effectively reduce the total number of suppliers and reduce the number of physical or virtual security devices in overseas branches. This will reduce the number of agents required on the user’s terminal device. At the same time, the integration of supplier equipment will have the opportunity to use the "single-pass" architecture for network content inspection. Under this architecture, all packets at the network session layer will be decrypted at once and checked once in parallel using multiple security policy engines (FW, IDS) instead of multiple security check engines for serial check, which would increase the delay time. This will provide users with a consistent network access experience no matter where the user is, what site they are visiting, or where the site is located.
SASE architecture is the integration of network services and security services

The SASE architecture represents the structural integration trend of corporate networks and security systems. It is suitable for the trend of remote access and corporate services on the cloud under the current epidemic. It integrates security and network access and can be applied to any type of terminal access method. Enterprises do not need to place an agent on the device, and do not need to connect to the VPN and then reroute all traffic to the Internet. The SASE architecture brings security to each access service. It is estimated that by 2024, at least 40% of enterprises will adopt SASE-based cloud services.

It is not easy to build a complete SASE access service platform, as it requires extensive and diversified technologies. At present, few vendors can provide complete solutions in the market. This technology is still in its infancy, but as cloud services continue to grow, the SASE access service platform will drive the demand for edge computing equipment, and future growth is still expected.

Published by Jul 07, 2021 Source :moea

Further reading

You might also be interested in ...

Headline
Knowledge
What is an Oscilloscope?
An oscilloscope is a diagnostic instrument that graphs electrical signals. Whether it is a simple or complex product, it includes electronic components, and its design, verification, and the debugging process require an oscilloscope to analyze the many electrical signals that make the product wake up.
Headline
Knowledge
What is Heat-assisted Magnetic Technology?
Heat-Assisted Magnetic Recording (HAMR) is a technology that uses laser heat to first heat highly stable media to assist in the magnetic recording of data.
Headline
Knowledge
Key Components of Automotive Semiconductors: ECU, MCU and Sensor
The automotive semiconductor market continues to be optimistic. At present, the main automotive semiconductor chips include microcontrollers (MCU), power management ICs, digital signal controllers (DSP), sensors, power semiconductors, discrete components, micro-electromechanical (MEMS), memory, customized application IC (ASIC), etc. The automotive chip supply chain is complex and long. After the shortage storm in 2021, automakers began to shorten the semiconductor supply chain, hoping to shorten the long chain. Some automakers even have the idea of developing and designing automotive semiconductors by themselves.
Headline
Knowledge
What is Sheet Metal Processing?
"Sheet metal" in sheet metal processing refers to thin metal plates, which can be processed by stretching, stamping, bending, etc., and the thickness is usually less than 6mm. Common materials include iron plates (black steel SPHC, cold-rolled steel SPCC, galvanized steel SECC), hot-dip galvanized steel sheet SGCC), stainless steel (SUS304, SUS316), aluminum (AL5052), copper, etc. Sheet metal processing is different from other processing technologies. It includes many different steps, such as: laser cutting, NCT punching, cutting, folding, welding, riveting, etc. The specific products produced are usually support frames, equipment covers, internal parts and some functional objects, such as electronic control panels, medical equipment covers, airport automatic clearance machine covers or parts, snapshot cabinets, food processing equipment covers and parts.
Headline
Knowledge
What is an Industrial Cooler?
A cooler is a device used for cooling during the manufacturing process.
Headline
Knowledge
How to Choose a Suitable Uninterruptible Power Supply System?
Uninterruptible Power Supply (UPS) is a device that continuously provides backup AC power for electrical load devices and maintains the normal operation of electrical appliances when the power grid is abnormal. Uninterruptible power supply systems can be divided into online, offline, and line interactive. The power requirements of each field are different. How to choose a suitable one?
Headline
Knowledge
What is Anodizing?
Anodizing is a treatment used to enhance the surface properties of metals. It can improve the appearance, durability, conductivity or other properties of a metal surface and help protect it from wear and corrosion. In addition, it can also be used to make different shaped materials, such as rubber rings, pressure-type parts or trimming cutting tools. Therefore, anodizing is a common metalworking method.
Headline
Knowledge
What is A Punch? Punch Principle, Type, Material Introduction
Punching machine, also known as stamping machine, is a forming process technology. There are many types of it. Due to different structural principles, the price and processing effect will be different accordingly, but they all have something in common in terms of structural composition. With the rapid development of the stamping industry, competition in all walks of life is increasing, and it is applied to various industries, such as aerospace, education, auto parts, diving equipment and so on. The following will introduce the punch structure, type and material.
Headline
Knowledge
Introduction to the Different Types of Welding
Welding is a manufacturing process and technology that uses heat, high temperature or high pressure to join metal or other thermoplastic materials such as plastics. According to the state of the metal in the welding process and the characteristics of the process, the welding methods can be divided into three categories: welding, pressure welding and braze welding.
Headline
Knowledge
What is Worm Gear?
A worm gear is a gear consisting of a shaft with a helical thread that meshes with and drives the gear.
Headline
Knowledge
What is Chip Formation?
In the chip formation process, materials are cut through mechanical means by using tools like milling cutters, saws, and lathes. It is an integral part of the engineering of developing machines and cutting tools.
Headline
Knowledge
What Exactly is a Boring Machine?
A boring machine, device for producing smooth and accurate holes in a workpiece by enlarging existing holes with a bore. A single-point tool is attached to a rotating spindle within a boring head. They can dig through anything from hard rock, soft soil to sand.
Agree