We are in an era in which our traditional perimeter: firewalls, VPN concentrators, switches, routers and high availability, is slowly dissolving and shifting towards remote workforces and a status quo of remote work forced by global crisesthe COVID-19 pandemic and an accelerated transition to the digital economy.
Indeed, we are facing a major shift in the IT and corporate security space, and companies need an alternative, reliable and scalable way to protect access to digital assets in the workplace.
These circumstances create an opportunity to fill a growing gap in the market with lightweight and innovative options.
This is where the Secure Access Service Edge comes in. Also known as SASE, it basically consists of a cloud architecture model that bundles network and security functions as a service and delivers them as a single cloud service.
SASE allows organizations to unify their network and security tools in a single management console
This provides a simple security and networking tool, regardless of where employees and resources are located. SASE requires little or no hardware, using the extensive connectivity of cloud technology to combine SD-WAN with network security functions, including:
- Firewall as a service (FaaS)
- Software as a Service (SaaS)
- Secure web gateways
- Cloud access security corridors
- Zero-trust network access
With the number of remote employees on the rise and organizations increasingly using cloud services to run applications, SASE offers a convenient, agile, cost-effective and scalable SaaS product for networking and security.
Organizations looking for a more advanced, user-centric network for your company's network management needs would benefit from learning about SASE architectures.
Due to the adoption of cloud services, mobile workforces and edge networks, digital and cloud transformation is changing the way organizations are consuming network security.
In the past, organizations consumed their security through legacy hardware networks and an outdated security architecture mentality.
Building a scalable secure cloud access architecture
How do vendors create a secure cloud access architecture to achieve the necessary scalability? Let's review the factors that support scalable architecture.
1. Points of Presence (PoPs)
SASE providers use points of presence to establish a geographical distribution of data centers wherever the PoPs are located. Providers can own private PoPs or use public cloud services.
Each type offers different benefits. For example, in a private data center, the supplier decides on computing, hardware, virtualization technology, cost and SLAs.
In a public cloud, the provider is more bound by the public cloud's SLAs and the provider's type of virtualization technology, as well as limited by the provider's locations.
2. Supplier technology stack
In most cases, SASE suppliers use two conventional technology stacks:
- Cloud VMs, which can scale vertically using larger compute instance sizes and horizontally by load sharing multiple smaller instances;
- Scaling containers per customer.
Providers route traffic from their data center, using a backbone or forwarding it to its destination after inspection.
Certain providers use their global architecture backbone to route web traffic and optimize routing, similar to the way ISPs use their Internet backbones.
With this method, the provider handles traffic from the moment a user reaches the nearest PoP. This approach can reduce latency and improve the speed of certain operations, such as file transfers, depending on the destination of the traffic.
Each supplier provides its own SLAs and speed, and it is the customers' responsibility to review and ensure that the SLA is aligned with their application requirements.
3. Distance from the user to the PoP
In traditional network connectivity for outbound browsing, a user's traffic is routed directly to its destination after passing through the firewall or web gateway on the company's premises.
With a cloud-based service, a user's traffic is first routed to the SASE provider's data center and only then does it proceed to its destination.
Therefore, locating these PoPs in close proximity to the user's location is essential for the best latency and speed. The routing optimization factor, as described in the previous section, can also improve latency and speed.
4. Distance to user applications
Many SASE providers locate their backbone infrastructure in the same physical data centers as large SaaS companies. This strategy allows SASE providers to offer faster performance by reducing the number of network hops and optimizing routing paths to SaaS sites from their PoPs.
This process routes traffic from a user's computer to the PoP closest to the provider and forwards it directly to the SASE provider's backbone that is close to the service.
The importance of a scalable secure cloud access architecture
As organizations increasingly adopt cloud services, many are quickly learning that network security is not so simple.
Traditional network security was built on the idea that organizations should send traffic to static corporate networks where the necessary security services were located. This was the accepted model because most employees worked in offices centered on the site.
However, the concept of user-centered networks has changed the traditional network we used to know. In the last decade, there has been an increase in the number of people working remotely from home around the world.
As a result, the standard hardware-based security devices that network administrators used to rely on are no longer suitable for protecting remote access to the network.
SASE allows companies to consider security services without being dictated to by the location of company resourceswith consolidated and unified policy management based on user identities.
This changes the question from "What is the security policy for my site or my office?" to "What is the user's security policy?"
This change creates a major shift in the way companies consume network security, allowing them to replace different security vendors with a single platform.
Conversys can help your company reduce the risks and impacts of this global crisis. Contact our experts now and find out about Aruba Networks' security, network management and connectivity solutions. We are on hand to help you overcome this challenge.
About Conversys
Conversys IT Solutions is a provider of Information and Communication Technology services and solutions operating throughout Brazil.
With a highly qualified technical and commercial team and a network of partners that includes the main global technology manufacturers, Conversys IT Solutions is able to deliver customized IT and Telecom Infrastructure solutions to clients.
We invest in our employees and partners and strive for a long-lasting relationship with our clients, because we believe that this is how we gain the skills and knowledge we need to innovate and generate value for the businesses in which we operate.
