Over the past few years, there has been an increase in the number of security breaches globally.
Many industry sectors including financial services and healthcare have suffered significant monetary and reputational losses especially as they interface with end-users directly. The result has seen more stringent regulations enforced in many regions including China to ensure the security of customer data. Enterprises are compelled to adopt more flexible and cost-efficient approaches to security to satisfy compliance requirements even as they face increasing competition across all sectors of the economy.
In China alone, enterprises are spending more than their Western counterparts. Experts predict Chinese enterprises will lead global cyber security investments in 2020, peaking at USD 8.75 billion and growing more than 24% year-on-year. Global cybersecurity spending will achieve a compounded annual growth rate of 10.0%, and it is expected to reach US$157.16 billion in 2023.
And now, amidst the COVID-19 pandemic crisis, various governments and regulatory authorities mandate both public and private organisations to embrace new practices for working remotely and maintaining social distancing. Companies that are vying for large contracts and contracts in regulated and critical sectors are implementing new, robust Business Continuity Planning (BCP) and cyber resiliency practices. Organisations are also enacting various concepts such as bring your own device (BYOD) and work from home (WFH) to modernise their work cultures.
This crisis has exposed companies to scenarios where their intellectual properties (IP) are at the mercy and conduct of their employees — working remotely either on office laptops with zero firewall protection or personal laptops with/without free antivirus packages. And as the pandemic rages on, more operations are shifting out of office servers to the cloud forcing employees to access these services via the Internet through relatively unsecured connectivity.
In short, WFH users (and by extension, their companies) are more vulnerable to attacks than ever. This is where Security-as-a-Service or SECaaS comes in, serving as a buffer against the most persistent online threats.
SECaaS delivers consistent security across their entire corporate network while outsourcing the day-to-day operational oversight to a service provider. Enterprises can maintain granular control of all security policies easily through a centralised management portal that is configurable through a simple point-and-click interface. Concerns over software upgrades, hidden costs, capacity planning and operational challenges are eliminated.
But networks are not static entities. Technological innovation and on-going evolution of the corporate WAN with the advent of software-defined networking means SECaaS is struggling to keep up as more users, devices, applications, and data reloactes outside the enterprise.
SASE – A Better Way?
Secure Access Serve Edge network architecture or SASE (pronounced ‘sassy’) is emerging as a remedy and alternative to traditional data center-oriented security. SASE unifies networking and security services into a cloud-delivered service to provide access and security from edge to edge — including the data center, remote offices, mobile users, and more.
For example, SD-WAN eNet Connect from China Broadband Communications offers better protection and faster performance exclusively for enterprise use and at the highest quality network service, by consolidating point solutions in one service. Built on a core backbone that is peered with all major carriers in China, SD-WAN eNet Connect is one of the first fully licensed ICT and technology service providers to offer a SASE solution that converges the network functions and Security-as-a-Service (SaaS) solutions into a unified cloud-native service, enabling users to incorporate security into their network architecture.
With SASE, network security functions including cloud access security broker (CASB), secure web gateway services (SWG) and firewall services are integrated with WAN capabilities, primarily via software-defined networking services such as SDWAN. The combination of various network security technologies with the programmability of SDN and SD-WAN functionality supports the dynamic secure access needs of organisations.
So SASE is a package of core security abilities delivered using the as-a-service model with the relevant compliance policies and real-time contextual reporting. It melds Network-as-a-Service (NaaS) and SECaaS into a single security framework to identify sensitive data or malware and the ability to decrypt content at line speed, with continuous monitoring of sessions for risk and trust levels.
SASE Benefits
SASE replaces the secure perimeter with integrated security across the network. Endpoints connect to cloud-based SASE analysis instances, which provide the security services, then forward permitted and safe network traffic to their intended destination.
There are many advantages to this approach and SASE introduces some innovation around network edge security. If executed effectively, key benefits can include:
a) Distributed architecture protects applications anywhere
SASE’s distributed network means security functions closer to the end user where a more centralised network security policy will not support the perimeter defenses. Applications can be hosted anywhere; in a corporate data center (private or public cloud) or be a SaaS offering.
b) Reduced WAN costs
Much like SD-WAN, SASE will optimise traffic flows by routing across existing cloud connectivity to your vendors. These are typically redundant connections which means enterprises could forgo more expensive MPLS while still achieving significant imporvement in application availability. Enterprises should see cost savings in lower WAN costs.
c) Better network latency
SASE provides better network latency characteristics than using a VPN to a corporate data center, where security is usually deployed. Endpoints and branches can use dedicated CPE devices or connect to a cloud that provides the security mechanisms. Network traffic flows are optimally routed to their destination.
d) Consolidated security functionality
Integrating secrity and traffic routing, SASE can reduce the complexity of deploying comprehensive WAN security significantly. IT staff can focus on system-wide policy services and move away from per-device policy maintenance as long as security functions are well integrated and not disparate components.
The Future of Network Security is SASE
While SASE still in its nascent stages, one truth is clear: Centralization of IT resources in the headquarters data center is an outdated strategy that creates disadvantages for organizations that aren’t adept at change. The business world is increasingly moving to an on-demand model. Companies beginning their transformation toward this more flexible and agile means of operation will see the prominence of SASE increase. SASE adoption can be challenging, but the payoff will be huge for those companies that are able to make the move.
