Enterprises are transitioning from on-premises to cloud-hosted applications, data and services to connect a new work from anywhere. In this article we will learn more about the components of a SASE architecture and their value
The growth of the cloud, a transition to telework, and the increased use of mobile devices means that an organization’s IT infrastructure is rapidly moving outside the network perimeter. Securing the new distributed IT estate without sacrificing performance and user experience requires a new approach to network design, which Gartner calls a Secure Access Service Edge (SASE) architecture.
The modern enterprise likely has more users, devices, applications, services, and data outside of its network perimeter than inside. This means that the traditional perimeter-focused security architecture is no longer effective.
To address the needs of the modern enterprise, Gartner has defined the SASE architecture. This architecture is designed to meet an organization’s networking and security needs in a single solution.
Balancing the needs for network performance and security requires a network and security architecture with these features. As shown in the image below, SASE incorporates a number of different network and security features.
This functionality can be classified into three categories: cloud-hosted security, zero-trust network access principles, and network services.
As security moves to the network edge, security solutions traditionally deployed at the network perimeter must relocate to the cloud. SASE architecture provides cloud-native options for core security functionality, including:
A zero-trust security policy is designed to limit a user’s permissions and access on a network to the minimum required for their job role. This limits the probability and impact of a security incident.
Zero-trust network access (ZTNA) solutions – also known as a software-defined perimeter (SDP) – enforces a zero-trust security model. This is accomplished by implementing:
In addition to providing security for the corporate WAN, SASE is also designed to optimize network performance for the distributed organization. It accomplishes this by integrating software-defined WAN (SD-WAN) functionality and securing mobile and temporary users.
SD-WAN is deployed as a network of SD-WAN appliances, either physical or in the cloud. All traffic flowing over the corporate WAN is routed from its entry point to the SD-WAN appliance closest to its destination based upon application and business intent. The use of SD-WAN as part of SASE provides a number of advantages:
As corporate networks evolve, network and security architectures must evolve with them. SASE is designed to provide both security and optimized network performance in a single solution. By moving security and network routing functionality to the network edge, SASE minimizes the impact of security on user experience while maintaining a high level of security.
Check Point’s Harmony SASE enables organizations to deploy network and security functionality that meets their needs. To learn more about how Harmony SASE works and see it in action, request a demo.