The emerging Secure Access Service Edge (SASE) model for cybersecurity, which is now gaining traction, needs to extend beyond cloud delivery to meet future needs. This is according to Patrick Grillo, Senior Director of Solutions Marketing at Fortinet, who was addressing the CNBC Africa Summit on The Future of Work.
“SASE is a framework to bring together what are normally two distinct environments – network and security, so that connectivity and security options can be delivered from the cloud as a service. The principal connectivity option or networking feature is SD-WAN, which has been disrupting the industry for the past two to three years, a catalyst for SASE”, Grillo said.
This emerging enterprise strategy combines network and security functions with WAN capabilities to support the dynamic, secure access needs of today’s organisations. Conceptually, SASE converges SD-WAN and network security services—including next-generation firewall (NGFW), secure web gateway (SWG), Zero-trust network access (ZTNA), and cloud access security brokers (CASB)—into a single service model.
However, Fortinet notes that there are situations where organisations may require a combination of physical and cloud-based solutions for SASE to work effectively. This may include supporting a physical SD-WAN solution in place that already contains a full stack of security, or providing protection at the edge when processing confidential or sensitive information rather than shuttling it out to the cloud for inspection.
/* custom css */
.tdi_3_252.td-a-rec-img{ text-align: left; }.tdi_3_252.td-a-rec-img img{ margin: 0 auto 0 0; }
Grillo believes that the challenge in securing the digital infrastructure is connecting users working from home and remotely, to the network and to applications by any number of means regardless of where they are, with the right level of connectivity.
“My off-network environment is typically using a local internet connection to connect to the corporate network and through that, to any SaaS applications the organisations may be using. But with SD-WAN, the user can connect directly to the SaaS application,” he explained.
“SASE has been brought in to minimise the complexity here – you can connect from on network or off-network environments into the SASE cloud. But Fortinet feels that a more hybrid approach is needed – rather than having a one size fits all approach, we need to be tailoring the type of connectivity and securing it no matter what type of connectivity is used. This is where we believe cloud and physical SD-WAN can work together and complement each other. On-network thick edge and off-network thin edge can – and should – coexist.”
Fortinet says that by combining physical and cloud-based elements, the role of SASE can be easily extended deep into the network, rather than simply handing off security to an entirely different system at the edge.