SASE transforms network security into the cloud

The transformation away from traditional network boundaries to distributed cloud applications poses new security risks for companies. Users work from anywhere, e.g. company headquarters, branch office, home office, airport, etc., with applications that are also hosted everywhere, e.g. in the company's own data center or in various cloud environments. it is no longer possible to guarantee the speed, performance and, above all, security of your own company network. secure Access Service Edge (SASE) is a new security concept that combines several network functions and security services in a single solution and guarantees companies secure data exchange for their employees, regardless of location or device. KBC and Cisco provide the expertise to ensure network access and security in the cloud era.

What is SASE?

The SASE (pronounced "sassy") concept was first introduced by Gartner in 2019. "Secure Access Service Edge is a newly developed offering that combines the power of WAN with comprehensive network security capabilities (such as SWG*, CASB*, FWaaS* and ZTNA*) to meet the needs of digital enterprises for secure access," explains Gartner.

*SWG = Secure Web Gateway

*CASB = Cloud Access Security Broker

* FWaas = Firewall as a Service

*ZTNA = Zero Trust Network Access

SASE solutions are based on a software-defined wide area network architecture (SD-WAN), which offers a flexible and scalable network solution depending on business requirements. This can be easily deployed in a distributed network environment. The aim of SASE solutions is to reliably network companies, their sites and their mobile users and to control secure, stable data traffic, regardless of the user's location or device.

It is therefore a cloud-based model that is provided as an extended SD WAN in a branch office and combined with security services that are provided in the cloud. In 2020, Gartner predicted that investments in SASE technology will increase by 42% worldwide. 90% of all IT security decision-makers surveyed already rely on the new IT security model.

The SASE architecture was developed to meet the requirements of New Work with mobile teams and the need for secure remote access to applications and data running at different locations. This approach simplifies network and security management and increases the cyber resilience of companies.

What does SASE include?

Cisco viptela and Cisco Meraki are two SASE product lines with different characteristics. The connectivity and encryption, i.e. the SD-WAN part, is natively integrated in both series. The security elements such as Secure Web Gateway, Firewall, Cloud Access Broker, Zero Trust Network Access, DNS protection etc. are mapped in the Umbrella Cloud Platform for Cisco viptela and in the edge device for Cisco Meraki.

Managed Network Services

With Managed LAN and Managed WAN (SD-WAN), networks are operated, monitored (real-time monitoring) and maintained by KBC. All configuration changes, upgrades, updates (changes) or faults (incidents) are carried out or rectified by KBC. This reduces complexity and operating costs for the customer, but increases flexibility and speed of implementation with shorter fault clearance times. Flexible financing and OPEX models (monthly costs instead of CAPEX basic investment) can be used.

Managed Services - Solutions | CANCOM Austria

managed Security

SASE offers a range of advanced features that help protect against cyber-attacks. Using a zero-trust model, every user and device is verified and authenticated before corporate resources can be accessed. SASE also provides threat protection, including real-time monitoring, threat intelligence and automated response. Appropriate firewalls are used to inspect and control traffic flowing between networks to ensure that only authorized users and data are allowed through.

CANCOM Cyber Defense Center (CDC) - Solutions | CANCOM Austria

Partner for IT-Security | CANCOM Austria

SASE models

Cloud-native SASE

Cloud-native solutions are based on container and microservices technologies. Here, all network and security services are provided via the cloud. A hardware device establishes the connection to the cloud. There is also the option of software clients that connect computers or IoT endpoints directly to the cloud - so additional hardware is no longer necessary.

Cloud-native SASE is ideal for companies with many small branch offices, as each environment, including individual work equipment such as laptops, smartphones, etc., is equipped with security and network services, e.g. insurance or retail.

Cloud-managed on-premises SASE

Secure Access Service Edge can be managed centrally via the cloud - all branch offices usually have their own routers. Administration via the cloud is critical to success because it significantly reduces the barriers to use and provides a uniform set of rules (policies) across the company. The advantage of the model is that certain security checks or connectivity and encryption issues run at local level, which increases performance in larger environments.

Managed SASE

KBC provides the necessary expertise to manage the increasingly complex WAN, including the security blocks. Questions such as "How are security functions rolled out or how are user profiles created correctly?" are answered by KBC.

With Managed Secure Access Service Edge, you as a company have the advantage of having experts configure and operate the network. Managed SASE is suitable for companies that want to implement the Secure Access Service Edge model quickly and hand over control.

Hybrid options

Some (large) companies opt for a combination of cloud-native and on-premises SASE. For example, an international company that operates up to two offices with hundreds of employees in each country. Here, the company can use an on-premises security infrastructure for the local offices, while remote teams are integrated via a cloud-native service.

Advantages of SASE

• Simplified management: SASE provides a single, centralized management platform for security and network services across all locations and endpoints.
• Improved security: SASE solutions provide security services such as firewall, web filter, DNS protection, Zero Trust Network Access, Cloud Access Broker to protect against cyber-attacks.
• Improved performance: SASE solutions are designed to optimize network performance and provide a fast and reliable path or access to cloud-based resources.
• Scalability: SASE solutions are highly scalable, allowing organizations to easily add or remove resources as needed.
• Cost-effective: SASE solutions can help reduce costs by combining security and network services into a single solution, eliminating the need for multiple standalone solutions.

SASE in practice

When a user accesses a cloud-based application, their device first connects to the SASE platform. The SASE platform verifies the user's identity and applies the relevant central security guidelines, i.e. the company's IT security guidelines. If the user is authorized, the SASE platform establishes a secure connection to the cloud application. All data transferred between the user's device and the cloud application is encrypted, protected and analyzed for threats by the SASE platform.

If an employee attempts to access a cloud application from an unauthorized location or device, or generates or spreads suspicious traffic (malware, virus, etc.), the SASE platform denies access and protects the resources. This prevents unauthorized users from accessing sensitive data, even if they manage to bypass other security measures.