Blog · 10 Nov 2020

Why SASE is the future of security architectures

Introducing Secure Access Services Edge (SASE), the answer to protecting a dynamic enterprise perimeter.

David Stark
Director, Security Portfolio

Over the last 12 months, we’ve seen our customers’ businesses change, and the pandemic has been a real accelerant.

There’s been a seismic shift away from the traditional enterprise applications, network and data centre models and the growth in the use of Public Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) is set to continue. We’re certainly seeing more user workloads now running in IaaS and PaaS than in traditional data centres, and more organisations are moving to SaaS hosted tools like Salesforce, ServiceNow, and Office 365.

There’s been a similar change in where businesses store their critical corporate data, whether intentional or not. Gartner have long predicted that by 2022 more than half of enterprise data will be created and processed outside the data centre. Whether this is adequately protected remains a critical concern.

The result? The drive for digital agility means that the enterprise perimeter is now dynamic and there’s a real danger that when users, devices and data can be created and stored anywhere, you lose visibility and control.

Secure Access Services Edge is the answer

Security thinking and leading practice has been moving towards SASE (pronounced ‘sassy’) for some time now to protect this new perimeter.  Our Cloud Security Architecture, which we introduced 3 years ago, not only includes the same principles as SASE, but also predicted that any revised definition of the perimeter needed to include endpoint, identity and threat management.

SASE brings together connectivity and network security into a single policy-driven service that provides consistent centrally-managed access and security from edge to edge. It covers the myriad of ways we now work, whether it’s remote offices, homeworking or workers on the move – SASE helps to protect critical data and applications wherever they are. If you add to SASE the elements of endpoint protection, identity and threat management then the benefits really start to add up. For a start, SASE cuts complexity, by consolidating your security stack and reducing the number of security products you have to manage.

It supports a Zero Trust approach to the cloud and underlying infrastructure, so you know your session is protected whether a user is on your network or using public cloud. Your visibility increases, so you’re better able to see emerging threats, and you can easily incorporate robust data protection across your network. As an over-the-top (OTT) architecture, SASE should ideally blend cloud-based-controls, brownfield-controls and end-point controls with advanced threat detection.

Analysts agree that SASE is the future

This latest evolution in security has also been identified by industry analysts, Gartner, who summarise it as “a new package of technologies including SD-WAN, SWG, CASB, ZTNA and FWaaS as core abilities, with the ability to identify sensitive data or malware and the ability to decrypt content at line speed, with continuous monitoring of sessions for risk and trust levels.” Gartner also expects significant take up in the next few years to the extent that, “by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE

The future direction of security is clear; the question now is how do you make the move to SASE an easy one? No one wants to rip and replace their existing network and security investments. Also, do you really want to have to rely on a single vendor to get the benefits of SASE? How do you implement SASE in a way that makes the most of what you’ve already got?

The three key questions you should ask about SASE

Our customers are telling us that they want secure connectivity and security of applications both into and from the cloud, whether that’s public, private, hybrid or multi-cloud. And they want evolution rather than revolution, to mitigate the risks of big change during the pandemic. Plus they want to minimise IT investments at a time of reduced cashflows and revenues.

Here are the three key questions that will reveal where you stand and how to move to SASE easily and cost-effectively: 

  1. What have we got (or are planning to get) that will support SASE?
    Ask how you can use them to deliver secure connectivity, secure applications and data confidentiality into both public, private hybrid and multi-clouds.
  2. How can we make the most of our existing investments?
    Ask how your investments in end point, edge, network and security technologies, and identity and access control solutions can work towards your SASE solution whilst optimising and unifying how they’re managed.
  3. What management options are available?
    Ask whether network and security experts can tune and maintain your network and security services in real time, maximising routes, tuning security policies and maintaining posture. Find out if they can manage peering and cloud access, and resolve technical, performance and cyber threat response issues before they occur.

Building your future security

At BT, we’re putting SASE at the heart of our cloud security architecture strategy. We’re bringing together our experience in network underlay and SD-WAN capabilities with both network and cloud-based security capabilities. We’re using our digitally native orchestration platforms to make it possible for you to underpin and execute provisioning and change via a single policy, control and event data framework.

We’re continually evolving our cloud security architecture so that it will meet your current and future needs. Through the convergence of our software defined networking capabilities with cloud-native security functions like secure web gateways, cloud access security brokers, firewalls, and zero-trust network access, you’ll stay secure, however your business develops.

Working with us, you’ll be able to migrate your existing brownfield architectures, tapping into our expertise in managing at volume and scale. Plus you’ll get an integrated solutions wrap and advisory expertise in identity management, cloud security, zero trust and mobile services – capabilities that we can support in new domains such as Carrier Neutral Facilities.

We see further and we’re committed to helping you see further. With solutions that are powered by real-time context-based security assessment and threat management capabilities, you’ll get dynamic orchestration and real-time responses for a secure future.