There is arguably no hotter technology right now than secure access service edge (SASE). One might think that the rise of work from home driven by the COVID-19 pandemic has been the primary driver of the interest in SASE, but in reality, the momentum started before that. Work from home certainly acted as a catalyst for it, but the rise of cloud and the shift to SD-WAN created the need for a new type of security model.
To help better understand the trends in SASE, I recently interviewed Craig Connors, VMware’s CTO and VP of Service Provider and Edge, in my most recent ZKast interview. See highlights below.
Watch the video:
Highlights of the interview:
- SASE is the convergence of networking and security in the cloud. This is driven by the unique requirements created by the shift to cloud in the past year and half, requiring a better way to secure our networks and applications.
- SASE brings security and networking together by distributing cloud points of presence and centralizing the security operations.
- VMware’s differentiation comes from its acquisition of VeloCloud, which was a pioneer in cloud delivered SD-WAN.
- The pandemic has raised the awareness of SASE but isn’t the primary driver of it.
- There are three main motivators for SASE
- Businesses are moving applications from their data centers to the cloud. Applications are no longer sitting in one central place making them harder to secure.
- Modernized applications are built on microservices so a single application might be striped across multiple clouds. The data can be stored in one location and the compute in another.
- Users are distributed and people are working remotely removing the perimeter from the enterprise network.
- Apps, users and data are everywhere and now security needs to also be everywhere.
- The distributed nature of businesses has created a rise in new threats that must be protected against causing the industry to rethink the way security techniques have been applied.
- The pandemic accelerated SASE like a “rocket ship” as all of a sudden, businesses had to secure tens of thousands of users overnight.
- Emerging complex threats require sandboxing, remote browser isolation, threat analytics and machine learning. This requires massive compute power that most businesses do not have on premises. The cloud can scale to meet the security needs of distributed enterprises.
- VMware has been using the term “intrinsic security” for years. This means having security built directly into the product, seamlessly, everywhere the organization has a presence.
- Intrinsic security allows for threat protection to be integrated into every aspect between the user and the device, the network and the application.
- VMware recently announced its secure web gateway (SWG).
- A SWG is a forward proxy protecting users from threats that come from the web.
- This protects users against attacks when the users are off the company premises, that is, the Internet.
- The SWG can terminate TLS sessions so they can be inspected, and various security techniques can be applied whether its URL filtering, CASB (cloud access security broker) or data loss prevention.
- The rise of web based attacks has shifted a SWG from being a “nice to have” to a “must have” technology.
- In addition to having its own SWG, VMware partners with best of breed vendors, such as ZScaler and integrates their SWG into its SASE framework.
- VMware has excelled on building agile overlays to physical infrastructure. For example, its NSX SDN product creates a virtual overlay to a physical network in the data center. The SD-WAN solution does the same with the wide area network. Now its SASE solution can create a virtual threat protection layer over best of breed partners, simplifying the deployment for customers.
- While SWG capabilities are fairly standardized, VMware differentiates itself in the area of analytics.
- Machine learning based analytics isn’t quite ready to be the primary mechanism to secure a network, but we are close to that point.
- VMware’s analytics can be used to set baselines and then understand a deviation from the norm that might indicate a threat.
- For example, an IoT device that typically talks to the same cloud resources likely has been breached if the traffic patterns change and it attempts to access an accounting server.
- The analytics VMware has is part of its overall XDR solution.
- Final advice from Connors:
- Evaluate your SASE providers based on current and future requirements.
- Understand what the adoption of IoT looks like?
- What kind of cloud apps will the organization be adopting?
- What is the adoption of microservices based containerized applications be?
- Understand how to evolve your network from where it is today and plan where it goes in the future.