SASE (secure access service edge) represents the convergence of networking and security into a cloud-delivered service. This architectural paradigm shift is getting both enterprises and security solution providers to re-evaluate the way that they deliver security services across every IT environment.
Like with many evolving technologies there is a lot of confusion about what is and what is not SASE. We thought we would have some fun and attempt to explain the basics of a complex system.
Here is the Trustgrid recipe for baking the perfect SASE on your first try. Here is what you will need to get started.
- 1 Secure Web Gateway (SWG)
- 1 Cloud Access Security Broker (CASB)
- 1 IdP (Okta, Google or Azure AD will do)
- 1 Trustgrid Software-Defined Networking
- 1 Trustgrid Zero Trust Network Access (ZTNA) Agentless Portal
- 1 Trustgrid EdgeCompute Platform
- 2 Public Cloud Infrastructure Regions
- 3 Private Cloud Data Centers
- 4 SaaS Applications
- 6 Branch Offices
- 500 Employees Working from Home
Step 1: Configure the ZTNA Agentless Portal
Trustgrid’s ZTNA Agentless Portal provides secure, agentless application access to remote workers. Integration of your ZTNA Agentless Portal with your IdP enables work-from-home employees to authenticate into the network overlay and access the applications they need according to corporate security policies.
TIP: Don’t worry about enterprise (non-web) apps just yet. That will come later.
Step 2: Mix in a CASB
CASB will ensure the security of data in your SaaS applications and synchronize security policies. Though SaaS applications may not be the only applications in use, they are usually a blind spot for many organizations and a management hassle for internal IT teams. Securing these early is critical to ensuring that sensitive data is secured both inside and outside of the organization.
Step 3: Deploy Software-Defined Networking with Edge Compute
The software-defined networking instances in your public and private cloud infrastructure, as well as your branch offices, are the critical component to ensure the recipe is successful. SD-WAN not only secures traffic from employees and branch offices, it will enable user access to enterprise apps that are not HTTP/S through the Agentless Portal.
NOTE: Make sure you only use SD-WAN that support edge compute or you won’t be able to deploy and manage security components on the SD-WAN instances. This is critical to completing the SASE recipe!
Step 4: Route traffic to the Secure Web Gateway
The SWG is a critical ingredient that will protect employees from malware and other threats wherever they connect to the internet. Those Trustgrid networking instances from Step 3 come in handy here. Configure edge policy enforcement to inspect traffic at the branch and route known good traffic (YouTube, music streaming, etc) straight to the internet, while suspect traffic is passed through your centralized SWG. This splitting of traffic ensures low latency connection for trusted traffic and minimizes the ingress and egress of the SWG, while ensuring maximum protection.
Step 5: Add Additional Security Components
Having built the foundation of a healthy SASE architecture, additional security components can be added as needed. Firewall , Data Loss Prevent (DLP), DNS filtering, Remote Browser Isolation (RBI) or other security features can be easily added through the now completed networking and edge compute functions. Trustgrid’s EdgeCompute provides the ability to deploy these functions as container-based applications on the network nodes. This creates a software delivery platform with built-in software lifecycle management. As these security functions are added they can now be centrally deployed and maintained through your new interconnected security infrastructure.
Step 6: Serve
A SASE infrastructure made with the Trustgrid platform is served fully managed so you can enjoy the rest of the evening without worrying about patches and outages. Sleep soundly knowing that the automation features of the platform ensure high availability while the security functions are working to bring both cloud and on-premise security under a single management console.
You may already have some of these ingredients and others may need to be procured. But once you assemble your SASE architecture, your guests (customers and employees) will be telling all of their friends about the SASE dish you have served them.