SASE What is network security required in the age of cloud usage
While work styles such as telework are diversifying, companies are suffering from increasing data communication capacity and network complexity. Under these circumstances, an increasing number of companies are introducing cloud services that can be easily used, but there are differences from the conventional on-premises center such as storing data outside the company, so appropriate security must be introduced. Hmm.
In this blog, we will introduce SASE, which is the best security tool for using the cloud.
What is SASE?
SASE (Secure Access Service Edge) said in August 2019 that a different approach is required to ensure security against the background of changes in network and data management brought about by the increase in cloud usage in enterprises. This is the latest security concept advocated by Gartner. Networks such as SD-WAN to improve user convenience while building on the idea of zero trust = “only authorized users and devices can access data”, which has been attracting attention for the past few years. By fusing functions with security functions such as CASB (Cloud Access Security Broker) and SWG (Secure Web Gateway), we provide a network that connects to the core cloud and its security.
Why SASE is attracting attention
In the past, corporate network operations have generally been a method of consolidating information in an in-house data center. However, in recent years, the introduction of telework and the business utilization of easy-to-carry devices such as smartphones and tablets have created situations that cannot be handled by conventional in-house networks.
Therefore, the use of the cloud, which allows employees to connect from various devices via the Internet wherever they are, has progressed, but since the cloud has a server outside the company, a lot of data and devices that access it will be placed outside the company. As a result, there was a security issue that data cannot be protected by the conventional boundary defense that says, “There is a threat on the outside of the company, but the inside is safe, so you should protect the boundary.”
The reason why SASE is attracting attention in this situation is that it can solve the problems of cloud operation by considering all networks and security as cloud services and providing functions to devices.
Components of SASE
SASE is a general term for services that integrate the following network functions and security functions. Here, we will introduce the typical mechanisms that make up SASE.
It is a function to build a virtual network on top of a physical network and monitor and control communication. By using SD-WAN, communication optimization is realized by using Internet VPN for communication that does not require such high reliability, and closed VPN when avoiding communication delay such as video conference.
CASB (Cloud Access Security Broker)
It is a function to set a single control point between the user (company) and the cloud and visualize the usage status of the cloud. By passing through CASB instead of using the cloud directly, it is possible to ensure a consistent security policy even when using multiple cloud services, and employees can freely use cloud services that the company does not have a contract with. You can prevent the risk caused by the “shadow IT” you use.
It is a function that provides a firewall on the cloud to prevent cyber attacks and prevents threats from invading the network. Whereas traditional on-premises firewalls protect your company’s internal network, cloud firewalls deploy firewalls on the cloud to allow only authorized users to access data.
SWG (Secure Web Gateway)
It is a function that applies filtering through the corporate security policy to the communication on the Web, prevents the invasion of threats such as viruses, and makes a secure connection to the outside.
Benefits of introducing SASE
Here are some typical effects that can be obtained by introducing SASE.
Realization of a hybrid work style
By introducing SASE and migrating the corporate network to a secure cloud connection center, employees can securely access corporate data and systems wherever they are. Eliminate the binding of “things”. This not only avoids the outbreak of Korona-ka = increased risk of infection, but also frees employees from stress sources such as crowded trains and long commute times, providing employees with the opportunity to lead a healthier life. ..
On the other hand, there are times when you want to concentrate on your work in the office, so in order to realize a hybrid work style that combines such commuting and telework, SASE that can flexibly set the network and security policy is indispensable.
On-premises VPN, which was the mainstream in the past, required expensive equipment, but SASE connects to the cloud via the Internet, eliminating the need to lay a dedicated VPN line and saving line and construction work costs. ..
Furthermore, the response to the increased communication volume due to telework etc. can be completed simply by changing the contracted capacity option, and there is no need for work to scale up the communication capacity as when using a VPN. Not only the cost of network security itself, but also the time required to change the communication environment can be reduced.
The introduction of the cloud has created a business environment in which corporate systems and data can be accessed from various devices. However, accessing internal data from a variety of devices also creates the need to ensure the security of each device, which complicates the work of the information system department.
In this respect, SASE can centrally assign security policies to all devices, providing secure access to the Internet and internal data without increasing the workload related to the system. In addition, since the zero trust function, which is based on authentication each time, authenticates all devices and users, suspicious access can be eliminated.