Surendra Nemani
Head - Security Engineering,
Cyber security Technology, Information Security Group (ISG)
Infosys 

Factors driving SASE adoption in India and globally
Secure Access Service Edge (SASE) refers to a core framework suggested by Gartner, it is a paradigm shift to enable workforce to securely access Internet, Corporate Internal Applications, Internet based applications, Cloud services, and Corporate Resources in a seamless manner, by shifting connectivity infrastructure and security services from legacy on-prem/perimeter devices with performance limitations within conventional data center architecture to cloud delivered, fast, secure, reliable, scalable access architecture that allows unified access while ensuring security and following ‘Zero Trust’ policy-based model that explicitly verifies based on user identity & other contextual aspects.

SASE framework will help organizations embrace Cloud and Mobility by combining comprehensive ‘Network’ and ‘Security’ services to support the secure digital transformation, and dynamic secure access needs of organizations by connecting people and devices to services in any location, from a common cloud-delivered architecture and framework. 

There are various factors driving SASE adoption globally – Digital workforce, Data proliferation, Cloud computing, Dynamic threat landscape, Sophistication in cyber-attacks, Work from home, BYOD, need to improve User experience of Hybrid workforce, Eliminating redundant vendors and point products, and finally Reduced complexity, Operations & Costs.

Components of the SASE model
SASE represents the convergence of ‘networking as a service’ and ‘security as a service’ within a single unified cloud fabric to match the requirements of the modern digital enterprise. SASE Cloud Infrastructure model can be divided into two high level components – a. Security Service Edge (SSE) and b. WAN Service Edge (WSE). 

The need for SASE
Today’s technology landscape is dynamic and security threats will take new forms. Security solutions will also continue to evolve to curb such risks. SASE is one such emerging offering combining SSE and WSE capabilities to support the dynamic secure access needs of digital enterprises with a high-performance experience for all users.

With users, services, applications, and endpoint devices existing virtually everywhere, organizations need to ensure a productive, reliable, and seamless user experience while keeping data safe and preventing threats, with cloud-based enterprise security framework. By removing multiple point products and adopting a single cloud-delivered SASE solution, organizations can reduce complexity while saving significant technical, human, and financial resources.

SASE architecture identifies users and devices, applies policy-based security, and delivers secure access to the appropriate application or data or corporate resources through Zero trust access principles. This approach allows organizations to apply secure access no matter where their users, applications or devices are located. SASE will enable - Secure Digital Transformation, Zero Trust Access, Strengthens Security, Address New Business Scenarios, Increase Effectiveness of IT and Security Staff, and Reduce Complexity & Costs, by combining complete suite of both network and security services in a single, unified, secure access service edge.

SSE
Not every vendor is able to deliver the idealized SASE vision, so Gartner introduced SSE bundle option as companies/industry preferred to implement few focused technologies like SWG/Cloud proxy, DLP, CASB and ZTNA as per their need. In 2021, Gartner introduced a new term - Security Service edge (SSE), an emerging cybersecurity concept. SSE is a subset or portion of Gartner’s SASE eliminating the SD-WAN component, focusing on consolidation and delivery of security services, capabilities, and functions through cloud centric architecture. While other subset - WAN Service Edge (WSE) essentially focuses on SD-WAN, network connectivity and infrastructure including network bandwidth control, acceleration, and WAN optimization aspects.

SSE platform provides comprehensive security by integrating various key security functions in Cloud fabric like Zero Trust Access control, Security Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Leakage Prevention (DLP), Zero Trust Network Access (ZTNA) – VPN/VPN Less, Advanced Threat Protection (ATP), Remote Browser Isolation(RBI), Firewall as Service(FWaaS), Unified Security Monitoring, Acceptable-use control enforcements using zero trust principles.. Etc, with unified approach to enhance security through a cloud native scalable architecture and as close to the end user and device as possible.

SSE will provide centralized visibility and control, Identity based authentication, Continuous threat assessment and trust validation, Data leakage and Threat prevention controls, Granular uniform security with ZTNA policies, and contextual visibility of identity, users, devices connecting to internet or applications, to ensure their behaviors and actions are not harmful to the organization. In short, SSE will safeguard organizations by adopting a single, cloud-delivered security platform that boasts a variety of integrated technologies and provides them at the edge—for any user anywhere, by eliminating legacy security architectures and eliminate point security products.

SSE model benefiting businesses
SSE provides: a suite of controls that can shield a remote workforce from malicious activities through the deployment of a zero-trust model governing access control and monitoring, browser and cloud services security, supply chain attacks prevention, continuous trust validation and data protection. Etc.

• SSE SWG (Secure Web Gateway) helps organizations to control access to web, cloud and non-web applications and enforce security policies that protect all ports, protocols, and applications combined with DNS security and FWaaS service.
• SSE CASB (Cloud Access Security Broker) helps you understand which SaaS apps are being used and where sensitive data is going, no matter where users are located and connect employees to SaaS applications like Office 365, GSuite and Salesforce.
• SSE ZTNA (Zero-trust network access) connects employees to private corporate applications that run in on-prem data centers or in the cloud and will phase-out legacy VPNs in favor of ZTNA
• SSE DLP (Data Leakage Prevention) accurately and consistently identify, monitor, and protect sensitive data everywhere - across networks, clouds, and users.
• SSE ATP (Advanced Threat Protection) prevents exploits and malware by using the latest threat intelligence as well as advanced ML and AI capabilities to protect employees, devices, and data, along with additional security functions like UEBA, Sandboxing. Etc

SSE reduces IT costs and complexity, provides distributed offering that supports multi-tenancy, enables business to scale globally and dynamically based on demand, can deliver a great user experience by providing optimal bandwidth with the lowest latency path, ultimately reduces risk, attack surface and improve operational resiliency by connecting users to applications based on true zero trust network access (ZTNA). Additionally, SSE will hide the corporate network and source identities from the internet to prevent adversaries targeting you with attacks such as DDoS.