SASE architecture, a network concept for cloud and mobility

The SASE (Secure Access Service Edge) architecture is an alternative to the traditional security approaches developed around the Data Center. SASE combines network elements and security solutions to simplify access and provide protection to the entire organization: data center, subsidiaries, mobile users, etc. Datanet Systems provides Cisco services and products which enables you to build an efficient SASE architecture that offers flexibility for future developments.

SASE is a new concept in the development of network architectures that was quickly adopted. As defined by Gartner in 2019, SASE is a network architecture that integrates the capabilities of Software-Defined Wide-Area Networking (SD-WAN) solutions with the security features delivered as-a-Service, from the Cloud. The main functionalities provided by security solutions are:

  • Secure Web Gateway (SWG);
  • Cloud Access Security Broker (CASB);
  • Zero Trust Network Access (ZTNA);
  • Securing remote access.

SASE architecture, the origin of the concept

 

The SASE model emerged in response to the limitations of conventional network and security architectures, which fail to keep pace with changing work model and the adoption of mobility and cloud services within organizations.

Traditional architectures, such as the “Hub-and-Spoke” type, through which all Internet connections are routed to a central Data Center, presents a number of known limitations:

  • are dependent on physical infrastructures and manual processes;
  • creates performance issues at the level of end-users, located at the “edge” of the network;
  • favors the proliferation of solution silos;
  • encounters difficulties to be automated;
  • limits the agility and capacity of organizations to expand their networks.

Due to these limitations, 79% of companies now adopt direct Internet access (DIA) in subsidiaries, branches, and offices. Also, 76% of them are looking for Cloud-based security solutions that can be flexibly adapted to the new connectivity and access requirements.

The SASE architecture acts as a response to these challenges, integrating native Cloud security applications across SD-WAN solutions, the efficiency of the SASE model being confirmed by the evolution of market demand. According to Gartner estimations,

in 2024 over 30% of companies will adopt native cloud solutions such as SWG, CASB, and ZTNA from the same vendor – which represents six times more than in 2020. And in 2025, at least 60% of organizations will have explicit strategies and deadlines for adopting the SASE architecture model.

The advantage of working with a single supplier

 

In order to achieve the best results from the SASE network architecture model implementation, Gartner recommends organizations to select a single vendor that offers a broad set of Cloud-based security solutions and a flexible high-performance SD-WAN solution. Cisco meets all these conditions, with its portfolio of solutions positioning it as a leader in the SASE solutions market.

The Cisco SD-WAN  solution is currently used by over 30,000 companies and, according to IDC analyzes, provides:

  • Reduction of connectivity costs (by 65%);
  • Increased bandwidth (2.25 times);
  • Reduction of applications latency (by 45%);
  • Decreased operational costs with network management (by 38%);
  • Reduction of unplanned downtime risks (by 94%).

For more details on Cisco SD-WAN solution benefits, reported by users, you can download the IDC study.

 

Recommended solutions in SASE architecture

 

A second Cisco’s own competitive advantage is that the security portfolio covers a full range of SASE network architectures requirements, through the following solutions:

  • Cisco Umbrella – Used by over 22,000 companies to protect users, applications, and data, Umbrella unifies SWG, CASB, and firewall functionality into a single Cloud service. The solution uses DNS-level security technologies to block malware and ransomware threats, phishing attempts, and botnet attacks before they establish a connection to organizations’ infrastructures and end-user equipment.
  • Cisco Secure Access (Duo) – The multifactor authentication solution covers the ZTNA requirements of SASE security architectures. Secure Access offers various authentication methods, ensures full visibility of end-user terminals, simplifies security policies, remote access (with or without VPN), and provides Single Sign-On (SSO) functionality for any application.
  • Cisco AnyConnect – The remote access solution is delivered as an agent on terminal equipment and simplifies end-user access to resources and applications in corporate infrastructures, but also to the Internet. For IT administrators, AnyConnect extends visibility on users accessing the network, automatically checks the devices’ security status, and facilitates a centralized application of security policies.
  • Cisco ThousandEyes – Cisco’s recently acquired monitoring solution provides extended end-to-end and application-level visibility and delivers actionable information on issues that can lead to performance failures. ThousandEyes helps to quickly detect events and their causes, increases the reaction speed of companies in resolving incidents, and allows compliance in regard to the parameters of availability and quality of connections, applications, and services.

 

Integration is the key condition

 

The SASE network architecture implementation is a multi-step journey. To facilitate this, Cisco recently launched an option that enables organizations to purchase the core components and to move, in the future, to a unified subscription-based service.

However, the acquisition represents the first necessary step, which does not automatically ensure the return on investment. The value of the SASE network architecture is not given by the sum of the benefits delivered separately by each component, but by their integration in a unitary model, able to act coherently. Without integration, the end result is a conglomeration of applications, which, even if they come from the same vendor, cannot ensure the promised levels of efficiency and security.

Datanet Systems can help you build a SASE network architecture with a coherent integration of the components, which will enable you to achieve:

  • Simplification of network management and security solutions;
  • Increasing the security of access and efficiency of delivered applications and services;
  • Improving the protection and experience of end users;
  • Higher levels of scalability and flexibility;
  • Return on the investments you have made, whether it is on-premises or in the Cloud solutions.

As the main Cisco partner in Romania, we have experience in implementing complex security and infrastructure projects and multi-vendor system integrator skills. For more technical and commercial information on SASE network architecture, Cisco solutions – SD-WAN, Umbrella, Secure Access (Duo), AnyConnect and ThousandEyes – as well as Datanet Systems services, please contact us at sales@datanets.ro.