What is SASE?

SASE is a cloud-delivered service that converges network edge and security functions with WAN capabilities to support dynamic, secure access needs of today’s hybrid organizations. This allows users, regardless of location, take advantage of firewall as a service (FWaaS), secure web gateway (SWG), zero trust network access (ZTNA), cloud access security broker (CASB), digital loss prevention (DLP), software-defined wide area network (SD-WAN) and a unified management platform.

SASE Benefits

• Flexible, consistent security
• Reduced total cost of ownership
• Reduced complexity and improved agility
• Optimized performance
• Simplified management
• Global availability
• Automatic updating and maintenance

Branch Security

Branch security typically refers to a firewall (physical or virtual) that resides at the edge of the branch network. Edge firewalls provide various functions such as Next-Gen Firewall (NGFW) functions, Intrusion Prevention Systems (IPS), Anti-Malware and Unified Threat Management (UTM). Edge firewalls are also frequently enabled to provide localized VPN access to the network.

Another way to provide security to the branch network is through SIA (Secure Internet Access), which is delivered through a cloud-based Secure Web Gateway or SWG. Most often an SD-WAN appliance or other router lives at the edge of the network and provides routing and stateful firewall functions. A VPN tunnel from the branch router to the SWG is built to create a secure connection to the cloud-based security services. In addition, can be supplied with at PC/MAC or mobile application that eliminates the need for a VPN tunnel. Each user has their own tunnel to the cloud services and Zero Trust Network Access (ZTNA) can be applied when combining with remote access solutions.

Cloud Security

Cloud security has more than one meaning. The first is in reference to security functions that protect cloud resources in places like AWS, Azure or other private clouds. These can include functions like NGFW, DLP, CASB and WAF that are designed to provide access controls and security for applications that live in the cloud.

The second meaning is for what some call Firewall as a service (FWaaS) where a virtual firewall is placed into a the cloud. These are typically provided by a managed services provider who then ties branch locations to the firewall with VPN tunnels over DIA circuits. The FWaaS can also double as a VPN concentrator to allow secure remote access for users that need into the network.

Lastly, the new SASE security framework provides a full security stack in the cloud that includes FWaaS, DLP, CASB and more. SASE solutions typically provide multiple managed Points of Presence (PoP) locations that automatically route users to their closest location. SASE is more scalable that traditional FWaaS because it is cloud-native and therefore increase capacity is a matter of allocating resources and licenses rather than a complete rebuild of the virtual firewall environment.

Benefits of Next-gen security

• Advanced and feature rich security
• Flexible deployment options
• Mobile friendly
• Frequently unified management
• Automatic updates
• User level access controls
• Zero Trust enabled

Remote Access, sometimes called Work from Home (WFH) or Work from Anywhere (WFA) refers to a collection of technologies that allow workers to remotely access company resources in a safe and secure manner. These technologies can be hardware or software base and have a variety of deployment models.

VPN – Virtual Private Network – is a widely adopted technology designed to allow remote users access to a network. VPNs are relatively easy to deploy and provide whole network access to users. The down side is that once on the network a user has access to everything with very little oversight. VPNs are not as scalable as SASE or SSE based solutions as they rely on physical hardware that has finite limitations.

SSE – Secure Service Edge – is a component in the larger Secure Access Service Edge (SASE). SSE as a collection of integrated, cloud-centric security capabilities that includes Zero Trust Network Access (ZTNA), Cloud Access Security Broker (CASB), Firewall as-a-service (FWaaS), and Secure Web Gateway (SWG). The goal of SSE is securing access to all web and cloud services as well as locally hosted applications.

ZTNA – Zero Trust Network Access – is another component of the SASE architecture that is focused on provided secure access to internal applications for remote users. It operates on an adaptive trust model, where trust is never implicit, and access is granted on a need-to-know, least-privileged basis defined by granular policies. Unlike VPN, ZTNA gives remote users secure connectivity to private apps without placing them on the network or exposing the apps to the internet.

What is SIA?

SIA is a general term that refers to technologies that allow users to securely access internet resources such as SaaS and web regardless of location. Typically, SIA is handled through a software client on a users PC/Mac or mobile device which connects to a secure web gateway (SWG). The SWG provides a single unified management platform for URL filtering and web access policies that applies to users in all areas of the network.

SIA/SWG Benefits

• Automatic security updates
• Consistent policy enforcement, regardless of location
• Comprehensive single security stack
• Sandboxing potential threats
• Improved user experience
• Broad operating system support

Benefits of DRaaS

• Faster time to deployment. MSPs will provide the right hardware and accelerate deployment of the solution
• Lower TCO compared to building your own DR. Companies will typically pay monthly service charges based on amount of data and applications vs a large capital expenditure up front.
• Turn-key. DRaaS delivered through an MSP are near turn-key and simplify adoption. MSPs provide specialized experts and ensure best practices.
• Reduced data loss. Data Backup and Backup-as-a-Service (BUaaS/BaaS) provides a continuous stream of recovery points to reduce data loss during catastrophic or even minor event. BaaS typically connects systems to private, public or hybrid cloud which is managed by a third party.
• A staggering 60% of companies that lose critical data shut down within 6 months of the loss. Data loss is often a major concern for software-as-a-service (SaaS) customers because SaaS vendors’ backup policies cannot guarantee a complete and speedy restore of lost data. Data can be put in jeopardy by user error, hacking, sync issues, or malicious insiders.
• Data loss, and the worry that surrounds it, can be easily avoided by pairing SaaS applications with a complete BaaS backup and recovery solution.

Benefits of BaaS

• Convenience. The convenience offered by BaaS solutions is indisputable. BaaS is automated — once it’s set up, information is saved automatically as it streams in. You don’t have to proactively save, label, and track information. Rather, the convenience of BaaS allows you to concentrate on your work without worrying about data loss.
• Safety. Because your data is stored in the BaaS, you are not subject to the typical threats of hackers, natural disasters, and user error. In fact, data that is stored in the BaaS is encrypted, which minimizes the risks your data can incur.
• Ease of recovery. Due to multiple levels of redundancy, if data is lost or deleted (most frequently through individual user error or deletion), backups are available and easily located. Multiple levels of redundancy means that your BaaS stores multiple copies of your data in locations independent of each other. The more levels you have stored the better, because each level ensures that your data is safeguarded against loss as much as possible, allowing you to access a backed-up version of your data if it ever gets lost.
• Affordability. BaaS can be less expensive than the cost of tape drives, servers, or other hardware and software elements necessary to perform backup; the media on which the backups are stored; the transportation of media to a remote location for safekeeping; and the IT labor required to manage and troubleshoot backup systems.