• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

TechLila

Bleeding Edge, Always

  • Home
  • About
  • Contact
  • Deals and Offers
Techlila Logo
Share
Tweet
Share
Pin
1 Shares
Up Next

What is Adware?

WAN Security

TechLila Security

SASE and The Evolution of WAN Security

Avatar of John Hannah John Hannah
Last updated on: June 16, 2020

Businesses are constantly evolving, and their technology needs to evolve with them. As a result of digital transformation initiatives and the need to support expanding customer bases, most organizations have traded in the corporate local area network (LAN), consisting of servers and workstations connected directly to the enterprise network, for a global wide area network (WAN) that includes multiple sites’ LANs, an expanding remote workforce, and growing cloud infrastructure.

Over time, the ways that organizations use their WANs has changed dramatically. With these changes come new solutions for optimizing the performance and security of these sprawling networks. As telework becomes more widespread, legacy WAN security solutions, such as virtual private networks (VPNs), are incapable of providing the level of performance and security that companies require.

Secure access service edge (SASE) represents the latest stage in the evolution of the corporate WAN. An understanding of what is SASE and how it improves upon previous WAN security solutions is essential as organizations explore options for correcting the deficiencies of legacy VPN-based infrastructure.

The Legacy Virtual Private Network

VPNs are the most common and widely accepted solution for implementing a secure WAN. VPNs enable secure point-to-point connectivity by creating an encrypted tunnel between a VPN endpoint and a VPN client or another endpoint. This enables organizations to securely link the local area networks (LANs) of multiple sites or connect a remote worker to the corporate network.

While VPNs are the most common solution for creating a WAN, they are not an ideal one. The point-to-point nature of VPN connections means that the complexity of a VPN network grows exponentially with the number of sites.

Additionally, VPNs provide only limited security guarantees to the organization. They are designed to provide a user experience similar to that of being directly connected to the network where the VPN endpoint is located. If the organization has not implemented internal network security, such as network segmentation or zero-trust security, a malicious insider or compromised endpoint connected to an enterprise network via VPN can provide complete access to the enterprise network.

Improving Security with Zero-Trust Network Access

In the past, many organizations have relied upon a perimeter-based security model. Under this model, anything within the network perimeter is considered “trusted” while anything outside the perimeter is “untrusted”.

VPNs are designed to enable organizations to continue applying this model despite the fact that “trusted” teleworkers operate outside of the network perimeter. However, the growing popularity of the zero-trust security model has prompted the growth of new WAN security solutions.

Zero-trust network access (ZTNA) and software defined perimeters (SDPs) are two names for the next stage in the evolution of WAN security. Rather than applying security controls at the network perimeter, ZTNA and SDP are designed to enforce security at the application level.

Through the use of micro-segmentation, ZTNA provides external users with access to a particular application rather than access to the network as a whole. This enables an organization to enforce least privilege, where users only require the access to the applications that they require to perform job roles and have the minimum possible permissions for these applications. This application-focused approach to security also allows ZTNA to collect much more granular information about users than VPNs, enabling more targeted threat detection and response.

Additionally, ZTNA uses an “inside out” access model, where internal IP addresses are not publicly exposed. Unlike VPNs, which expose VPN endpoints as potential targets of attack, ZTNA does not broadcast any information outside of the network. This enables them to limit the information available about an organization’s network infrastructure and the applications that it contains to (potentially malicious) external users.

Despite its many advantages over VPNs, ZTNA is not a perfect solution. ZTNA is designed primarily as a security solution and does not address networking concerns, such as scalability and performance. As a result, ZTNA must be combined with other solutions to implement a functional and secure WAN.

Integrating Networking and Security with Secure Access Service Edge

SASE is designed to address the limitations of both VPNs and ZTNA. It provides full networking and security integration in a solution capable of scaling to meet the needs of the business. The concept of networking and security integration is not a new one. Secure software-defined networking (SD-WAN) solutions are appliances designed to provide both optimal routing of network traffic over multiple transport media and an integrated security stack including solutions such as a next-generation firewall (NGFW) and secure web gateway (SWG). Despite these advantages, SD-WAN is limited by the fact that it is often reliant upon physical appliances.

SASE solves this issue by hosting secure SD-WAN solutions natively in the cloud. By defining cloud-based SASE points of presence (PoPs) and connecting them with dedicated, high performance network links, SASE provides the reliability, scalability, and performance guarantees required by the modern business. Since each PoP contains integrated network routing and security functionality, SASE moves security to the network edge, minimizing the latency and performance impacts associated with providing full visibility and security inspection of all of an organization’s WAN traffic.

Building Security for the Modern Business

As businesses grow and evolve, their network requirements change as well. Over time, legacy solutions for implementing secure WANs have proven incapable of meeting business needs. The state of the art in WAN security is constantly evolving, and, according to Gartner, “the future of network security is in the cloud”.

Share
Tweet
Share
Pin
1 Shares

Disclosure: Content published on TechLila is reader-supported. We may receive a commission for purchases made through our affiliate links at no extra cost to you. Read our Disclaimer page to know more about our funding, editorial policies, and ways to support us.

Sharing is Caring

Share
Tweet
Share
Pin
1 Shares
Avatar of John Hannah

John Hannah

    John Hannah is a part-time blogger. He likes to travel a lot.

    Category

    • Security

    Reader Interactions

    No Comments Logo

    Leave a comment

    Have something to say about this article? Add your comment and start the discussion.

    Add Your Comment Cancel reply

    Your email address will not be published. Required fields are marked *

    Primary Sidebar

    Popular

    How to Increase Broadband Speed on Windows

    10 Best Android Launchers of 2023

    Things to Do After Installing Windows 10 – Windows 10 Tips and Tricks

    Top 10 Search Engines You Can Use to Search the Web Privately

    55 Interesting Computer Facts That Will Blow Your Mind

    What to Look for When Buying a Laptop – A Laptop Buying Guide

    Fusion Drive Vs SSD – Things Nobody Tells you About Fusion vs SSD Storage

    Useful Tools

    • Grammarly – Free Grammar Checker
    • SEMrush – The Best SEO Tool Trusted by Experts
    • Setapp – One-stop subscription for Mac and iOS

    Trending Topics

    • Android
    • Internet
    • iPhone
    • Linux
    • Macintosh
    • Press Releases
    • Security
    • Social Media
    • Technology
    • Windows

    Worth Checking

    10 Best Sound Equalizers for Windows 10 (2023 Edition!)

    14 Best VLC Skins that are Highly Recommended and Free

    Footer Logo Footer Text Logo

    Footer

    About

    Hello and welcome to TechLila, the famous technology blog where you can find resourceful articles for mastering the basics and beyond.

    At TechLila, our main goal is to provide unique information, such as quality tips and tricks, tutorials, how-to guides on Windows, Macintosh, Linux, Android, iPhone, Security and a few miscellaneous sub-topics such as reviews.

    Links

    • About
    • Contact Us
    • Disclaimer
    • Privacy Policy
    • Terms

    Follow

    Custom Theme Using Genesis Framework

    Cloud hosting by Cloudways

    Language

    © Copyright  2012–2023 TechLila. All Rights Reserved.