From moats to clouds: How SASE rewired network security for a distributed world

The industry's journey to Secure Access Service Edge (SASE) is rooted in the how networking and security technologies have changed over the past few decades. As businesses have grown and technology has advanced, the need for more integrated and flexible solutions has become apparent.

This article explores how networking and security have evolved to pave the way for SASE:

The traditional network model: The castle and moat

In the 1990s, the traditional network model was akin to a 'castle and moat' approach. Organisations operated from a central location, such as a headquarters or data centre, with all applications and data hosted on-premise. Employees worked within the confines of their office, and security focused on protecting the perimeter with firewalls and other defences. This model had one point of entry and exit, making it relatively easy to secure.

The rise of branch offices and MPLS networks

As businesses expanded, the need for branch offices arose, leading to the development of Multi-Protocol Label Switching (MPLS) networks. MPLS provided reliable, dedicated connections between locations, but it was costly and inflexible. Security architects now had to manage multiple perimeters, increasing complexity and the need for additional firewalls to secure traffic between sites.

The advent of cloud services and remote work

The 2000s and 2010s saw the rise of cloud services and Software as a Service (SaaS) applications. Businesses began to adopt these technologies to improve efficiency and scalability. However, this shift introduced new security challenges, as data and applications were no longer confined to the central data centre. The traditional perimeter-based security model struggled to keep up with the dynamic nature of cloud environments.

The impact of remote work and VPNs

The events of 2020 accelerated the shift to remote work, with businesses rapidly deploying Virtual Private Networks (VPNs) to provide secure access to internal resources. While VPNs offered a temporary solution, they introduced latency and security challenges, as they primarily secured the transit route rather than the data itself. The need for a more robust and flexible security model became evident.

The emergence of SASE

SASE emerged as a response to the limitations of traditional networking and security models. By converging networking and security into a single, cloud-delivered service, SASE addresses the modern needs of most organisations. It combines Secure Service Edge (SSE) and Software-Defined Wide Area Networks (SD-WAN) to provide secure, seamless access to resources, regardless of location or device.

SASE offers a comprehensive security framework, including Zero Trust Network Access (ZTNA), secure web gateways (SWGs), and data loss prevention. It optimises traffic routes, reduces latency, and provides continuous inspection and verification of users and devices. This integrated approach enhances security, flexibility, and cost efficiency, making it an ideal solution for today's dynamic business environment.

In summary, the evolution of networking and security has been driven by the need for more integrated, flexible, and scalable solutions. SASE represents the culmination of these advancements, offering a forward-thinking approach to cybersecurity that meets the demands of the modern digital landscape. As organisations continue to navigate the complexities of the digital world, SASE provides a path to enhanced security and operational efficiency.