As corporate networks grow, so do security requirements. It is no longer enough to set up security barriers in the central data center. The solution is called SASE.
Instead, organizations must secure all external endpoints in their IT landscape. This includes devices used by employees in the home office, but also workstations in branches or cloud applications. The solution for providing security features where they should be effective - i.e. at the edge - is called SASE (Secure Access Service Edge). SASE combines the functions of a decentralized network with security services from the cloud and is virtually a must for mobile companies. NTT Ltd., a leading IT infrastructure and services company, explains the requirements for a SASE architecture and the advantages it offers.
Network modernization
Convert conventional WAN to SD-WAN: The first step to network modernization is often to convert the classic WAN to an SD (software defined) WAN. The software-controlled infrastructure is the perfect enabler for decentralized networks because it allows companies to become independent of rigid and expensive MPLS networks and to choose the connection that best suits the use case. SD-WAN also allows you to choose the most powerful path at any given time. Remote workers benefit from direct access to cloud services – without having to go through the central company network. A geographically diverse company with data traffic via normal Internet connections and to the cloud requires particularly high network security. SASE is therefore usually mentioned in the same breath as SD-WAN; Finally, the architecture combines Network-as-a-Service components (SD-WAN) and Security-as-a-Service functionalities.
Consolidate security functions
SASE also means a significant simplification of the security landscape. The managed service typically includes all the network security features necessary to meet the dynamic needs of digital businesses. Instead of isolated security applications, SASE integrates all components under its umbrella, providing more comprehensive protection without security gaps. Typical Security-as-a-Service functionalities of the SASE architecture are, for example, the Next-Generation Firewall (NGFW), to prevent the spread of malware and other attacks on the application layer, or Data Loss Prevention (DLP), to Prevent the use of sensitive information such as social security numbers or bank details. Cloud sandboxing, i.e. detecting threats in unknown files in the cloud, and Secure Web Gateway (SWG), advanced protection against malware in Internet traffic, are also part of the tool set.
Strengthen zero trust strategy
SASE is an important building block so that companies can replace implicit trust in network access with a zero trust strategy - at least at the edge. Zero Trust Network Access (ZTNA) replaces the classic remote access solution and is part of the SASE tool kit. In contrast to VPN clients, which trust authenticated users and often grant access to the entire corporate network, the ZTNA network security model works according to a completely different method: it trusts no one - regardless of their location. Denying access to resources to anyone unless they have explicit permission is in line with an overall Zero Trust strategy and significantly improves the security posture.
Gain flexibility: With a SASE architecture, companies gain a lot of flexibility. On the one hand, the IT department can react quickly to business decisions. Be it a new location or a trade fair stand – the expansion of the IT landscape and secure access to data can be implemented very quickly. On the other hand, it is a big advantage that SASE is available as Software as a Service. Service providers specializing in this area also bring know-how for networks, security and monitoring to companies, thus relieving IT teams.
“We used to always look at network and security separately,” explains Sebastian Ganschow, Director of Cybersecurity Solutions at NTT Ltd. “But the security requirements in decentralized IT environments are significantly higher. In a SASE architecture, WAN and security merge, giving companies a high level of protection for the entire network. As a service provider, we support companies in building a resilient security structure through SASE and thus offer protection against dynamic security threats.”
More at NTT
About NTT Ltd
As part of NTT DATA, a $30 billion IT services provider, IT infrastructure and services company NTT Ltd. With its technologies, 65 percent of the Fortune Global 500 and more than 75 percent of the Fortune Global 100. The company is laying the foundation for organizations' edge-to-cloud networking ecosystem, simplifying complex multi-cloud workloads and innovating at the edge the IT environments where network, cloud and applications converge. NTT offers tailored infrastructures and ensures consistent best practices in design and operations across its secure, scalable and adaptable data centers. On the path to a software-defined future, NTT supports its customers with platform-based infrastructure services.