The digital transformation is pushing applications to the cloud, the 2020-2022 pandemic shifted employees to work from home, and the number of resulting new use cases is sending IT leaders scrambling for answers. The number of solutions IT departments have had to adopt to ensure their network's performance and security has continuously grown for over a decade.
The recent trends have greatly accelerated this process. When looking into ways to help mitigate this complexity, one of the leading conclusions is that enterprises should find ways to consolidate their separate, stand-alone, products into a unified solution which can be more easily managed and maintained, and which can provide them with a consistent and a holistic view of all traffic in their network.
Gartner has gone a step further and designed a framework that facilitates this, which they named the Secure Access Service Edge (SASE). SASE is, in essence, an architecture that converges networking and security capabilities into a single solution and goes a long way in reducing network complexity.
Before we talk about the networking and security services that SASE converges, let's first look at the entities and traffic flows they need to serve.
The journey starts at any of the enterprise's endpoints which need to access any of the enterprise's assets or external resources. The origin endpoints are typically users who can connect from any of the enterprise's physical locations or remotely. Physical locations are typically enterprise headquarters or branch offices, which connect between themselves or to other enterprise locations such as physical or cloud-based datacenters. Enterprises typically use an MPLS and/or SD-WAN product to connect their physical locations:
Traditional MPLS VPN Network
Mobile & Remote users will use a remote access solution to connect to their networks. Cloud-based services such as AWS, Azure will require virtual connectors, or other secure tunnel solutions to connect to the enterprise network and remote offices use a private managed MPLS service to connect to the headquaters.
As we can see, a modern digital enterprise needs to connect various types of endpoints that are spread across multiple locations.
So how is it possible to converge network and security services for such a dispersed network topology?
The only real option, as Gartner stated, is to use a cloud service to which all network endpoints can connect and which is capable of delivering all required services. This is precisely what Cato's SASE Cloud platform offers:
SASE Architecture Example
Each endpoint connects to the nearest Cato Point-of-Presense (PoP). All traffic sent from the endpoint is processed by the PoP's full software stack that provides all networking and security services.
Want to see it in action? Sign up for a trial by clicking here.
The convergence takes place deep inside the PoP, within the Single Pass Cloud Engine (SPACE). SPACE ensures all services are applied with a single, unified, context which provides them with a holistic view, enabling a better-informed decision process. While its implementation takes place "under the hood", convergence, much like justice, must be seen to be done. A solution that doesn't look converged, is probably not.
Another major benefit of the Cato converged SASE network is the reduction of jitter and packet loss, already covered in a previous article using a real scenario.
- Complete Guide to SD-WAN. Technology Benefits, SD-WAN Security, Management, Mobility, VPNs, Architecture and more
- How To Secure Your SD-WAN. Comparing DIY, Managed SD-WAN and SD-WAN Cloud Services
- SASE and VPNs: Reconsidering your Mobile Remote Access and Site-to-Site VPN strategy
- Converged SASE Backbone – How Leading SASE Provider, Cato Networks, Reduced Jitter/Latency and Packet Loss by a Factor of 13!
- Key Features of a True Cloud-Native SASE Service. Setting the Right Expectations
- Security Service Edge (SSE) Limitations. Protecting all Traffic, Users, Apps, and Services with 360-degree SSE
What Does a Convergence Network & Security SASE Platform Look Like?