作者:服务提供商SD-WAN/SASE产品营销主管Nav Chander。
自全球COVID-19大流行的早期以来,Enterprise IT员工一直在努力使企业网络与业务不断变化的需求保持同步,因为大多数应用程序资源将不再为集中式团体服务。这意味着更新云,网络和安全基础架构以适应混合工作的新现实。为了实现这些目标,企业IT团队重新验证了从字母S:SD-WAN,SASE和现在的安全服务Edge(SSE)开始的技术支柱,以支持这些云优先的数字转换企业的需求。
SD-WAN的老年“ S”技术支柱是2015年出现的,是一种破坏性的网络技术,以增强企业的能力来现代化WAN。随着时间的推移,高级SD-WAN平台,包括Aruba EdgeConnect Enterprise出现,以进一步降低网络复杂性,提高应用程序性能,并在用户和应用程序之间启用更有效的连接性,无论这些应用程序都位于云还是数据中心。雷竞技电脑网站
However, as cloud and multi-cloud grew in prominence, enterprise IT teams needed a new way of thinking about network security. And according to Gartner®, the term Secure Access Service Edge (SASE) means “SASE combines network security functions (such as Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), firewall-as-a-service (FWaaS) and Zero Trust Network Access (ZTNA), with WAN capabilities (i.e., SDWAN) to support the dynamic secure access needs of organizations.(1)” This framework defines the convergence of WAN and network security functions into a single, cloud-delivered model that better supports digital transformation initiatives beyond legacy models.
The third and youngest “S” pillar is SSE, which Gartner mentioned in February 2022 within theMagic Quadrant™ for Security Service Edge (2)定义为“一组安全服务,可以成功地进行SASE体系结构,在不降低用户体验的情况下将人员和数据保护在云中。(2)” Aruba在SASE中将SSE视为统一所有安全服务(包括SWG,CASB和ZTNA)的关键,以更好地保护对Web,Cloud Services和私人应用程序的访问。SSE功能既可以提供数据保护和威胁保护,如图1所示。
Aruba
图1. Sase支柱
在此框架内,这是否意味着企业组织可以简单地接受SASE以实现其数字化转型的全面安全和网络框架?
Unfortunately, it’s not that simple. In reality, enterprise IT executives are tasked with providing secure network-layer connectivity across ALL devices and locations with all the requisite and relevant business applications. To get there, executives must first ask two questions:
- 一个安全访问对应用程序的安全访问如何分布在多个云,数据中心和软件服务应用程序中?雷竞技电脑网站
- 如何确保无法运行端点代理的越来越多的物联网设备?
In response to question one, SSE functionality delivered by cloud security vendors such as Zscaler, Netskope, and Check Point with the API or service orchestration integrations with SD-WAN platforms like EdgeConnect, fulfills this need. It can provide the secure connectivity of applications, including across cloud providers, data centers, and branch sites.
However, for the second question, the prevailing SASE framework falls short. For many deployed IoT devices, it is either impractical or impossible to run an SSE ZTNA agent on the device. This is despite the fact IoT devices are often major points of vulnerability. For enterprise organizations, which often deploy hundreds if not thousands of IoT devices per location from many different vendors, eventually one of those devices is going to suffer a security breach.
To remedy the IoT vulnerability, enterprises need advanced SD-WAN. IT can leverage identity-based role access control solutions, such as Aruba ClearPass or the recently announcedAruba Central Netconductor,which offers micro-segmentation and security policies that extend across Aruba’s entire product stack, including the ability to automatically segment user and IoT traffic integrated with an advanced SD-WAN.
简而言之,SSE解决方案和高级SD-WAN平台可以解决安全访问和物联网连接的双重安全和网络要求,从而完成为所有设备和位置提供所需的SASE框架。
Multi-Vendor or Single Vendor SASE?
通过确定整个组织的安全连接性的路线图,高管必须决定部署SASE的多供货或单供应商平台。
As a starting point, the Gartner report“如何使SD-WAN项目与SASE计划(3)保持一致,”offers the following recommendations:
- “选择单供应商SASE解决方案是由于缺乏提供最佳品种的解决方案而挑战的,对于许多Sase功能领域的许多企业,对于许多企业而言,甚至不良好的功能。(3)”
- “After assessing which SD-WAN providers are best-suited for the organization, assess available options for SSE that can integrate operationally with the preferred SD-WAN. In particular, assess the level of console and API integration.(3)”
For enterprises, the choice is clear: A multivendor best-of-breed SSE and best-of-breed SD-WAN provides the flexibility to choose the best technologies available for SASE migration that is based on business requirements, not convenience.
采取收购环境。企业可能正在购买另一个不方便地采用不同云安全供应商解决方案的组织。他们必须问的下一个问题是,收购公司将如何将现有的SD-WAN平台与两个不同的安全供应商解决方案集成在一起?进一步,流行的SD-WAN平台是否支持API,服务编排和自动化,以使SD-WAN和Cloud Security同时更平稳地集成?
If the answer is no, expect a more cumbersome and expensive integration. Fortunately, for those with advanced SD-WAN capabilities, such asAruba EdgeConnect Enterprise, this best-of-breed SD-WAN platform can be integrated with the leading network cloud security vendors, including Zscaler, Netskope, Check Point, McAfee, iBoss, Palo Alto Networks Prisma Access, and more. This platform enables enterprises to configure, deploy, and develop a SASE framework with the flexibility of cloud-delivered security options without compromising on best-of-breed technologies. This more robust approach for SASE will help reduce the risk associated with depending on a single technology vendor to supply all the necessary components while enabling a secure cloud-first digital transformation.
有关技术的“ S”支柱的更多信息:Sase,SD-Wan和SSE,请查看播客“ Sase不是革命性的,它是进化的”.
Related Resources:
1 - Gartner,SASE将在任何地方改善您的分布式安全性- 理查德·巴特利(Richard Bartley),2020年12月8日
2 - Gartner,安全服务边缘的魔术象限,于2022年2月15日出版-ID G00757036,由John Watts,Craig Lawson,Charlie Winckless,Aaron McQuaid
3 - Gartner,How to Align SD-WAN Projects With SASE Initiatives, Published 18 April 2022 - ID G00767529, By Bjarne Munch, Lisa Pierce, Craig Lawson
GARTNER and MAGIC QUADRANT are registered trademarks and service marks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.