While many of us are still digesting all the annoucments coming out of VMworld2020 my favorite one is VMware offering SASE platform. Before we go directly into “How” and “What” VMware is offering this new offering, let’s us first understand “Why”. I chose to follow Simon Sinek’s Golden Circle analogy
Let’s deep dive into ‘What’ part of the SASE. SASE term is coined by Gartner back in 2019.
As per Gartner, SASE combines network security functions (such as SWG, CASB, FWaaS and ZTNA), with WAN capabilities (i.e., SDWAN) to support the dynamic secure access needs of organizations. These capabilities are delivered primarily aaS and based upon the identity of the entity, real time context and security/compliance policies.So essentially, SASE is a new package of technologies including SD-WAN, SWG, CASB, ZTNA and FWaaS as core abilities, with the ability to identity sensitive data or malware and the ability to decrypt content at line speed, with continuous monitoring of sessions for risk and trust levels.
So next for us is to understand what is VMware doing in this space. Well, VMware acquired SDWAN leader VeloCloud back in Dec 2017. The idea back then was to virtualize WAN network using software and yet provide security and experience to end users. While, VMware kept innovating into the SDWAN space, the market has changed a lot due to advent of new Cloud Applications delivered as SaaS and our point of access moving away from office, branches to individual homes – all credit to COVID-19. The definitation of work place has changed now. Hence, for enterprises to protect their brand and their customer data while their employees are all working from home it is extremly important.
This comes to next part ‘How‘ ? For this, we need to understand the various layers of SASE delivered as a service. The most common layer is underlying network for end user experience. Security doesn’t focus on experiene. VMware VeloCloud is the leader in providing user experience with best network level visibility thanks to the recent acquisition of Nyansa. Other layers are mainly focussed on various aspect of security right upto to the end user. Idea is to create a secure model based on Zero Trust Architecture (ZTA). When you’re thinking about how to protect your data and what are the best solutions for data protection, a lot of organizations are concerned about visibility, identifying which applications are being used by employees, and how to protect data as it moves to those applications.
SWG – a secure web gateway is an on-premise or cloud-delivered network security service. Sitting between users and the Internet, secure web gateways provide advanced network protection by inspecting web requests against company policy to ensure malicious applications and websites are blocked and inaccessible. A secure web gateway can be a great solution for managed devices and devices on the corporate network. What happens when devices are not managed or are not on corporate network ?
CASB – Cloud Access Security Broker – is different than SWG. It can monitor traffic as it goes down to any device, whether it’s a managed or unmanaged device. It can distinguish between these different device types and have different policies applied to data based on the access context. So with a cloud access security broker, if an employee is accessing data from a personal iPhone, for example, they can access any cloud application, whether it’s Office 365 or a corporate Dropbox account (or what have you), and have that data be protected no matter where it goes. Once it is downloaded, you still have control over that data.
FWaaS – Firewalle As A Service – Firewall as a service (FWaaS) refers to a cloud firewall that delivers advanced Layer 7/next-generation firewall (NGFW) capabilities, including access controls, such as URL filtering, advanced threat prevention, intrusion prevention systems (IPS) and DNS security.
ZTNA – Zero Trust Network Access – The concept of zero trust security has become a massive buzzword over the last few years. While many organizations have shifted priorities to adopt zero trust, zero trust network access (ZTNA) is the technology behind achieving a true zero trust model.Zero trust network access (ZTNA), also known as the software-defined perimeter (SDP), is a set of technologies that operates on an adaptive trust model, where trust is never implicit, and access is granted on a “need-to-know,” least-privileged basis defined by granular policies. ZTNA gives users seamless and secure connectivity to private applications without ever placing them on the network or exposing apps to the internet.
VMware SASE Platform
The cloud-native VMware SASE architecture combines VMware SD-WAN Gateways, VMware Secure Access, zero trust network access (ZTNA) solution, secure web gateway (SWG) and cloud security access broker (CASB) solutions, and VMware NSX Firewall, our next-gen firewall functionality–all delivered through VMware SASE points of presence (PoPs). These networking and security services can be delivered in an intrinsic or sequenced manner to branch edges, mobile users, campuses, and IoT devices.
There is SASE & ZTNA for Dummies – https://www.velocloud.com/sd-wan-resources/ebooks/sase-and-ztna-for-dummies for more reading.
Why are the leaders coming together to solve the next problems in technology? By partnering with Zscaler, VMware will bring simplicity and scale to securing a modern, future ready workforce. Together it will help customers adopt a cloud-centric network and security architecture that connects and protects users, applications, and data, anywhere in the world. VMware has partnered with leading Security partners – Zscaler and Menlo Security. The most important thing to note here is all of this will be delivered as a Service.
So VMware SASE comes with 4 key pillars:
- Cloud First
- Intrinsic Security
- Application Quality Assurance
- Operational Simplicity and ROI
I will cover more of the above in detail in my next post. Till then you can read more here – https://www.velocloud.com/secure-access-service-edge
Thanks for reading!