Discover how SASE – secure access service edge - will enable next gen 5G networks
Stefan Keller, CTO at Open Systems, reveals how SASE combines several emerging technologies in order to unite network and security management.
As we enter a new decade of tech innovation, it’s important to reflect on the developments and disruption we have seen over the last ten years, much of which has been influenced by the changing nature of networking.
The mass emergence of cloud computing has enabled disruptive businesses like Uber and Monzo to rapidly deploy and scale up richly responsive user experiences. The growth of available bandwidth has enabled much of what we use and consume – particularly entertainment, but also software and services – to be delivered through a streaming model. And, as anyone who has found themselves checking their email simultaneously on their laptop, phone, and smartwatch will know, personal area networks have quickly become a commonplace feature of everyday life.
Even so, amongst all of this change, the fundamental notions which organise business network management have remained relatively stable. For some decades, networking has been divided into two main camps: LAN and WAN. LAN, or local-area networking, consists of devices connected to one another in relatively close physical proximity – think of the computers in an office building, linked by ethernet cables and Wi-Fi to an on-site server. WAN, or wide-area networking, consists of connections over arbitrarily long distances – think regional offices sharing information with one another and, ultimately, with the cloud.
The new network edge
Looking forward to the next decade, we might see this familiar terminology finally start to break down. As technologies like 5G come into play and drive the changes we have already witnessed even further and faster, the trade offs that are negotiated between LAN and WAN – speed and security advantages for the former, flexibility and efficiency for the latter – will become less of an issue. Instead, we will start to think first of all about the network edge.
Edge devices are typically thought of as those final stops in a network, such as laptops and phones, where people actually interact with it. It has become an increasingly important concept in recent years, and as more powerful networking capabilities make it possible for data to be collected from, processed in, and shared to any location, more detailed ways of thinking about it are necessary. When the phone in your pocket has processing power and bandwidth comparable to a dedicated server of just a decade or two ago, the edge becomes much more than just a point of interaction.
As well as considering LAN and WAN, we can now also start to think about the near edge, far edge, and cloud edge as key areas of network activity. The far edge is the most familiar of these: it includes the devices traditionally considered to be the edge of the network, but also internet of things (IoT) devices – from sensors on industrial machinery, to CCTV cameras, to buildings’ lighting and heating systems. The cloud edge, meanwhile, refers to the physical servers in the cloud which are closest to the end user – in particular, content delivery networks which hold data such as videos for streaming platforms. The near edge, finally, consists of small data centres which sit between end users and the cloud at large – for example, server rooms in office buildings, IoT gateways in factories, or server equipment installed alongside 5G technology.
Understanding networking in terms of 'edges' doesn’t just give us a more accurate picture of how networks are now structured, but also outlines why they will be vital for the next wave of disruption. AI is already fundamentally changing how many business processes operate, from cybersecurity to stock management to customer service, and over the next decade it will come even further to the fore. While every application of AI has its own needs and nature, one thing that unites them is that they are incredibly data-intensive. In order for an AI-driven spam filter, for instance, to learn what a malicious email looks like, it needs to ingest and process millions upon millions of example messages. This demand for data skyrockets further when rich data sources from IoT devices, such as video signals, are involved.
SIGN UP FOR E-MAIL NEWSLETTERS
Get up to speed with 5G, and discover the latest deals, news, and insight!
Network-driven disruption
As 5G and other transmission technologies enable businesses to draw this quantity of data into their systems, it will rapidly become impractical to send it all to a central location in order to process and draw inferences from it. Instead, we will rely on a significantly more powerful edge to do that work closer to where it is needed.
When, in November 2010, Amazon announced that it had moved its retail site wholly onto its cloud, Amazon Web Services, it seems unlikely that many people foresaw the full extent of the disruption that cloud computing would go on to enable. Today, in a world where it’s hard to think of a recent technological innovation which doesn’t rely on the cloud at some level, it’s difficult to predict how the next generation of networking innovation will alter the services that we use. The combination of 5G, AI, IoT, and edge computing opens up rich possibilities to do things differently, and it’s exciting to see what uses we will find for it.
One part of this coming wave which is already in view is SASE, or secure access service edge. Although the growth of cloud computing has certainly been rapid, one of the major points of friction has been the issue of security – especially in a context of increasing cyber threat and more punitive legislation to mitigate that threat. As business users employ more cloud-based tools to get their work done, and as the overall amount of data passing through the network has grown, it has become increasingly difficult to set overall security controls and security policy to keep data safe from both leaks and attacks. The issue is only compounded by the fact that moving services to the cloud, by its nature, involves handing off some of the responsibility for security to a third party.
SASE is an approach which combines several emerging technologies in order to unite network management with security management. There has for some time been a move towards software-defined networking, in which decisions about how data is routed through the network are taken by software, based in the cloud. Now, as 5G and IoT promise to accelerate a trend where more devices reside outside of the enterprise network than within it, there is a need to move that decision making out to the edge of the network, where the work is happening. While doing so, we can also place security control at the point of network access, instead of where the data resides – especially by using AI tools to automate threat detection and mitigation.
Ultimately, rather than worrying about the relative security of the cloud, this integration of complementary technologies offers IT professionals a situation in which they can migrate services to the cloud because it is secure. For end-users, it means network management which matches the potential of 5G with faster, simpler, and more secure access to tools and services. What new disruptions this change in networking technology enables remains to be seen.
Stefan Keller studied at the Swiss Federal Institute of Technology (ETH) in Zurich. He holds a Master of Science degree from ETH Zurich in Information Technology and Electrical Engineering. Additionally he completed the Customer-focused Innovation Management certification at Stanford Business School. After his studies, Stefan Keller got a job directly with Open Systems in 2008, and worked in several positions, first in the area of Professional Services and then in Development as a Senior Vice President Product Development, responsible for Network Services. He is currently Head of Development at Open Systems.