In today’s business environment, there are probably far more users outside of your corporate firewall than within. In particular, remote workers are using public internet connections from their homes to access corporate wide area networks (WANs) to get instantaneous and unencumbered access to critical data, applications and agile digital business functions via private and public cloud services.
And with the number of internet of things (IoT) devices multiplying all over the world, there will be a surge in device data traffic going over the public internet to corporate networks. According to IDC, “there will be 41.6 billion connected IoT devices, or ‘things’ generating 79.4 zettabytes (ZB) of data in 2025.”[1] As a result of all of the remote data traffic being created and consumed at the edge, the corporate data center is no longer the most logical place to dispense security checks for the droves of distributed end users and endpoints from all corners of the world.
A paradigm shift to combine globally distributed network access over more agile SD-WANs with identity-driven, cloud-native security for end users and all types of endpoints, including mobile and IoT traffic, is now underway. The time has come to shift security checkpoints from the data center to the edge, proximate to end users and endpoints.
What is SASE?
Secure Access Service Edge (SASE), pronounced “SASSY,” provides comprehensive global network access with built-in network security. It combines SD-WAN and network security services, such as secure web gateways (SWG), cloud access security brokers (CASB), firewalls as a service (FWaaS) and others, and delivers it as a cloud service.
Rather than sending traffic back to corporate headquarters security systems, SASE provides security services and policy enforcements to the source (users, appls, devices, etc.) on demand. Each person or device, be it a someone on a mobile phone or an IoT-enabled appliance, is automatically validated upon entry to the network using zero-trust policies. This reduces the need to trombone the data between the user, system, application or device and data center, by delivering inspection algorithms to the edge for every single user and endpoint.
The level of SASE security, just like network bandwidth requirements, can be selectively customized by application, location and user group. Policy-based secure access is quickly and easily tailored for unique applications. An example might be the level of security and bandwidth required for mobile banking services versus social media applications. While one requires a higher level of security and reliability, low-latency and intense inspection algorithms are not as critical for the other.
Providing localized, high-performance security access on a global platform
SD-WANs working in conjunction with network functions virtualization (NFV), such as FWaaS, can speed and ease the deployment and consumption of SASE services at the edge of your corporate network, without having to deploy additional hardware. However, the success of SASE environments for an increasingly remote user base requires fast access to these SASE “on-ramps.” By putting the entrances to those on-ramps closer to end users and endpoints via proximate, low-latency private interconnection, you can deliver both high performance and high security at the edge.
Platform Equinix, with its global reach of more than 210 Equinix International Business Exchange™ (IBX®) data centers in 50+ metros worldwide, provides the fast and easy entrances required to access SASE on-ramps, such as Network Edge services. Via the Network Edge self-service customer portal on Platform Equinix you can access leading SD-WAN and NFV providers’ solutions, such as Palo Alto Networks’ virtual SD-WAN, firewall and SASE devices. Network Edge allows you to deploy leading NFV providers’ virtual network and security devices/services that reside in IBX data centers in minutes, without deploying any of your own hardware in those locations.
And if you already have IT infrastructure within an Equinix IBX facility, you can still access virtual network providers’ devices and services in other IBX facilities in different locations on-demand. You can also leverage Network Edge, in conjunction with Equinix Cloud Exchange Fabric™ (ECX Fabric™), to instantly connect to leading clouds and other SaaS-based security services.
Palo Alto SASE use case on Platform Equinix
Legacy WAN designs have centered around on-premises data centers for multiple decades. Services could be delivered to and from one or more physical locations. With the advent of cloud and SaaS, we’re seeing a spread of services that challenge these WAN designs to provide acceptable service to enterprise end users, end points, business partners and customers.
When you visualize a SASE topology, you’ll note that the remote branches and users no longer consolidate directly to the data center. Branches and end users now intelligently locate their own, most optimal “front door” to gain access securely to the network. Branches would most likely leverage two paths, commonly a service level agreement-oriented path (MPLS or Point-to-Point Ethernet) and via the public internet. Remote users would rely on their internet connectivity.
Once traffic reaches the front door, there is an opportunity to locate the regional on-ramp proximate to cloud and/or SaaS providers or to continue onto the legacy data center. Many enterprises find themselves heading toward a hybrid multicloud deployment to serve the needs of their dynamic and diverse environments. When applications can be delivered regionally, latency reduction drives performance acceleration.
Enterprises can easily direct and secure connections from remote users, branch offices and corporate on-premises infrastructures to service and cloud providers as needed, on-demand. Network Edge from Equinix allows you to deploy Palo Alto virtual devices and NFV services. This virtual device is one of the components of a SASE solution. Palo Alto’s SASE solution features flexibility, reduced complexity, zero trust modeling, threat prevention and data protection. By taking this solution and putting it on Platform Equinix, you’ll have improved security, and unmatched connectivity to your cloud and SaaS providers and business partners.
Remote User/Branch SASE Use Case
As your business progresses its digital transformation journey, network transformation will be one of several milestones. Equinix offers insights and experience to help your enterprise think through, plan for and ultimately achieve success. Equinix offers a workshop specifically tailored to guide your teams through the path. Our Cloud Optimized WAN workshop provides valuable insights into WAN transformation, cloud and SaaS integration and at the conclusion – a deliverable document to show how to get it done.
Learn more about our two-day Cloud Optimized WAN Workshop.
[1] IDC, “The Growth in Connected IoT Devices Is Expected to Generate 79.4ZB of Data in 2025, According to a New IDC Forecast,” June 18, 2019.