In its latest report on network trends, “The Future of Network Security is in the Cloud”, Gartner looks at how the momentum service delivery will change priorities well into the next decade.
As network and security services move out of the data center and into the cloud, as virtualized solutions replace single-use boxes, as mobility and edge computing grow in importance, Gartner sees a radically different future for business networks. Two years ago, Gartner’s “NetOps 2.0” concept laid out the foundation of this change. With the idea of the Secure Access Service Edge (SASE), Gartner is taking its idea of tomorrow’s service model to the next level.
What is SASE?
The idea of SASE (which Gartner’s analysts insist we pronounce “sassy”) is formulated around the ripple effects of shifting compute from data centers to a distributed network based in the cloud and on mobile devices. As this shift occurs, Gartner predicts that security and network teams will have to operate where the action is – on the network edge – rather than trying to force developers and end users back into standardized services run (and controlled) by the network team through a “hub and spoke” model.
In other words, the power dynamic of network and security models is shifting for digital businesses. IT teams used to set the boundaries of what was possible based on the capacity of existing networks. As cloud computing allows for essentially limitless capacity, now the onus is on the IT team to catch up to what developers and end users can achieve.
That means addressing the needs of users wherever they happen to be. For networking teams, that means that nobody’s going to be forced out of the cloud service they control and back through a core network and security architecture. The services have to be available in real time as part of a cloud native architecture, on a device, or wherever the network edge is for that particular user. For security teams, that means monitoring traffic and enforcing every level of security once, for all users or devices. Multiple enforcement layers will simply be too difficult to implement, and slow things down too much.
In Gartner’s view, the need for an integrated SASE solution will drive the convergence of network and security solutions. IT buyers will want a single vendor to integrate all of these complex systems rather than go through the pain (and expense) of integrating them on their own. Operationally, SASE will also drive a convergence of network and security teams as their functions and areas of interest increasingly overlap.
Preparing for a SASE world
The hard truth: SASE is a Jetsons model projected onto a Flintstones world. Even in 2019, Gartner’s grand vision of NetOps 2.0 is still far in the future for many large enterprises, let alone smaller businesses. These aren’t systems you just turn on – they require massive investments, structural change, and realignment of skills. Many enterprise networking teams struggle with the basics of cloud based services, and are hardly in a position to think further ahead. Inevitable as these technological shifts may seem, it will take time to turn them from concept into reality.
Even if we’re early in the hype cycle, IT leaders should be thinking ahead to the SASE future, aligning their technology priorities accordingly. Laying the foundation with strategic investments today can lead to lower costs and an easier transition when the time comes. And for many enterprises, that time will come sooner than they think.
Network complexity is one area Gartner highlights as a roadblock standing in the way of SASE implementation. Trying to implement an integrated networking and security stack on the network edge is going to be difficult when the underlying infrastructure is fragmented and controlled through a web of overlapping technologies. Gartner points to the risk that all of this complexity will lead to “inconsistent management and enforcement, poor performance, and expensive deployments” when the time to implement SASE comes around.
Of course, the challenge of complexity is something most network teams face now. Simply operating a large, complex network with SD-WAN, cloud native services, and virtualization layers is enough to make the heads of most network administrators spin. If anything, Gartner is pointing out how that pain is only going to get worse over time.
Is your DNS SASE ready?
Gartner specifically calls out DNS as a piece of critical infrastructure which is needed for SASE technologies to be effective in the face of all this complexity. This is a recognition of the key role that DNS plays in all network communications, as well as the roadblocks it currently throws up for digital transformation efforts. Implementing security policies and controlling network traffic on the edge can only happen if the underlying DNS infrastructure is flexible, draws from a single source of truth, and facilitates network automation.
This is precisely why here at BlueCat we talk so much about the concept of Adaptive DNS. Whether you’re preparing for the near future of NetOps 2.0 or the distant future of SASE, you’re going to need a DNS infrastructure which can flex and scale to deal with the growing complexity of network and security operations.
We’ve long recognized the strategic necessity of placing DNS everywhere – particularly at the network edge. When you’ve got DNS deployed with service points right where devices and compute live, you can enforce security policies and route traffic in line with the SASE model Gartner envisions. This approach sets BlueCat apart from solutions which either fragment DNS infrastructure or continue to insist on that rigid “hub and spoke” deployment model.
Learn more about BlueCat Adaptive DNS.
Or send a self-addressed stamped envelope (SASE) with $2.95 shipping and handling to…just kidding!
Five network pros’ manual error horror stories
Members of BlueCat’s Network VIP community detail the errors they committed, the resulting fallout, and what important lessons they learned.
10 best Ansible modules for infrastructure as code
10 (plus a bonus) Ansible automation modules that anyone—from a beginner to a power user—can leverage to transform their network infrastructure to code.
Cloud Webinar Series: Part 3
Manage overlapping cloud networks like a boss.
NSA and CISA: Protective DNS key to network defense
U.S. cyber agencies now point to protective DNS as a defense strategy, confirming what BlueCat already knew: DNS is critical to detecting network threats.