当前位置:网站首页>2021 SASE integration strategic roadmap (I)
2021 SASE integration strategic roadmap (I)
2022-07-07 00:13:00 【Heaven moves without taboo】
Gartner released 《2021 year SASE Integration strategy roadmap 》, This paper outlines the edge architecture of security access service (SASE) The main challenges of transformation . This article will take you to look at this road map .
Digitization 、 Working everywhere and cloud based computing accelerate cloud delivery SASE product , To support anytime, anywhere access from any device . Security and risk management leaders should develop from traditional boundaries and hardware based products to SASE Model migration plan .
summary
Important findings
- For at any time 、 Protect access to digital capabilities anywhere , Security must be defined by software and delivered by cloud computing , This forces changes in the security architecture and vendor choices .
- Adopt a boundary based approach to protect any location 、 Visit at any time , This has led to suppliers 、 Patchwork of policy and console , It brings complexity to security administrators and users .
- Integrate existing skill sets 、 Enterprises with suppliers and products and hardware update cycle time as migration factors will have their secure access to the service edge (SASE) The adoption time of is reduced by half .
- Branch transformation project ( Including software defined Wan SD-WAN、MPLS uninstall 、 Only Internet branches and related cost savings ) More and more SASE Part of the project scope .
- SASE Is a practical and compelling model , It can be partially or fully realized today .
Suggest
The safety and risk management leadership responsible for infrastructure security should be the adoption of SASE Develop a roadmap and product functionality :
short-term
- Deploy zero trust network access (ZTNA) To enhance or replace the legacy of remote users VPN, Especially for high-risk use cases .
- Check the equipment and contract , To achieve the phasing out of hardware used for many years at local boundaries and branches , To support cloud based SASE Functional delivery .
- With safety Web gateway (SWG)、 Cloud access security agent (CASB) and VPN Renewal of contract , Consolidate suppliers and reduce complexity and cost . Take advantage of the convergence market that has emerged in conjunction with these secure edge services .
- Actively participate in branch transformation and MPLS Uninstallation measures , In order to integrate cloud based security edge services into the scope of project planning .
long-term
- take SASE Integration of products into one or two clearly cooperating suppliers .
- Implement... For all users ZTNA, No matter where it is , Including in offices or branches .
- Select allow to control where the check occurs 、 How traffic is routed 、 What to record and where the logs are stored SASE product , To meet privacy and compliance requirements .
- Create a dedicated team of security and network experts , Jointly responsible for the safety access project , Across the site 、 Teleworkers 、 Branches and edge locations .
Strategic planning concept
To 2024 year ,30% Enterprises will adopt cloud delivery from the same supplier SWG、CASB、ZTNA And branch firewall services (FWaaS) Ability , and 2020 This proportion is less than 5%.
To 2025 year , At least 60% Enterprises will have a clear strategy and timetable to adopt SASE, Include users 、 Branch office and edge access , and 2020 Year only 10%.
To 2023 year , To provide flexibility 、 economic 、 Scalable bandwidth ,30% The location of the enterprise will only be internet WAN Connect , and 2020 This proportion is about 15%.
Introduce
The current network security architecture is designed with the enterprise data center as the focus of access requirements . Digital services drive new IT framework , Such as cloud computing and edge computing , And initiatives to work anywhere , This in turn reverses the need for access , More users 、 equipment 、 Applications 、 Services and data are located outside the enterprise , Not inside the enterprise .COVID-19 The pandemic has accelerated these trends .
The network security model based on the peripheral security of data center using a set of security equipment is not suitable to meet the dynamic needs of modern digital business and its distributed digital labor force .
Traditional boundaries must be transformed into a set of cloud based fusion functions , Can be created at the time and place needed by the enterprise , That is, dynamically created 、 Policy based secure access service edge .
meanwhile , Enterprises are increasingly pursuing zero trust strategy , However, the effective implementation of the principle of zero trust faces challenges . The security posture of providing zero trust is emerging SASE An integral part of the product . The zero trust network model uses continuous assessment of risk / Trust level replaces implicit trust ( Zero trust is the goal ). When the context surrounding the interaction changes , They adjust the number of explicit trusts granted to interactions .
While keeping complexity manageable , The need to nimbly support digital business transformation efforts is emerging SASE An important driving force of the market , The market is mainly delivered in the form of cloud based services . This market is integrated with the Internet ( Such as SD-WAN) And network security services ( Such as SWG、CASB、ZTNA and FWaaS), As shown in the figure below :
since 2019 year 7 Month defines emerging SASE Since the market , Industry and customers are very interested in SASE Your interest has exploded , This is mainly because existing suppliers cannot meet the needs of existing enterprises . However, the speculation of suppliers makes people's understanding of the Shanghai composite index market more complicated . Since the publication of the initial study , And 2019 - 2020 Year on year comparison , In the total number of end-user conversations related to security topics , mention SASE The percentage of end-user queries from 3%
Growth to 2021 year 1 Of the month 15%
, The interest continues to grow ,17%
End users call to mention the same group of related markets SASE. Significant supplier integration 、 Acquisitions and announcements , To build a complete SASE The portfolio has increased , Expected in the future 12 to 24 There will be more in the next month .
However , Enterprises transition to a complete SASE The model takes time . The reality is that , The existing investment of enterprises in hardware is not fully amortized , There is still time left on the software contract . The average hardware refresh cycle of the branch is 5 To 7 year . Relationships with existing suppliers and staff expertise are another factor . send SASE The more complicated is , Most large enterprises have independent network security and network operation teams . Last , Not everyone claims to provide SASE The suppliers of products currently provide all necessary and recommended SASE function ( See note 1). Even so , Not all SASE The functions of suppliers are at the same level of function and maturity . Through analysis SASE The gap between the future and current state of the product , We are SASE Adoption in the coming years provides a strategic roadmap 、 Migration plan and implementation suggestions . Here's the picture :
边栏推荐
- 48页数字政府智慧政务一网通办解决方案
- 在docker中快速使用各个版本的PostgreSQL数据库
- Compile logisim
- 准备好在CI/CD中自动化持续部署了吗?
- MIT 6.824 - raft Student Guide
- Use package FY in Oracle_ Recover_ Data. PCK to recover the table of truncate misoperation
- Racher integrates LDAP to realize unified account login
- App general function test cases
- Unity 颜色板|调色板|无级变色功能
- 自动化测试工具Katalon(Web)测试操作说明
猜你喜欢
Yaduo Sangu IPO
[2022 the finest in the whole network] how to test the interface test generally? Process and steps of interface test
2022/2/10 summary
DAY ONE
从外企离开,我才知道什么叫尊重跟合规…
File and image comparison tool kaleidoscope latest download
Who said that new consumer brands collapsed? Someone behind me won
DAY TWO
AVL树到底是什么?
2022 PMP project management examination agile knowledge points (9)
随机推荐
Who said that new consumer brands collapsed? Someone behind me won
17、 MySQL - high availability + read / write separation + gtid + semi synchronous master-slave replication cluster
GEO数据挖掘(三)使用DAVID数据库进行GO、KEGG富集分析
Racher integrates LDAP to realize unified account login
web渗透测试是什么_渗透实战
编译logisim
GPIO简介
Pinia module division
Interface joint debugging test script optimization v4.0
Interesting wine culture
Every year, 200 billion yuan is invested in the chip field, and "China chip" venture capital is booming
Three sentences to briefly introduce subnet mask
STM32通过串口进入和唤醒停止模式
1000 words selected - interface test basis
Random类的那些事
Why is bat still addicted to 996 when the four-day working system is being tried out in Britain?
什么是响应式对象?响应式对象的创建过程?
谷歌百度雅虎都是中国公司开发的通用搜索引擎_百度搜索引擎url
Quickly use various versions of PostgreSQL database in docker
[2022 the finest in the whole network] how to test the interface test generally? Process and steps of interface test