SASE and IoT: The relationship and the pros and cons

SASE may be one of the newer acronyms in the IoT world, but it is fast becoming an important one. First dropped in Gartner’s 2019 report Networking Hype Cycle and Market Trends, SASE stands for Secure Access Service Edge. It references a new architecture which bundles together both virtualised networking and security functions in a cloud-delivered service.

To understand how SASE was developed, it is important to understand the background and challenges of securing the IoT in the first place. Because most IoT devices are relatively small, simple and unmanaged, typical security agents cannot be installed in them. Organisations instead need to deploy a range of tactics, including verification of the identity of each individual IoT device on a network, and segmenting IoT devices off from each other so they can only access applications and data relevant to their role.

Traditionally, this segmentation was achieved using Virtualised Large Area Networks (VLANs), but this approach is unsuitable for the vast array in type and number of devices in a typical IoT environment.

How SASE works

As mentioned above, the core principle of SASE is to converge multiple virtualised networking and security functions into a single unified cloud service. Centralised policy control delivers secure access, which in turn achieves protest and shortest path data routing.

Security policies are enforced at distributed points of presence (PoP), which grant access based on the identities of individual devices. The network edge, or PoPs, can be the SASE vendor’s datacentres or cloud regions, close to the devices and the application server.

Pros

This combination of centralised security policy management and local, identity-driven services brings multiple benefits in terms of cost and complexity. Multiple network services can be unified with a single vendor, and a single pane of glass view can be created of all communications across the IoT network. This minimises network latency, even as the IoT environment flexes and grows. Legacy VPNs are replaced with automated, cloud-native security features, streamlining the overall picture.

Cons

However, this is not to say that SASE can fully address the securing of IoT devices. Security and networking are traditionally two very different areas of expertise, and many organisations still have two quite siloed departments in place, which can make SASE tricky to execute and manage. Some locations may still require on-premise security and routing capabilities too. To properly secure an IoT environment, organisations still need a zero trust security framework which segments users so that they can access only the appropriate applications and data.

Choosing a SASE solution

Choosing a SASE solution which can offer genuine flexibility, latency, and security, then, depends on looking out for features which can maximise the benefits and minimise the challenges associated with this architecture. Key is looking for a vendor which can truly offer integrated networking (for example, SD-WAN, WAN acceleration) and security services, and which offers a genuinely cloud-native approach.

MLR Networks can provide in-depth advice on how to choose and deploy a SASE solution for your business – so for more information, get in touch with us today.