Coined by Gartner in the 2019 Networking Hype Cycle and Market Trends report, Security Access Service Edge (SASE) introduces a new architecture where networking and security functions are bundled in a cloud-delivered service. As IoT and internet-based traffic continues to soar, SASE allows enterprises to streamline network integration, security, and policy management of distributed devices with a centrally managed platform.
The number of IoT devices is growing exponentially, but security has failed to keep pace. Among the 1.2 billion devices communicating through cellular networks in 2020 (Gartner), most of them are exposed to the risk of unmanaged and poorly secured connectivity. Indeed, a recent report by Palo Alto Networks stated that 98% of all IoT traffic is unencrypted, and 57% of IoT devices are subject to medium- or high-severity breaches. Before we know it, connected devices have become the low-hanging fruit for attackers to exploit.
Devices using the public Internet are vulnerable to wide-ranging potential attacks that threaten the integrity and security of highly sensitive IoT data.
In traditional IoT connectivity models, communication access and authentication are driven by a service provider's home network – forcing the traffic to first route through the central home network to break out through the public internet to the application location. Complex setup of dedicated endpoint clients is often required to establish a VPN connection or SSL/TLS encryption between the endpoint and the central IoT application. What’s more, standalone devices mostly rely on local configuration settings to control network activities.
Nevertheless, in the IoT age where vast devices are geographically distributed and data is dispersed across multi-region cloud and SaaS applications, such an architecture quickly reaches its limitation. Complexity and latency challenges become evident as the need for local data processing regulations continues to rise. In this context, SASE presents a cloud-native framework that matches emerging IoT requirements to streamline edge security, networking, and operations of connected devices.
Simply speaking, SASE converges multiple virtualized networking and security capabilities into one unified, easy-to-consume cloud service. Secure access is delivered through centralized policy control that enables optimized, shortest-path data routing and protected traffic to the application - regardless of where devices, service provider network, and IoT applications are located.
In the SASE model, security checkpoints are shifted closer to the data source. Policies are enforced at distributed points of presence (PoP), where access is granted based on the identity of connected entities (IoT devices) such as a specific device attribute or its location. The edge or PoPs can be the SASE vendor’s data centers/ cloud regions close to devices and the application server. With policies easily programmable to tailor to each unique application, a high level of automation can be achieved.
The combination of cloud-based, centralized policy management and local enforcement of identity-driven SASE services brings great benefits to IoT users. The former streamlines cost and complexity as network security services can be consolidated with a single vendor, and businesses can have a single view of all device communication. The latter helps to minimize network latency while allowing IoT enterprises to comply with customers‘ local data processing requirements and benefit from high-performance security at the edge. As legacy VPN is replaced with automated, cloud-native security features, there are fewer clients required on a device.
The breadth of network and security features in a SASE architecture is far-reaching and vastly varies across vendors. Below are several pillars you should look for in a SASE solution for IoT.
Originally developed to address changing enterprise security requirements for an increasingly remote workforce, the implication of a SASE architecture goes double for IoT. With more and more IoT applications shifting to the cloud and devices vastly dispersed, the combination of cloud-native security tools, local policy enforcement, and enhanced visibility makes SASE a winning use case. The marriage of network and security functions in a single management console allows enterprises to better protect their devices at reduced cost and complexity.
At EMnify, we deliver a SASE-driven architecture using SIM as device identity to offer network and security-as-a-service for globally distributed resources. Contact us if you are interested in learning more about our solution.
We value your privacy.