-
More vendors are applying the SASE framework to 5G networks
-
The new product set creates a tailored security and SD-WAN package for fixed wireless and mobile environments
-
Although, not all 5G use cases lend themselves to the complete SASE framework
As companies look to monetize their 5G investments, new 5G-specific products are creeping into the market. Enter the marriage of two trendy topics: Secure access service edge (SASE) and 5G.
5G SASE capabilities have been popping up from the likes of Cradlepoint, Palo Alto Networks, Versa Networks and Netskope.
But what exactly is 5G SASE, and where is it relevant? We asked the experts.
What is 5G SASE?
Gartner analyst Jonathan Forest said that 5G SASE is just that, the SASE framework applied to a new transport type: 5G instead of wired connections.
When you think of SASE products, fixed services — like branch office and remote worker connections via MPLS or wireline broadband — are likely the first that come to mind. But now, 5G has entered the chat, bringing the tech to fixed wireless and mobile applications.
“We would view this as a transport type that fits as part of the broader SASE discussion,” he told Fierce Network.
Coined by Gartner, SASE is a framework to converge security and network management under one cloud-based infrastructure.
As the analyst firm defines it, SASE is made up of a networking component —SD-WAN — and a cloud-native security suite called the security service edge (SSE), which includes secure web gateway (SWG), cloud access security broker (CASB), next-generation firewall (NGFW) and zero trust network access (ZTNA).
Wireless connections like 5G (and 4G before it) have historically been used more often as a backup link for wired SD-WAN networks. But Versa Networks Global Head of Sales Engineering Chitresh Yadav told Fierce Network that he is seeing “more scenarios where 5G is the primary and 4G or satellite is becoming the secondary.”
Essentially, 5G links are being used for more mobile cases, and in environments where wired connectivity isn’t available. There are plenty of other ways to secure 5G networks that aren't necessarily SASE, but it’s a neatly bundled package to access a cloud-native security and networking toolset.
Some scenarios are more SASE-y than others
When it comes to SASE, the only difference from wired connections is that 5G has “a mobility play where the other transport types don't,” Forest said. That means there are also some differences between how SASE can be applied in certain 5G cases, and not all of them are a complete version of the framework.
Where 5G is used as a fixed wireless connection, like for branch offices, SD-WAN and all of the SSE capabilities are relevant — a complete SASE solution.
Cradlepoint senior product marketing manager Camille Campbell noted that fixed wireless in the enterprise/SMB space presents an opportunity to leverage SASE by overlaying SD-WAN and security services.
The SD-WAN helps with creating overlays, as well as steering and optimizing end-to-end traffic from user to app, site to site, site to data center or to the cloud.
For the most part, SD-WAN is suitable when there are two WAN connections in place. Employees working from anywhere would typically only have a single WAN connection. “Where a single WAN connection is in place, you can still add security, but you typically wouldn’t deploy SD-WAN,” Campbell told Fierce Network.
There also isn't likely an SD-WAN in most 5G mobile use cases, such as a user on a tablet, phone or laptop. In those scenarios, it’s more of an SSE play than a full-on SASE situation.
“The nice thing about SASE is customers can consume the services that they need through the cloud. They don’t have to deploy everything,” Campbell added.
Absent the SD-WAN component, the SSE part of SASE is still “applicable for protecting and securing the traffic in a 5G world,” Netskope’s chief platform officer, Joe DePalo, said.
ZTNA is a useful capability for targeting and securing access to apps in the cloud or the legacy data center, he explained. If it’s web or SaaS traffic, then SWG or inline CASB apply.
Lastly, cloud firewall could be “key” to detect (and block) anomalous traffic patterns, DePalo added. For example, unusual port/protocol traffic that could indicate a breach or malware in action.