A transformational change is reshaping the way organizations manage and secure their networks. As described in a July 2019 Gartner Market Trend report, the Secure Access Service Edge (SASE, pronounced sassy) marks the necessary merger of traditional WAN management and security capabilities into a unified whole, built using cloud-native architectures.
According to Gartner, “customer demands for simplicity, scalability, flexibility, low latency and pervasive security force convergence of the WAN edge and network security markets, creating the secure access service edge (SASE), with a predominantly cloud-based, as-a-service delivery model.”
The SASE model is a response to the limitations of conventional networking and security architectures in keeping pace with emerging edge-centric trends in mobility, cloud, SD-WAN and the Internet of Things (IoT). The constraints involve an over reliance on physical infrastructure, along with tool proliferation, solution silos, manual processes and a lack of automation. They also include rigid hub-and-spoke arrangements in which all endpoints route through a central data center (Figure 1), resulting in performance issues at the network’s edge.
Figure 1: Conventional hub-and-spoke architectures cannot keep pace with the escalating demands of edge-centric computing.
Needed: New Platforms and Architectures for a Cloud-First World
As the Gartner SASE report reveals, “digital transformation is driving new application deployment models, including cloud, edge and mobile. As organizations adopt these new deployments models, endpoints (users, programs and devices) no longer access a majority of applications and services from within the enterprise data center.” As a result, technology and service providers will need to provide new platforms and architectures to deliver and manage network and security services with greater agility and at scale. Among the primary elements of SASE are:
- An edge-centric architecture
- Converged networking and security
- A unified framework for policy enforcement
Achieving these goals requires a network foundation built for SASE. Key architectural tenets of a SASE platform include:
- A cloud-native architecture
- Cloud-managed on-demand services
A Foundational Platform for SASE—BloxOne
The SASE vision is one that Infoblox shares. As the industry leader in Secure, Cloud-Managed Network Services, we have been at the forefront in the development of technologies and services that underpin SASE. Our cloud-native SaaS platform, BloxOne™, is the result of four years of development, including three spent in the market with production services. BloxOne powers a suite of modular, scalable and highly customizable applications that enable organizations to more easily secure and manage critical network functionality from the cloud. Its first two applications include:
- BloxOne Threat Defense. This cloud-based hybrid solution works with an enterprise’s existing defenses to centralize, automate and orchestrate security across on-premises, virtual and hybrid multi-cloud network environments without the need for additional infrastructure. The solution turns the core network services (DNS, DHCP and IPAM) that an organization relies on to run its business into its most valuable security assets.
- BloxOne DDI. The industry’s first cloud-managed solution for core network services enables organizations to centrally manage DNS and related services across hundreds to thousands of remote sites with unprecedented cost efficiency.
SASE-Based Design Principles in BloxOne
An embodiment of SASE imperatives, the BloxOne Platform marks a revolutionary step forward for networking and security. Its SASE-oriented design incorporates the following aspects:
- Cloud-native architecture. Infoblox was an early proponent of cloud-native design. We are a founding member of the open source CoreDNS project, which in turn is part of the Cloud Native Computing Foundation community. BloxOne is built from the ground up using the latest innovations in software-defined networking, microservices and containerization through Docker and Kubernetes. It moves the control plane for core network services, such as DNS, from the appliance to the cloud. Its use of containerization and open source technologies delivers the agility, elastic scalability and easy extensibility that SASE-based networks require.
Moreover, Infoblox’s acquisition of SnapRoute, the creator of the industry’s first Cloud-Native Network Operating System, underscores our commitment to accelerating and expanding our cloud-native networking portfolio.
- Cloud-delivered on-demand services. According to Gartner’s SASE description, the only way to deliver and manage services in a globally distributed edge-centric enterprise with minimal complexity and cost is through a cloud-managed, cloud-delivered service model. With the BloxOne Platform, organizations can easily consume industry-leading networking and security capabilities on an as-a-service basis. In addition, the agility of service creation and expansion offered by the platform means that enterprises can rapidly add capabilities and capacity as their circumstances dictate, without running the risk of overprovisioning or paying for underutilized infrastructure.
At Infoblox, the SASE Future Is Already Here
The migration of networking and security to the cloud is accelerating rapidly. Adoption of the Gartner SASE vision is inevitable for all organizations that hope to flourish as the center of gravity increasingly shifts to the network’s edge. How well enterprises succeed will largely depend on having a cloud-native platform built for SASE networking. At Infoblox, that platform exists in BloxOne. Its capabilities are already making an impact. And we’re just getting started.
Please join our upcoming webinar Accelerating Delivery of Cloud-Native Network Services with IDC/Brandon Butler, Kanaiya Vasani and Glenn Sullivan on December 10th. Register here.