secure access service edge (SASE) (noun)

Rick Howard: The word is: SASE.

Rick Howard: Spelled: S for secure, A for access, S for service, and E for edge.

Rick Howard: Definition: A security architecture that incorporates the cloud shared responsibility model and vendor provided security stack and SD wan abstraction layer and network pairing with one or more of the big content providers and their associated fiber networks.

Rick Howard: Example sentence: SASE is a fundamental shift in thinking about internet data flow and the logical location of the security stack is on the same historical significance as standardizing on TCP/IP, installing BGP routing, and instantiating content provider peering relationships.

Rick Howard: Origin and context: Pronounced "sassy," or as I like to call it, sassy. The term is so new that most traditional dictionaries only list the postal service acronym: self-addressed stamped envelope. But, this cutting edge cybersecurity architecture, coined by Gartner in 2019, fundamentally shifts how network defenders might manage their security stack.

Rick Howard: Since the early internet days circa 1995, network defenders typically established a perimeter defense between their internal digital assets and the outside world. Organizations establish one or more internet connections with a service provider and connected remote offices, data centers, and end points via internal leased lines. Network defenders deployed their security stack tools like firewalls and intrusion detection systems at the internet boundary and network managers ensured that the data flow would always traverse through the security stack. But leased lines are expensive and the typical number of tools in the security stack in today's environments can be anywhere between 15 and 300, depending on how big the organization is. At the same time, local internet connections have become so inexpensive and reliable, and it doesn't make sense to pay for internal leased lines anymore. It's just easier to let the remote offices connect to the internet themselves. But that means the network defender team has to deploy the security stack in multiple locations.

Rick Howard: The management complexity of this situation has become exponential and the money we saved by removing the leased lines is consumed again by maintaining multiple sets of the same security stack. 

Rick Howard: Enter SASE. It has four components. 

Rick Howard: Number one: a SASE cloud provider. Instead of each network defender managing and maintaining their own internal security stack, the SASE vendor provides the stack in multiple data center locations around the world. The first network hop out of the customer location is through their SASE vendor. The SASE customer sets the global policy for every tool in the stack and the SASE vendor keeps the blinky lights working on all of the equipment.

Rick Howard: Number two: the security staff. The SASE vendor offers security services for its customers like zero trust, kill chain prevention, compliance, and risk forecasting. 

Rick Howard: Number three: the SD-WAN. The SASE vendor connects a software/hardware meta-layer to all the customer remote locations for the purpose of making efficient routing decisions between all customer internet connections. 

Rick Howard: Number four: peer connections. The first hop out of the SASE vendor's data center is not to the internet backbone, but to one or more of the big content provider fiber networks like Google, Amazon, and Microsoft. 

Rick Howard: By flipping the management model to a cloud shared responsibility model, the customers have the opportunity to reduce the management complexity of their security environments, and to automatically orchestrate their global security stack with updates and changes. For the small and medium sized organizations who don't have the resources that big business does, they can now deploy the same world-class security stack as their big brothers.

Rick Howard: Nerd reference: According to the Challenging Coder website, Gartner's Jackie Fenn created the concept of the Hype Cycle in 1995. She noticed a repeated pattern of expectation attitudes from consumers of tech and security tools as new and innovative products emerged in the marketplace. The expectation starts with a product announcement and then rises through the "peak of inflated expectations" as consumers realize the potential of the new idea. From there, expectations begin to diminish through the "trough of disillusionment" as these same people begin to realize that the new tech is not quite ready for prime time. From there, though expectation rises again through a much gentler "slope of enlightenment," and finally, once the product has matured, reaches the "plateau of productivity." 

Rick Howard: In an interview with Fenn on the RSA showroom floor in 2008 about the book she wrote on the topic, she described the Hype Cycle this way.

Jackie Fenn: Because the Hype Cycle is something we've been using within Gartner and within information technology for many years now describe the common pattern that happens over and over again, overenthusiasm with the new technology, and then disillusionment, when that technology doesn't quite live up to expectations. And then the eventual move to maturity where you're pretty sure you're going to get value out of the technology.

Rick Howard: For SASE, it's early days. The 2020 Gartner Hype chart for endpoint security has SASE at the apex of the peak of inflated expectations and predicts that the architecture will not reach the plateau of productivity for another five to 10 years. 

Rick Howard: Word Notes is written by Nyla Gennaoui. Executive produced by Peter Kilpe, and edited by John Petrik and me, Rick Howard. The mix, sound design, and original music have all been crafted by the ridiculously talented Elliott Peltzman. Thanks for listening.