Q&A: Under the hood of our Secure Access Service Edge solution


Q&A: Under the hood of our Secure Access Service Edge solution

Secure Access Service Edge (SASE) is becoming a powerful tool in any organisation’s arsenal that integrates network and security under a single platform. Gone are the days of hacking together various solutions that only leave gaps and vulnerabilities for cyber criminals to exploit. With SASE, you get full visibility and control over your network and security.

To learn more about what’s under the hood of a SASE solution, I had a chat with Superloop’s Head of Pre-Sales, Joseph Gregory, and Head of Product SASE & SD-WAN, Connor Berrell.

What are the essential elements of a strong SASE framework?

Joseph Gregory: The essential elements of a strong SASE framework are the security layer and the network layer.

For the security layer, security moves to the cloud and away from hardware devices. This is particularly important for remote users because hardware is limited to a physical location whereas cloud security can follow users wherever they are.

With the network layer, using next gen SD-WAN devices, traffic routing decisions are made autonomously based on application layer (Layer 7) performance rather than network layer (Layer 3) performance, this helps make the most of whatever network is available.

Connor Berrell: It's worth noting here that the Layer 3 is an indicator of an application's performance whereas Layer 7 is the actual application. This means that it's closer to the thing we care about most: the user experience.

It's like, if I was a doctor and I wanted to check if someone had a broken bone – I could get an X-ray and look for a break (L7) or I could ask if it hurts when making particular motions (L3). One of these tests is simply more accurate to the thing we care about whilst the other is more of an indicator or a proxy.

Joseph Gregory: Exactly. So, when you combine these in a SASE solution, they allow users to securely connect using any device, from anywhere, at any time to any IT resource in a consistent way with a consistently high user experience.

Why is it important that traffic routing decisions are based on L7 performance rather than L3? How does this aspect of the SASE solution improve network performance?

Joseph Gregory: The reason it's important to make decisions at Layer 7 is because it is based on the application the user is complaining of problems about. So, SASE (SD-WAN) can autonomously improve the performance of a specific app (e.g. Zoom) by giving that app priority when it comes to bandwidth. By giving that app bandwidth priority means that performance improves.

At Layer 3, the Network Layer, you typically can only address a complaint as a "latency" issue and there's no ability to shape traffic for a particular app. Actions that are taken here are taken across the board to improve latency. One approach here would be to take the sledgehammer approach. This could mean something like simply banning access to Facebook, Netflix etc. for all users so that it frees up bandwidth across the entire network.

So SASE means businesses don't need to take that sledgehammer approach?

Joseph Gregory: Yes, that’s correct.

How will SASE improve security for businesses?

Joseph Gregory: A true SASE solution results in security moving from physical firewalls in offices and data centres and VPNS and Mobile Device Management systems for mobile/remote users, to a single, cloud-based, security solution (e.g. Prisma Access).

This means a single security policy can be applied to all users regardless of which device they are using from wherever they are. It also means an end to costly, time-consuming physical firewall updates for firmware upgrades and virus signatures, which busy IT teams often miss leaving the organisation exposed.

With Prisma Access [Palo Alto's security layer solution in SASE], these updates happen automatically.

Connor Berrell: Security is a balancing act of risk mitigation and usability. Restrictions and security services are put in place to protect the network whilst balancing the impact to our users' experience.

It's like the way that password policies have shown the worst case of overly strong requirements breaking the usability. A requirement like ‘minimum 10 characters long with a special character’, inevitably results in “Password1!” from users and defeating the purpose entirely. Multi-factor authentication (MFA) has become a usable solution for this problem, in a way that both understands the user experience but also prioritises security.

Just like MFA became the usable solution to password policies, SASE has become the usable solution to edge networking security. SASE brings a comprehensive suite of security services, provides visibility to the admins, and it does so with a level of simplicity that mitigates the human error-prone activities.

How customisable is SASE to meet the specific requirements and pain points of Australian businesses and IT teams? There are a lot of solutions available on the market, so why is SASE any different?

Connor Berrell: There is a foggy line in technology these days – on one side is really standard products that basically all work the same and on the other is services that are expected to be adapted to individual businesses.

SASE is really straddling that line right now. Historically, these services have been more on the adapt side, but with SASE, we're one step closer to something like an Homeworld kit home rather than a custom architect-designed home.

So SASE is more of a personally designed experience rather than a one-size-fits-all frame?

Connor Berrell: Certainly right now it is. It currently sits in the perfect sweet spot where it's flexible enough to be customisable to specific organisation requirements while not being overly complex or time-consuming to implement.

What are the advantages of Superloop’s partnership with Palo Alto Networks in this SASE solution? What does Superloop bring to the table that PAN cannot?  

Joseph Gregory: Superloop's partnership with Palo Alto Networks brings the world's best SASE solution to Australian customers. This is delivered by a strong, $250M telecommunications and security provider in Australia that’s leveraging some of the country’s best network infrastructure which is completely owned and managed by Superloop.

Best of all, with Superloop's international network reach, a Superloop SASE solution can scale beyond Australia for local customers who have an international footprint.
With a Superloop SASE solution a customer’s end user can use any device, anywhere at any time to access any IT resource in a consistently secure way with a high level of end user satisfaction.

What to read next:

Stronger cyber security, better connectivity: Why our SASE partnership matters
Why our post-pandemic work-from-anywhere world is driving businesses to SASE
Securing the organisation: People first, technology second