Traditionally, network security was pretty straightforward. Employees tended to work in locations with physically defined network perimeters, such as an office building with a data center. Even when users connected to public cloud services in these circumstances, data had to flow through on-premises firewalls and proxy network security appliances before reaching Enterprise applications.
The new era of mobile workforces and bring-your-own-device (BYOD) policies renders this security model irrelevant. Workers are using cloud-based apps from their homes, on trains, planes, busses, in coffee shops, and many other locations where a physical network perimeter would be impossible to maintain. The data leaving their devices travels on public networks, and organizations can’t direct it through company-owned firewalls and proxies. Network security solutions must, therefore, be able to protect data both at the level of the individual device and while it is in motion, a challenge that is much more complicated than simply protecting a well-defined physical network.
Addressing the security challenges posed by distributed, mobile workforces calls for a new service model that Gartner has named “Secure Access Service Edge (SASE).” This new approach shifts the focus of network security to the individual user’s identity and/or device, rather than a traditional data center.