Combining 5G connectivity with SASE: A simplified solution to optimise networking and increase security

Connected network devices are exploding in numbers and functionality because of the growth of 5G enterprise connectivity. With more and more devices on the edge of the network, how does an enterprise protect this larger attack surface they are laying in front of bad actors? Enter Secure Access Service Edge (SASE), a cybersecurity model that IT teams have embraced in theory, if not in practice. SASE, a cloud-based architecture, is designed to secure today’s corporate networks as they demand simplicity, flexibility, low latency, and security at the WAN edge.

In a recent survey conducted by Cradlepoint, part of Ericsson, security was highlighted as an area for improvement for many Australian businesses, with more than 40% of those surveyed reporting having been subject to a network security attack in the last 12 months. Of those that were the target of a network security attack, over one-quarter suffered a major security breach which resulted in loss of data, and over 20% resulted in significant company fines.

Why combine 5G and SASE now?

According to Global Australia, over the next few years, 5G will revolutionise the way we work and live.

5G allows a mobile component for a business network. This creates mobile WAN connectivity for every organisation — from small businesses with delivery trucks, to a public safety organisation with a fleet of emergency vehicles.

With the country on track to reach 95% of the population with 5G coverage by mid-2025, and security selected as a network connectivity priority by 52% of Australian businesses surveyed by Cradlepoint, businesses should consider investing in 5G and bringing together 5G and SASE to create a highly secure yet agile, scalable, and cost-effective connectivity solution.

What are the six key components of SASE?

There are two parts to SASE: on one side, you have networking and SD-WAN, while on the other, there’s Security Service Edge — a subset of SASE — which is a group of cloud-delivered security technologies.

1. Software-Defined WAN (SD-WAN)

SD-WAN is the wide-area networking part of SASE. Enterprises can use it to improve overall network performance and reliability through application identification and traffic steering. It can also segment the network based on priority, use case, and cloud-managed policies.

2. Secure web gateway (SWG)

A SWG is a fundamental piece of the SASE architecture. It provides security controls for web traffic, including URL filtering, malware protection, and data loss prevention. Once a web request is initiated, the SWG decides whether it should be allowed based on established policies for robust internet security.

3. Cloud access security broker (CASB)

A CASB is another security component of SASE, meaning you don’t have to choose between SWG vs. CASB. This technology functions as an intermediary between end users and a cloud service provider to ensure security policies are enforced on the entire network, securing both on-premises and cloud-based data.

4. Firewall as a service (FWaaS)

FWaaS delivers firewall functionality from the cloud to devices anywhere. Instead of relying on physical firewall appliances or on-premise software, FWaaS leverages cloud infrastructure to provide firewall capabilities as a service, which is much more cost-effective and easier to manage.

5. Zero trust network access (ZTNA)

Zero trust implements a ‘never trust; always verify’ strategy, where every attempt to access any content is treated as potentially malicious. With zero trust, access is given only to authorised users, and only to the specific resources they require, meaning unauthorised users cannot gain access to corporate resources under any circumstances.

6. Remote browser isolation (RBI)

Remote browser isolation provides an added layer of security to protect enterprise networks from evolving web-based threats. Instead of allowing web content to be processed directly on the user’s device or within a corporate network, RBI isolates web browsing activity in a remote container environment, creating a digital air gap. When a user clicks on a link, all web content — including sites opened from email links — is executed in isolated virtual browsers in the cloud, separate from the user’s device or network. This mitigates the risk of malware infections and other cyber threats.

Does SASE replace VPN?

An attack on Ivanti’s VPN solution in January 2024 highlighted the need for something more robust than perimeter-based security. Because of its integration of zero trust security, SASE stands out as a viable VPN alternative. It enables secure access to applications and resources by minimising the attack surface, preventing lateral movement, and stopping zero-day exploits — a level of protection beyond what VPNs offer.

5G and SASE: Preparation for the future

For any business or organisation, it’s always important to combine the latest technology with the best security features. 5G WAN is no different. 5G and SASE help organisations take their networks to new places, while making sure they are always safe. It’s like having a bodyguard for mobile devices and data even as they move past the confines of an office space or headquarters.

And let’s not forget about the 5G network capabilities to come. As 5G standalone networks give way to more mainstream network slicing, a comprehensive network approach that combines 5G and SASE will provide efficiency and security for the networks of today — while setting the foundation for networks of the future.

Image credit: iStock.com/metamorworks