With the popularity of cloud SaaS applications and the dispersion of corporate employees, corporate Internet traffic has increased. The traditional hub-and-spoke network architecture with corporate self-built data centers as the core is faced with high-cost MPLS links, poor access experience to centralized Internet applications at the headquarters, and security boundaries. Due to problems such as bypass and headquarter VPN capacity challenges, enterprises have to change their network and security construction ideas. SASE came into being and gradually attracted the attention of many domestic manufacturers and users.
01. Access SaaS application office on the cloud
Due to the convenience and efficiency of SaaS applications, more and more small and medium-sized enterprises are switching from traditional software and hardware deployment methods to using SaaS applications for office work, including core systems such as finance, human resources, and OA, which can effectively improve corporate work efficiency.
SaaS secure access and data leakage security have always been the focus of small and medium-sized enterprises. However, since SaaS services have escaped the restrictions of geographical and network environments, the traditional hardware security product deployment method is no longer effective. At the same time, traditional security equipment is expensive and unavailable. Can be delivered as a service. After the business system becomes SaaS, the network lacks security boundaries. Users can access the business system through office computers, personal laptops, and any terminal. Once the account password is leaked, hackers or competitors can directly access the platform to obtain data, and internal employees can obtain it at will. related data.
SASE applications can converge all internal applications of the enterprise without exposing external access addresses. Employees can only access applications allowed by their own permissions through SASE access nodes, ensuring that internal applications can be accessed simply and efficiently without being exposed to the outside world. Achieve a safer, more private, and more stable access experience.
Regardless of whether the enterprise's internal applications are deployed in private clouds, public clouds or local data centers, they will be integrated into the SASE cloud platform for unified management, which can achieve the advantages of light assets and efficient access.
02.Remote access to office
Traditional enterprise external access connects employees to the Internet through the headquarters data center and places applications on the enterprise intranet. However, as the trend of migrating applications to the cloud continues to rise, and external factors such as the COVID-19 pandemic prompt enterprises to promote work-from-home models, solutions that connect to headquarters data centers through traditional VPNs no longer meet the current remote access needs of enterprises. With employees working from home and partners remotely accessing the intranet, the terminal environment is uncontrollable, posing security risks and easily being used as a springboard for phishing attacks; VPNs cannot minimize access rights and cannot access cloud services; access to terminals in multiple environments is not uniform. wait.
Remote access based on the SASE architecture does not require complicated security deployment on the terminal. You only need to deploy a lightweight traffic diversion plug-in to divert traffic to the edge access POP node of the SASE cloud platform, and you can experience remote access to internal applications.
The SASE cloud platform supports issuing authentication policies to all employees, and only employees who have passed the authentication can access internal applications. Regardless of whether the enterprise's internal applications are deployed in private clouds, public clouds or local data centers, they are all managed uniformly by the SASE cloud platform; the enterprise's overall internal application access rights are fully managed by the SASE platform, ensuring on-demand access to internal applications and reducing threat intrusions. , the possibility of data leakage. At the same time, internal application access activities can be visualized. If unauthorized access is discovered, access permissions can be adjusted immediately to ensure the security of internal applications.
Achieve the goal of protecting internal applications of the enterprise, reduce the complexity of remote access, manage permissions based on entity identity, and centrally manage internal applications through the cloud platform.
03.Multi-branch access office
For enterprises with multiple branches, due to geographical dispersion, branches cannot directly access the headquarters through the intranet, and security protection is weak.
The traditional "headquarters-branch" security model is not suitable for the current internal and external enterprise environment, and the model in which branches independently purchase security equipment and use MPLS dedicated lines for communication is costly and has poor user experience; branches and headquarters unified network and security Construction requires high equipment performance and high cost. Branch network and security policy changes need to be processed through the headquarters, making operation and maintenance complex.
The SASE architecture deploys traffic diversion devices at the branch exits to divert Internet traffic to SASE service edge access nodes, activates security modules on demand, and uniformly implements branch Internet security, networking, and centralized management functions without the need to purchase traditional security equipment.
Using a unified security management platform, multi-branch centralized management can be achieved, multi-branch traffic can be visualized, branch security event analysis can be displayed in a unified manner, and real-time alarm push can be provided. Manage the Internet behavior of enterprise terminals, monitor and analyze Internet traffic, and ensure enterprise information security. At the same time, it detects and responds to security threats on the terminal side, provides intranet application resource access based on zero trust, and ensures that corporate employees and partners can operate more securely and privately anywhere in the world through identity authentication, permission control and other modules. Visit business.
Enterprises can achieve the goals of light assets, simplified operation and maintenance, and unified management, save equipment purchase costs, reduce operation and maintenance pressure, and manage multi-branch security in a unified manner.