With employees accessing corporate resources and logging on from anywhere, organizations are now shifting to a secure access service edge (SASE) approach to deliver converged network and security-as-a-service designed to support branch offices, remote and on-premises secure access use cases.
According to Gartner, SASE includes SD-WAN, SWG, CASB, NGFW and enables zero trust access based on the identity of the device or entity, combined with real-time context and security compliance policies.
What is driving SASE adoption?
Organizations are struggling with complex IT infrastructure that has largely been driven by a massive increase in cloud adoption coupled with on-prem, legacy infrastructure in response to the pandemic and general market trends, according to Omri Guelfand, vice president of product management and SASE/networking as a service at Cisco Meraki.
While this trend began in the “early days” of cloud adoption with applications and assets moving out of the data center into private clouds, public clouds and co-located options, the pandemic greatly accelerated that shift. That pandemic-induced cloud migration was so rapid–essentially overnight–that organizations were forced to accelerate their cloud strategy by several years.
The result is an IT environment in which applications, resources, users, contractors and other entities are anywhere and everywhere, which makes managing and securing an organization’s network endlessly complex.
Essentially, SASE is designed to bring all of that together by delivering on one core underlying requirement: securely connecting users to applications–both of which could be anywhere. SASE is designed to make managing a network easier and more cohesive, which is essential as networking without security is becoming impossible, and the merging of networking and security is a foregone conclusion.
Different approaches to SASE
As organizations got to work to solve some of these networking and security challenges over the last few years, a variety of different approaches to solving some of these issues have emerged.
According to Guelfand, separate networking and security teams have started to solve all of these pieces to create better coverage of all the functions of a SASE architecture by deploying different solutions from a variety of different vendors, which he calls the “best of breed” approach.
“Gradually, you’ll create better coverage of all the functions,” Guelfand says.
On the other end of the spectrum is a one-stop shop for organizations that are less focused on how to get a complete SASE architecture. In this case, organizations typically work with one vendor or a managed service provider (MSP) to put all of those pieces together.
For an analogy, Guelfand uses food. For example, if someone wants to source the best ingredients for a pasta dish, they visit a specialty food store for past and sauce, a farmstand for fresh vegetables, and then a butcher for their protein.
Or, the person can just put their trust in a restaurant.
“A unified SASE is more of this ready-made dish where you’re benefitting from a quick-to-value to get the outcome you want and you don’t have to go through a lot of extra work, versus the other approach that gives you much more flexibility and control, but it comes with more things you have to do,” Guelfand says.
Benefits of the unified SASE approach
In the unified SASE approach, the name of the game is reduced complexity that starts with procurement of the solution. In the unified, single-source approach, SASE is a product rather than a combination of multiple point products, thus simplifying the consumption of the technology.
“This is where you have a more streamlined, consistent operational model whether you’re in a network context or security context,” Guelfand says. “At the end of the day, these are all policies that could be connectivity or security policies.”
The unified SASE approach blurs the lines between networking and security and brings those elements together into a consistent operational model that not only creates a better admin and user experience, but also makes solving incidents and issues easier.
Instead of the networking or security teams blaming each other and playing the blame game, the unified SASE approach gives “one throat to choke,” Guelfand says.
Especially for smaller organizations with a limited IT staff, a complete SASE solution from one vendor or service provider will help take that burden off of their hands.
Benefits of the best-of-breed SASE approach
However convenient the unified SASE approach may be, the reality is that most organizations are not yet ready to fully consume a unified offering, as many organizations are still operating with separate security and networking teams with different vendor preferences.
Organizations are also balancing their level of control and flexibility versus simplicity, with larger organizations typically opting to deploy point solutions to drive their SASE strategy. Those organizations will generally have a larger IT staff and a better IT staff-to-employee ratio, affording the organization more flexibility and more options.
Merging of networking and security teams
However, Guelfand says even those larger organizations with the typical silos are going down the consolidation path as networking and security teams begin to merge.
Typically, smaller organizations that were “born in the cloud” don’t have the legacy separation of networking and security functions, instead employing a type of digital IT that covers the full spectrum of activities.
Even at larger organizations with those legacy silos, there is consolidation at the executive level, and many of those larger security teams are actively driving SASE initiatives because the network has already started the transformation.
“Now it’s really around catching up with security and making sure that security can really be enabled to support this highly distributed environment in a way that solves the operational challenges of just managing point firewalls and policies that are scattered in different directions,” Guelfand says.
Key considerations when adopting and implementing SASE
- Evaluate different SASE solutions. Look at single-vendor solutions, multi-vendor point products, and managed offerings. Gartner recommends cutting complexity and cost by consolidating vendors at contact renewals, but acknowledges that there are still three legitimate ways to implementing SASE:
- A single-vendor approach
- A multi-vendor approach
- A managed SASE approach
- Evaluate scalability and flexibility. SASE solutions that can scale both up and down to meet the needs of an organization is important.
- Leverage existing investments. Rather than a rip-and-replace strategy, organizations should leverage and integrate their existing capabilities and solutions to protect those investments.
- How do the vendors, partners or service providers help guide customers on their SASE journey?
- Any SASE solution should be based on robust security research and insights to protect against emerging threats. This is especially important when deploying a unified solution, which is essentially putting the organization’s complete trust in one vendor.
- How is the SASE platform extensible to other technologies beyond secure network access.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply