SASE (or secure access service edge) is a relatively new technology that integrates SD-WAN, secure remote access and cloud-based security into a single solution. It offers increased flexibility for cloud infrastructure, lower costs, reduced complexity, improved performance and better protection for enterprise users, devices and data. While many SD-WAN and security vendors have begun to offer SASE solutions, few have delivered a complete approach. According to a recent EMA WAN Transformation Report, 10% of organizations report they’ve completed a SASE deployment and 28% claim partial implementation. Given that there are so few complete solutions available, EMA believes overmarketing by SD-WAN vendors is actually inflating these numbers.
At any rate, SASE offers incredible benefits for enterprises and the future is bright for this new technology category. In fact, the increased need for remote user support during the pandemic has spurred much of the sudden acceleration around SASE deployments. EMA’s report showed that a massive 51% of respondents have accelerated their SASE projects over the last year alone. In addition, Gartner predicts that by 2024, at least 40% of enterprises will have strategies in place to adopt SASE, up from less than 1% at the end of 2018.
Understanding SASE
There are many vital elements to consider when adopting a SASE strategy, but let’s explore five key criteria and why they matter. The first is integrated operational visibility. It’s important to have network and security visibility across all the ways users access applications and resources throughout the enterprise. This means remote, public cloud and traditional network environments, and everywhere in between. Respondents ranked this attribute as the most important in EMA’s WAN Transformation Report. The second aspect to consider is direct cloud access. Cloud adoption is a priority, especially during this pandemic. Having fast, reliable access to cloud resources has become critical for employees, partners and customers, whether that’s work from home (WFH) users or specific applications operating in a hybrid cloud.
Next, we have secure remote access. This has become an increasingly urgent priority during the COVID-19 crisis, and a primary element in supporting business continuity for the modern enterprise. Whether it’s accessing cloud applications for work, such as Salesforce or Office365, or accessing proprietary applications such as call center systems, having secure access for WFH employees has become basic table stakes (and security is a critical factor). Then there’s site-to-site SD-WAN connectivity. This provides flexibility and cost savings, making it possible to use more internet at a lower cost. Or it can help load balance away from traditional MPLS circuits so organizations can more easily connect to the cloud and simplify management. Lastly, you should consider cloud-based, multi-function network security. The cloud makes it easy to manage SASE centrally. Having the security capabilities in the cloud allows for instant scalability and multiple points of presence, which relieves the problems with previous VPN-based solutions.
Visibility and SASE
SASE deployments can be incredibly complex, and make end-to-end visibility challenging for IT. There many components at work and if something goes wrong, isolating it down to a single source or domain can be tough. Is it the local network, SD-WAN device, cloud presence, security device, etc.? Is it a problem with network traffic, applications, users? Today, enterprises are using analytics platforms that work alongside SASE to provide a vendor-neutral view into deployments with the ability to analyze telemetry for network, security and compliance purposes. These solutions also offer end-to-end views once the traffic exits SASE into the branch, data center, colocation, or public and private cloud.
Granular visibility allows IT to better understand network and application traffic, and verify that policies and their intent are working as designed. It also enables troubleshooting and the remediation of network and/or security issues. So as issues arise, IT can identify the root cause and understand the most appropriate remedial action to take. Finally, establishing comprehensive, end-to-end network visibility allows IT to understand how application traffic and data flows through the SASE system.
Your Starting Point for SASE Deployments
Due to the fact that SASE solutions are the product of multiple integrated technology categories, we’re seeing many network security, cloud-based security and SD-WAN companies entering the space. You often hear grand promises and phrases like “silver bullet” and “single solution.” In reality, But you’ll need to work with at least two solutions (sometimes more) to deploy SASE today. When making a selection, consider the following questions:
- Is the technology mature? – Are the network or security features fully baked? Is it completely integrated, separate, or does it allow for integration with other solutions? Depending on any existing vendor relationships, an all-one-solution could make sense (but most will need to be add-on).
- What is the management setup? – Is all of the functionality easily managed through a centralized cloud-based service? If so, how is this done? This can be important for reducing the complexity and management of a SASE solution.
- Do the cloud integration capabilities suffice? – Does it easily provide access to the public cloud and offer private cloud connectivity through colocation and remote sites? This is important as more applications live in a hybrid cloud model.
- Is there scalable, secure remote access? – Does it include a scaled approach to remote user access, with respect to points of presence that allow for better performance from various locations mapping to customer needs?
SASE is transforming the way enterprises approach data and application security and connectivity. If you’re at the trailhead of your first SASE deployment journey, start by establishing a firm understanding of the technology, the role of network visibility in successful SASE implementations and the key questions to ask to identify the right approach.
