The digitization of business has driven the adoption of public cloud-based computing. If IT teams are able to architect solutions that offer the work-from-anywhere model from any device, they provide their enterprise with significant productivity and competitive advantage. The overall goal is to implement software-defined security which is delivered by the cloud ensuring the best possible architecture.
One of the most significant challenges is to migrate from legacy perimeter-based security — which has created multiple vendor relationships. With each vendor solution, IT teams are tasked with the need to maintain and review policies across different graphical user interfaces (GUIs). Invariably, with each relationship, numerous contractual arrangements exist which do not co-terminate resulting in a need to maintain solutions that are often not optimal.
With the above in mind, SASE may require a gradual migration approach which means your business may be positioned to only adopt partial implementation.
The internet is the preferred method of connecting to cloud resources versus legacy MPLS VPN (multiprotocol label switching virtual private network) services which are restrictive. For users working on the internet, there is an absolute requirement to deliver application access from multiple devices and locations. Enterprise business which delivers seamless, secure, flexible and fast performing access to resources gain a huge competitive edge. However, the architecture to deliver user freedom is currently immature and fragmented resulting in the need to define the features required across software-defined cloud networking and security. Gartner SASE is one such framework that outlines the capability to deliver user, device and branch security.
In the majority of businesses, network architecture is designed to meet data center access where application resources remained static. With the maturity of cloud services, the data center is no longer a static location and is often not known as a physical location. In the past, IT would deploy services directly into server racks. Software-defined networking and the cloud mean all deployments can now be zero-touch with services replicated on a global basis by using Azure, AWS and Google cloud.
With complete flexibility, there is a firm need to address the risks that cloud “work anywhere” architectures create for all businesses. At a high level, the risks revolve around trust and the premise that users cannot be trusted once. SASE (and associated technologies) revolves around the premise that traffic must be constantly evaluated and never trusted.
We fully expect there to be more users connecting outside of the main office campus than inside which means the network premier has moved and is no longer simply defined. And with this in mind, the interest in SASE is growing at an exponential rate. As with SD-WAN, the hype surrounding SASE often means vendor comparison is difficult due to high-level vendor marketing. Alongside marketing, vendors are beginning to consolidate software-defined WAN and SASE to create single product verticals known as software-defined perimeter (SDP).
How should your business begin to evaluate SASE security?
In order to evaluate SASE, IT teams should begin to consider which capabilities are available to implement now via existing relationships or in the future by conducting vendor comparisons.
My team and I recommend the following immediate considerations:
1. Create a list of existing relationships to understand whether elements of SASE features could be leveraged immediately or migrated away at the earliest opportunity.
2. The SD-WAN market is converging with SASE vendors meaning there is now a real possibility to buy network-as-a-service and security-as-a-service from one vendor.
3. Understand your own team’s skillset to decide whether or not the adoption of fully managed SASE, co-managed or DIY fits your business needs.
4. SASE convergence represents an opportunity to transform branch offices away from legacy MPLS resulting in lower costs.
My team and I also recommend the following long term considerations:
1. Consider SASE solutions that suit your business in respect of where the inspection occurs and how traffic analysis is reported. IT teams report that statistics are valuable but too much data is often detrimental to the business.
2. Zero trust network access (ZTNA) should be a priority across all connected elements from users to devices.
3. The enterprise should now create SASE knowledge experts to work on an evaluation of reporting and user behavior to consistently make improvements.
4. Understand how secure web gateway (SWG), cloud access security broker (CASB), zero trust network access (ZTNA) and firewall as a service (FWaaS) will represent the core of your security defense.
Over the next few years, SASE adoption will continue to grow as products mature and existing security vendor contracts end. As of writing this article, Gartner estimates that less than 10 SASE solutions are capable of meeting the full framework and definition of SASE. Our business is of the opinion that the market will lead with software-defined perimeter (SDP) which will contain SASE and Software WAN features.
Whether or not your business is in a position to adopt SASE, my team and I recommend understanding features but also vendor reporting. While security is important, there is a need to interpret data to fully understand the implications of your user, device and application flows. Perhaps one comparison is Netfow where the data produced is always comprehensive but rarely actionable due to the sheer volume of content. SASE vendors recognize the need to provide tangible information to help IT teams make informed decisions.
Artificial intelligence (AI) is also expected to assist with making on-the-fly adds, moves and changes based on risk. If a vulnerability is detected, AI will make the necessary changes on an almost real-time basis to protect your network from whatever threat exists. The cloud also helps to deliver the latest patching to ensure all security devices and instances stay up to date.
SASE is the framework all businesses should begin to evaluate and plan to fully understand the vendor landscape.