A Decision Maker’s Guide to SASE

May 30, 2024
Cloud

If you want to bore your spouse and non-technical friends to their wit's end, talk about technology vetting and decision-making while enjoying a casual meal together. I did just that recently when my new(er) found friends asked, “What exactly is it that you do for a living?”. It’s not that it’s an unfair question, but instead of my usual “I work in technology,” I decided to indulge them and give an example of how solution architects and, moreover, Service Providers help organizations shortcut the time-intensive process of vetting new technology. Needless to say, although appreciative of my enthusiasm for the subject, my audience found themselves searching for an exit to the conversation!

On a serious note, evaluating new technology or deciding on strategic partnerships is a very important practice to cultivate within any IT organization. This is a primary focus for Service Providers and a large part of the value proposition for consuming technology in an “as-a-service” model. Let’s take this concept on and apply it to one of the hottest topics in networking and cybersecurity, SASE!


What is SASE?

Secure Access Service Edge (SASE) is a network architecture in which Wide-Area Networking (WAN) capabilities are converged with a comprehensive set of security functions and delivered through a cloud-native service.

Key Components of SASE:

  • Software-Defined Wide Area Network (SD-WAN): Provides the ability to leverage multiple WAN connections for enhancing and optimizing network performance through intelligent routing.
  • Secure Web Gateway (SWG): Policy-based service to monitor and filter web-based threats.
  • Cloud Access Security Broker (CASB): CASB provides a critical layer of security that gives organizations visibility and control over their use of cloud services.
  • Zero Trust Network Access (ZTNA): This type of access control is based on user identity and context. It ensures that only authorized users can access specific corporate resources.
  • Firewall as a Service (FWaaS): Cloud-based security solution providing comprehensive firewall protection, including advanced features such as intrusion prevention and threat detection.


Why SASE?

Traditional network security solutions are struggling to maintain pace with the evolving landscape of cybersecurity threats. Traditional solutions often do a poor job of adapting to our cloud-centric and remote workforce. SASE simplifies traditional WAN management and security, ensuring that all users and endpoints receive a common set of security policies, including verification of identity and context (ZTNA), ensuring users have secure access to the cloud and corporate resources approved for use.


Considerations for Decision Makers

Vetting and choosing a SASE solution can be a daunting task. Many vendors have varying approaches that result in a confusing combination of different architectures. Some are disparate and do little to solve the complexity we’ve come to loathe of traditional network security solutions. This makes it crucial for decision-makers to understand the core elements that define an effective SASE solution. The goal is to ensure you choose a solution that simplifies management, enhances security, and improves overall performance. To help guide this process, here are the five must-haves for any SASE solution and why they matter. These are different than our Key SASE Components and assumes those boxes are already checked.

1. Converged Security: Consistency, scalability, enhanced visibility, and simplified management are the core benefits. A truly converged solution is designed from the ground up to integrate networking and security features into one seamless service. Be careful! Some of the top names in network security rely on integrating multiple products that work together to deliver a “SASE-like” model. Bolting on disparate services to a legacy firewall platform isn’t SASE.

2. Cloud-Native: Cloud or bust! And no, virtual appliances don’t count. Cloud-native SASE solutions are built to be redundant and elastic so they can scale with growth needs. Cloud-native SASE can provide your organization with more efficient global coverage by leveraging a widespread network of distributed instances. Continuous updates and improvements to the platform are seamless. There’s no need for IT teams to manually intervene and apply patches or updates to remain current with evolving threats. In addition, any policy changes are instantly propagated across the global network, so you can be sure all users get the most current policies.

3. Global Points-of-Presence (PoPs): Access to a converged and cloud-native SASE is accomplished one way: distributed PoPs that all offer the same software stack of network and security features. Each organization’s “tenant” and its associated configurations should be available from around the globe. This ensures that every site and user gets a consistent experience and set of security policies from wherever they are connecting.

4. Global Backbone: Having spent a large part of my career in the telecommunications industry, this feature is near and dear to me! Network security shouldn’t compromise on performance. A global backbone provides predictable routing based on real-time network conditions, resulting in better traffic flow optimization and an all-around better user experience. You might think a global backbone connected by a global network of PoPs, each running a highly available software stack of converged network and security, is the SASE unicorn, but it does exist!

5. Single Management Interface: Consolidating control and administration into a single interface reduces complexity and gives back time to already stretched staff. It also improves visibility, centralizes policy enforcement, and provides for faster troubleshooting and resolution. The few solutions that have a single management interface also demonstrate better reporting and analytics.


Conclusion

Given the multitude of approaches and architectures offered by different SASE vendors, the decision process is not without challenges. However, key considerations can simplify this process for decision-makers. Focus on the critical aspects that will ultimately enhance your organization's security posture and operational efficiency. Use this guide as a roadmap in that decision-making process.

In the event you already have enough content for riveting dinner conversations with non-technical guests, then, call us! We may just have a head start on this process!