Part 1: When to consider a SASE (Secure Access Service Edge) architecture

With Gartner predicting that by 2024, at least 40% of enterprises will be looking to adopt SASE, and recent research on SDWAN and SASE showing that “85% of IT leaders in the UK will have either an SD WAN or SASE platform by the summer of 2022”, should your company be looking at this new cloud-based approach to networking and security?  

Before looking at the reasons to consider SASE, a bit of background…

What is SASE?

SASE (Secure Access Service Edge) is a term that was defined by Gartner in The Future of Network Security Is in the Cloud, Neil MacDonald, Lawrence Orans, Joe Skorupa, 30 August 2019:

Gartner definition: The secure access service edge is an emerging offering combining comprehensive WAN capabilities with comprehensive network security functions (such as SWG, CASB, FWaaS and ZTNA) to support the dynamic secure access needs of digital enterprises.

SASE delivers capabilities based on the identity of an entity, its real-time context, security and compliance polices.  This fits well with the shifting focus to remote working and managing large numbers of users and uncontrolled devices.  It has been defined as a “framework” rather than an architecture, combining SD-WAN with security technologies and bringing them together into a cloud service.  The key benefits are:

1. Greater security through access to enterprise level protection
2. Consolidation of firewall management
3. Improved application performance
4. Better security across internet communications
5. Flexibility to meet changing business needs
6. Faster deployment to stand alone locations & remote workers
7. Improved connections with expensive or difficult locations
8. Monthly subscription/ Network & Security-as-a-Service

5 components of SASE

Whilst SASE is a new definition, 80% of the technologies it covers have already been around for about a decade.  Since the term was coined back in 2019, vendors from different areas (SD-WAN, networking hardware and security) have embraced the new concept, adapting to the new definition and changing their product positioning to match.  But there are currently few vendors that deliver the full package of:

1. SD-WAN
2. Firewall-as-a-Service (FWaaS)
3. Secure Web Gateway
4. Cloud Security Broker (CASB)
5. Zero-Trust Network Access / Software Defined Perimeter

Let’s take a quick look at who has “SASE” offerings…

Who is offering SASE?

Some security vendors have most of the security components (Firewall-as-a-Service, Secure Web Gateway, CASB, Zero-Trust) already.  However, these are point solutions, and do not focus on how to direct all network and client communications from company to home office through these security services, without the inclusion of SD-WAN capabilities.  

In contrast to point solutions and partnerships to deliver everything in the SASE framework, it is notable that one vendor has built SASE from the ground up, delivering all the components and providing their own SLA Backed private IP backbone – Cato Networks.  While other vendors offer integrated solutions, the backbone can be a big problem for medium-sized companies, with most vendors leaving this to their customers to sort out and negotiate SLAs with individual network providers.

Vendors with point solutions may be offering best of breed, but managing numerous point solutions introduces complexity and is an integration risk that some companies cannot handle. A fully integrated package might not offer all the advantages of best of breed point solutions, but when it comes to ease of use and cost-effectiveness, the integrated SASE approach is the way forward for many small to medium-sized IT departments with limited resources.

When should I consider SASE?

It will depend on your current architecture.  It is not one size fits all.  So, here are a few pointers to when it might be a good time to consider SASE as part of your strategy moving forward:

1. Considering SD-WAN or moving from MPLS to Internet communications
2. Finding it difficult to quickly adapt or make changes to the existing network to support new business requirements e.g. Cloud-based solutions
3. Looking to extend cloud-based solutions without impacting network performance
4. Your security team is overloaded with managing a large number of fragmented security point solutions
5. Poor performance of business applications is affecting productivity and revenues
6. Concerns about the security and control of increased numbers of remote workers in unmanaged environments
7. Concerned with IoT and applications exposed to the Internet
8. WAN infrastructure due for renewal and looking at emerging alternatives

Adopting a SASE approach and taking steps towards implementing SASE can answer some of the problems you have today – for example, you might just want to implement SD-WAN and FWaaS, with the rest later – but it also provides a platform to build on and grow to meet future requirements. 

How do I know which SASE solution is right for me?

This will again depend on your current architecture, and trigger points.  It also depends on the size of your IT department.

If you have the resources to handle specialist point solutions, need to build on the solutions you already have, and can manage that complexity, then that might be the way to go. 

If you are a smaller organisation, or looking for a cost-effective solution that will help make your infrastructure easier to manage in the future, then a fuller cloud-based service is most likely the best option. You don’t have to roll out SASE all at once, but you will have the framework in place to take your business into the future.

We’ll talk more about project scenarios in more detail in our next blog.

So, even if you don’t currently have SASE on your mind, it is definitely worth considering as a way of future-proofing your business and bringing both networking and security together with simple, cost-effective management.

Get in touch. We can help you to evaluate your current environment, understand the best fit for your IT infrastructure and business, and help design and implement the right solution. With just an hour-long whiteboarding session we can help set you on your path to SASE and a flexible and secure network. Book a technical consultation >