Part 2: SASE Transformation Project Scenarios

So far, we have talked about SASE, what it is, what it is not and some of the reasons you might want to consider it (read part one here). Here we take a more in-depth look at the scenarios that are driving large enterprises and SMEs to adopt SASE as a framework.  Last year Nemertes Research was predicting that 62% of companies would have deployed SASE by the end of 2020.  And there are clearly some key benefits, including:

• Reducing complexity and cost with centralized management of networking and security
• Reducing the number of consoles and policies
• Handling and securing the growing number of managed and unmanaged devices, especially for a workforce that is becoming more remote

COVID-19 has been a catalyst for SASE along with the move from branch offices and internal data centres to remote working and the adoption of Cloud (The Future of SD-WAN and SASE – Accelerate Technologies).  This new way of working is forcing companies to look at both improving network access and locking down the security of all networked resources, whether they are issued by the company or BYOD.

We’ll get on to more about remote working, but before that, let’s look at some of the other compelling events and triggers that are driving organisations to implement SASE.

Consolidating and Improving Security

One of the key drivers for embracing the SASE model is integrating individual security tools into a centralized, policy-driven service. Research company Nemertes see this as inevitable as networking and security components become virtual.  According to their research, companies are 80% more successful in achieving this integration if they have implemented SASE. 

Companies set out on this consolidation journey from different starting points, typically with a phased approach tailored for their business operations and existing infrastructure.

The starting point for some will be when reviewing outsourced security contracts for point product solutions. Others may be finding that heavily fragmented security solutions are becoming just too hard to manage and maintain, and need to consolidate them.  For example, managing traditional firewalls in individual branch locations is cumbersome and a move to Firewall-as-a-Service is compelling.

From another perspective, if you are thinking of re-designing your network and are currently considering SD-WAN, then this is a chance to evaluate and look at your overall network security too.  You might decide, like one of our customers, to roll out just SD-WAN and Firewall-as-a-Service first, saving the roll out of other components until the need arises.

Other security pain points and projects we have seen, that start companies on the SASE route, are:

1. Streamlining and speeding up the set-up of security to branch offices, new stores and remote sites with Security-as-a-Service
2. Implementing and optimising mobile security
3. Addressing a firewall management problem
4. Rolling out Multifactor Authentication (MFA) and integrating MFA with existing authentication using Single Sign-on (SSO) to mitigate the risk of compromised credentials
5. Moving from traditional appliance based VPN’s that need constant monitoring and patching to a cloud-based VPN which is maintained by the vendor
6. Deploying Zero-Trust Networking to deliver secure access to data and applications both on-prem and in the cloud, by users based on their role and regardless of their location or device

Network Optimisation

SASE can help if poor application performance is affecting productivity and causing users to complain, especially for demanding applications such as video.  As well as improving baseline performance, SASE gives you full visibility of the network, making it possible to manage and control applications more effectively.

In performance terms, it is also worth considering SASE with natively integrated SD-WAN and an SLA-backed global private backbone to replace expensive and inflexible MPLS services, especially if you have a number of branches across the world. Logging on to a local point of presence (PoP) can speed up access for remote users. This can be a cost-effective solution, whether you are a large or medium sized enterprise with a global presence.

Cloud Adoption and Cloud Acceleration

Moving applications to the cloud brings with it many benefits, such as subscription-based costs and the ability to scale up and down quickly and easily, but it also means that you have also just released control.  Through using an SLA-backed global backbone, you can ensure:

• Direct IaaS connectivity to Azure, AWS & Google. Traffic from sites and remote devices is optimized and routed via the shortest and fastest path
• Latency reduction and optimisation performance at a fraction of cost of dedicated links such as ExpressRoute & AWS Direct
• Support and optimization for Unified Communications and UCaaS traffic with end-to-end guarantees of performance with Quality of Service

Enabling and Securing Remote Working

One key scenario, where the SASE approach really comes into its own, is in enabling and securing remote access. With more and more people working from home, the remote worker is effectively becoming the new branch office. SASE provides visibility over resources and the ability to apply one set of polices to the user, whatever their location or device, which simplifies security management and company-wide governance.  A few instances where remote security can be aided by SASE:

1. Zero Trust Network Access provides granular user access to the specific resources and applications needed to carry out their role
2. Unmanaged devices, which employees or contractors might use, like personal mobile phones and laptops can be given restricted access, versus trusted access via company-managed devices
3. Access to sensitive information can be restricted for un-managed devices to prevent the loss of data
4. Simplified implementation and management of multi-factor authentication

Which all adds up to easier network management, stronger security and ease of use for remote workers.

In conclusion…

The approach and starting point that you take in implementing SASE will depend on your current and future business needs.  But, wherever you start, you will be on the right path for accelerating your organisation’s digital transformation along with simpler management of your network, cloud applications and security capabilities.

Get in touch. We can help you to evaluate your current environment, understand the best fit for your IT infrastructure and business, and help design and implement the right solution. With just an hour-long whiteboarding session we can help set you on your path to SASE and a flexible and secure network. Book a technical consultation >