What criteria would you follow when choosing a SASE solution?
The SASE market is beginning to take shape as multiple vendors have already started adding networking and security capabilities to their existing solutions to create a “SASE” solution, which they believe is set to give them an upper hand in the crowded networking solutions market.
Many of the vendors are stitching together multiple solution to create a SASE model as they are not yet capable of delivering the full benefits of SASE. This approach will result in the solution having poor integration capabilities in the long run.
This is why it is very important to have a pragmatic approach towards identifying which vendor solution can truly meets the requirements of the modern digital business.
Understanding the SASE model
Before you start comparing SASE providers, it is very important to have a clear understanding of what SASE is. If you ask me to explain SASE in one line, I would say that,
“SASE is the convergence of networking and security functions into a cloud-delivered platform.”
I have had multiple discussions with experts in the field and also with my own colleagues at work. Everyone has a different understanding of what SASE is, but where we all converge is what SASE tries to achieve.
For me SASE is all about, “Leveraging the capabilities/functionalities of existing networking and security solutions to securely connect ‘n’ number of remote users (irrespective of where they are) to their applications, all sitting in the cloud.”
Or like how one of my colleagues who has more than 20 years of experience in the networking industry and a keen observer of SASE would put it, “SASE is being able to securely connect to an application, from anywhere”.
Gartner describes SASE as an identity- centric architecture that converges and inverts traditional datacenter-focused architectures. In other words, SASE combines network and security functionality in a model where user and resource identities, not physical data centers, are what determine access decisions.
How to evaluate SASE vendors?
What does SASE promise to offer?
The promise is that it will deliver converged network and security service on a global scale and reduce cost and complexity while improving visibility, agility and application performance. However, to make sure that your enterprise benefits from the full potential of SASE, it is crucial to ask the right questions and understand the key criteria by which to evaluate SASE providers.
1.Are networking and security services integrated?
SASE combines networking and security functions into a single cloud-native platform. If a SASE provider is unable to provide a platform that converges both networking (SD-WAN, WAN acceleration) and security services (NGFWaaS, IPS, ZTNA and SWG), they are not a true SASE solution.
2. Is the platform cloud-native?
To deliver the full benefits of the model, a cloud-native approach is required. SASE is all about identity and this approach should extend to all network edges, including on-premises, mobile and in the cloud. A converged cloud-native software stack can certainly meet this requirement.
3. Will you have optimal network performance on a global scale?
A global network backbone is not a requirement for SASE, but getting optimum experience anywhere is the world is a must for the end user. This is why the number of PoPs (points of presence) that each vendor possesses matters. If a user is connecting from the Philippines, but not through a PoP in the Philippines, but through one in Singapore, then it is not ideal as it is not the most efficient route to reach the desired application.
4.Does the SASE provider enable ZTNA (Zero Trust Network Access)?
ZTNA is an integral part of SASE. It provides the granular identity driven aand contextually aware approach to network security that the legacy “castle and moat” approach could not. This legacy approach is difficult to extend to cloud and mobile endpoints. With ZTNA, enterprises can configure application-specific access based on user identities for cloud, mobile, and on-premises users and resources.
5. Does the SASE provider reduce network complexity and cost?
AT the end of the day, what would an enterprise want out of a SASE solution?
Yes, it finally comes down to just a few simple things. Features such as ZTNA, NGFWaaS, SD-WAN and WAN acceleration will help ensure SASE vendors improve network performance and security posture, but that is only half the story. SASE should be able to drive down cost and complexity. So, how can you reduce cost? Well, cost savings stem from a reduction in Capex and Opex due to less appliances to source, provision, monitor, patch and replace, thanks to a cloud-native multitenant architecture. Complexity also goes down for many of the same reasons.
So, organizations should be looking at the most integrated solution, one that is cloud-native, along with open integration capabilities. This would mean reduction in costs, less complexity and more secure access for all endpoints.