What is SASE, and why all the hype?
Secure access service edge (SASE) merges cloud networking and security. It includes various components such as SD-WAN, secure web gateway (SWG), and cloud access security brokerage (CASB), among other technologies. The goal is to unify networking and security through a single platform, which does not necessarily have to be provided by a single vendor. The benefits of SASE include faster networks, next-gen security features, and streamlined IT environments.
Justin weighed in: “It almost feels that SASE—the convergence of network and security—was almost inevitable, especially as SD-WAN continued to mature… [SASE development] accelerated through the pandemic, where security was no longer governed by just the place you went to work; it was where you existed everywhere. And it forced organizations to rethink how they secure all their users’ endpoints regardless of where they are.”
Jon explained where the hype surrounding SASE originates. “All OEMs started to say, ‘Well, let me define SASE. It’s whatever else I do also. I bought this company, and now I do EDR. Isn’t that part of your SASE?’… And so that’s where we talk about some of the hype—SASE doesn’t mean it’s one size fits all. You don’t have to buy every SKU from the same OEM, but that’s what’s created this paralysis coming back out [of the pandemic].”
Jon pointed out that enterprises did not have a choice in 2020. They needed a VPN solution to accommodate a remote workforce as fast as possible. However, now and moving into 2024, organizations can create an accurate roadmap for integrated security that works for their specific environment.
Learn more: SASE: What is it, why now, and is it right for you?
Single vendor vs. best-of-breed SASE
A recent study from Gartner predicts that by 2025, as many as 50% of organizations will adopt SASE, up from just 5% several years ago. Many of these organizations will choose a single-vendor approach. “While that sounds well and good… I’ve seen single vendor SASE just now starting to be a talking point,” Justin said. CBTS maintains that there is currently no single-vendor SASE solution that will completely meet all the needs of an organization’s integrated networking and security. CBTS still recommends best-of-breed, customized SASE environments, especially for large enterprises. However, it seems clear that market forces will continue to drive SASE solutions into consolidation.
As CIOs plan SASE adoption over the next three to five-year cycle, should they consider single-vendor or best-of-breed for their organization? Do the streamlining benefits of single-vendor SASE outweigh the customization of best-of-breed solutions?
Jon said, “How are you doing it [SASE implementation]? Are you doing it yourself or working with a managed service partner? … One of the things we try to do with our customers at any stage (whether that’s mid-market, enterprise, it doesn’t matter) is to bring best-of-breed solutions and put a simplified wrapper around them. CBTS is managing it. You shouldn’t care what the logo is.”
The challenges of SASE
Jon and Justin identify several critical challenges to enterprises seeking to implement SASE:
- Understanding your current environment – Organizations need to assess what is in place, what still has value, and what has depreciated in their environment.
- Vendor selection and price models – Researching, budgeting, and negotiating are primary obstacles to getting the most value out of a SASE solution.
- Quality of experience – OEMs focus more on getting 100% wallet share instead of executing as well as possible. Operational excellence in deploying SASE solutions is not yet present in the single-vendor market.
- Security threats – There is still an attack surface at the branch, and the physical world still exists, even with virtualized infrastructure like SD-WAN and SASE.
Critical considerations for integrating SASE with an existing infrastructure
Most experts recommend phasing out legacy VPNs in favor of zero trust network access (ZTNA) within the next six months. So, IT leadership might be anxious to implement SASE as quickly as possible.
Jon and Justin urge caution and recommend that your organization think through several core points:
- Assess your current environment before implementing new technology.
- Migrating to new technology requires upfront legwork and planning. Is your organization prepared financially and operationally to take on the task?
- A three to five-year roadmap implementation requires a dedicated project team and manager.
- Starting with small wins is better than trying to do everything at once.
How does the concept of zero trust fit in with SASE?
Jon and Justin discussed the benefits of zero trust network access and the role of SASE within the larger framework of zero trust. They highlighted the importance of securing end-users and improving the employee experience, particularly when accessing applications from multiple devices and locations.
Jon said, “When we look at ZTNA, it’s the first tool that allows us to deliver a great employee experience from wherever they are. We’re distributing that architecture globally. So rather than having to come back to a data center or a server running an application, we can go to the closest geo-cloud to authenticate.”
They noted that ZTNA provides a more secure and reliable alternative to VPNs, which can be vulnerable to attacks and can negatively impact performance. Additionally, they emphasize the need for identity access management and governance in conjunction with ZTNA. Overall, both experts believe that ZTNA is critical to building a more robust and secure architecture and should be adopted as part of any organization’s cybersecurity strategy.
Learn more: How to secure your data by implementing a zero trust architecture
What does the future hold for SASE?
The short answer? It depends. Jon explained, “It depends on the organization and what you’re hiring SASE to do. I think there will absolutely be organizations where ZTNA is the network. You have an Internet pipe, and you have a laptop running ZTNA client. Do I need a firewall if every laptop is a firewall? And so maybe I will just protect the data center.”
As SASE vendors continue consolidating and streamlining their offerings, choosing an MSP that genuinely understands the technology and works as an advocate on your behalf is increasingly important. CBTS is your ideal choice as a technology partner because of our vendor-agnostic approach. Our team can create the best-of-breed solutions that best suit your enterprise. With CBTS managed services, you retain a single point of contact, no matter how many OEMs are deployed, to keep your network fast and secure.
Get in touch to learn more.