How to Monitor and Manage your SASE architecture

When Gartner first introduced the concept of “secure access service edge” (SASE, pronounced sassy) into the enterprise IT lexicon back in August 2019, they had estimated that “by 2024, at least 40 percent of enterprises will have explicit [SASE] strategies,” up from less than 1 percent in 2018.

Flash forward to today, and not even Gartner could’ve predicted the smorgasbord of intersecting world events that effectively upended every enterprise’s short- and long-term IT initiatives.

Now, most enterprises have had to go cloud-first by default in order to connect their increasingly distributed footprint of remote workers in the face of a global pandemic. And while wide area networking (WAN) transformations had been on many enterprise teams’ wish list prior to 2020, it’s safe to say that decentralized concepts such as SASE are set to become the enterprise norm well before 2024, if not sooner.

So what is SASE exactly?

SASE solutions are cloud-deliver solutions that combine WAN services (SD-WAN) and network security services (ie. CASB, firewalls, SWGs, and zero trust network access) into a single management system to help ensure secure access to network resources for a distributed network of end users. These solutions essentially marry the best practices of edge computing with a company’s security protocols to help businesses safely scale their network access policies when traditional, hub-and-spoke network architectures get thrown out the window.

A SASE solution would be able to effectively identify users and devices on the WAN and safely grant access based on corporate security protocols, regardless of a user’s location.

There are three overarching characteristics of SASE solutions:

  • SD-WAN private backbone: With SASE, traffic is routed over familiar SD-WAN pathways between individuals PoPs used for security and networking software. In most instances, traffic won’t be sent directly over the Internet (unless users are connecting to the global SASE backbone), both to ensure performance and keep data secure.
  • Ongoing inspections/enforcement: Aside from “intelligently” connecting users over predetermined pathways, SASE solutions must provide inline traffic encryption and decryption, for starters. These tools should also deliver services like DDoS protection and the ability to ensure adherence to local regulations (ie. GDPR) as part of the service suite.
  • As-a-Service: SASE should be cloud-born and cloud-delivered, meaning there are no specific hardware requirements. It should also be multi-tenant to ensure teams can scale their SASE architecture as their user base expands or relocates, and as the business-critical tools teams leverage evolve.

The goal of these solutions is to help synchronize network security and management in a world where traditional network architectures (ie. those centered around backhaul to a corporate data center) are insufficient in keeping a decentralized user base connected. But even with these solutions helping to better inform the journey network traffic will take from an end-users device to network resources, enterprise IT teams still lack inherent visibility into potential issues along every step of these delivery paths.

SD-WAN + Security?

The conundrum isn’t that dissimilar to what teams face with traditional SD-WAN monitoring: SD-WAN solutions are often used for VoIP and video calls since access to broad bandwidth pipelines provides reliable connections and reasonable call quality. The problem? Because SD-WAN is an edge technology, companies lack granular control over QoS.

And while SD-WANs are ideal for managing network and application loads, they provide virtually no context about user interaction with these applications without additional application monitoring. It’s a birds-eye view, ideal for getting the big picture but not so useful when it comes to per-user data. The benefit of SASE is that it actively identifies users and devices, but granular detail on performance is still limited.

Enterprise IT teams need to leverage comprehensive performance monitoring solutions that can grant end-to-end visibility into all network environments involved in connecting users to the corporate network. This calls for a vendor-neutral approach to monitoring that can deliver critical network KPIs without adding another layer of complexity into their already complex network management system.

To learn how teams can gain visibility into all your network connections, schedule a demo with AppNeta today!

Author's Bio

Paul Davenport

Marketing Communications Manager, AppNeta
Paul has an extensive background in tech journalism, content marketing and public relations in the B2B space, with a focus on cloud, cybersecurity and networking technologies. He studied Print & Multimedia Journalism at Emerson College.

Paul has an extensive background in tech journalism, content marketing and public relations in the B2B space, with a focus on cloud, cybersecurity and networking technologies. He studied Print & Multimedia Journalism at Emerson College.