In 2019, Gartner defined a new category, that it said will transform network security as we know it – the Secure Access Service Edge (SASE). What is SASE? It is a new architecture to deliver common networking and security capabilities to every user, accessing any application, at any location, in a consistent way. This value proposition is applicable to enterprise of all sizes, yet “the devil is in the details”.
SASE has two conflicting attributes: the features are well known; the architecture is brand new. Focus on the features and every large vendor seems to have SASE. Focus on the architecture and very few do. Let’s explore the new SASE architecture, which is based on a converged, global, cloud-based service that serves all enterprise edges.
SASE’s architecture was defined to change the point-solution landscape that dominated IT for the past 20 years. How? The first key attribute is convergence. Instead of buying SD-WAN, firewalls, secure web gateways, global and cloud connectivity, and remote access as point solutions, SASE converges them into a single platform, ideally from one vendor. Convergence, if done right, enables a SASE single-pass engine with a single policy to process all traffic going through the SASE service. Some SASE solutions see only cloud traffic, others are built to see traffic between physical locations. SASE should see all traffic between all users and all applications, regardless of where they reside geographically, whether they are at home or in the office, or accessing applications on-premises or in the cloud.
Convergence, however, is just the beginning. SASE is also a global cloud service delivered via a large number of Point-of-Presence (PoPs). The benefits here are apparent to anyone using cloud infrastructure providers like AWS and Azure. With a cloud service, then someone else takes care of sizing, scaling, patching, high availability planning, and evolving the capabilities with no effort on IT’s part. No need to invest precious resources just to keep the lights on. And, if that cloud service is global, then IT doesn’t need to worry about regional hubs to service remote locations and users. No colocations, no appliances installations, no concentrators, no backhauling.
Lastly, SASE can, as a cloud service, extend its capabilities to all edges. Datacenters, offices, cloud, and users can all “plug” into the SASE service (this is where SD-WAN and Remote Access Clients come in) and benefit from a consistent optimization and security capabilities.
But If you run a Fortune 500 IT networking and security infrastructure can you actually move to SASE?
From the mid-enterprise to the Fortune 500: the roadmap to SASE
SASE is a transformation roadmap for IT infrastructure. We have seen many mid-to-large enterprises migrate to SASE. These enterprises need to deliver agile and scalable digital platform to the business but have fewer resources to “own” an increasingly complex infrastructure. For them, SASE was a godsend.
What can a very large enterprise do? The answer is start small with a strategically targeted gradual deployment. Take a specific use case or region and start there. For example, Zero Trust Network Access (ZTNA). Like all organizations, many Fortune 500 companies had to adapt to the massive shift to Work-from-Home. This change has prompted multiple projects to overhaul the legacy VPN infrastructure, hence ZTNA. SASE has been closely linked with ZTNA because it is a cloud-scale way to deliver secure remote access to applications. A large enterprise can take one of two approach. Buy a SASE point solution for remote access (yes, they exist), or get a SASE platform that can address the immediate need for remote access but can also extend to other use cases. For example: secure and optimal Internet access at branches (SD-WAN+SASE cloud-based security), multi-cloud networking (SASE as a fabric to connect diverse cloud edges), and optimize delivery of global voice, video, and remote desktop access.
Once a true SASE platform is in place, covering a single use case, you can extend it to additional business segments, geographies, or technical requirements. Look for these strategic opportunities to place a SASE platform, and then let it “compete” for new projects against legacy approaches. Onboarding 20 new sites from an acquisition in Singapore? Use SASE or deploy your standard security and connectivity stack. Need to enable connectivity to cloud infrastructure? Connect it through SASE or deploy a multi-cloud networking product.
If you start your journey today, you can help the business realize the benefits of the SASE transformation earlier rather than later.