Secure Access Service Edge (SASE) is gaining ground as digital transformation is increasingly seen as an answer to the global challenges unfolding before our eyes. Yet, organizations are wary of its often complex and prolonged implementation and want to play it safe with their choice of SASE solution. Their needs may vary – some may want to focus on protecting crucial data, others go for combining networking and security features in the cloud, or streamlining their security wherever there is work to be done.
Whatever your reason for choosing SASE, there are some universal considerations for getting the best out of your future SASE solution – read on to find out the most important ones.
1) Should you go for single-pass or best of breed?
Today many vendors offer so-called single-pass SASE solutions that combine broader networking and security features as part of a single platform. Considering the equal importance of the two, these solutions are marketed as “complete” since the same vendor will offer you both security and SD-WAN, for example.
This option may sound like a dream come true, but few providers offer this type of solution even in 2021. This means that you may be limiting your selection options from the outset.
Going for multiple vendors to deliver the best of breed functionality is a more flexible option for network security, WAN, and LAN. This means that you can choose a different provider for each component of the security system such as a firewall or VPN. The same goes for all the features you want to see in your SASE. Yet, bear in mind that this type of integration can be more complex because you need to support sufficient interoperability.
What you should certainly do is to go for the providers that are proven to offer quality support for their partners’ ecosystems. This will make the introduction of SASE or its integration with an existing infrastructure easier, and make the management of networking and security smoother and with fewer headaches down the road.
2) Do you go for native cloud deployment or the edge?
Virtualization of network features with SASE can be done with the help of the public cloud. The other option is an approach with more focus on hardware, with the deployment at the edge of the cloud. Both approaches come with their sets of pros and cons.
Virtual Private Cloud can be used with Network Function Virtualization to secure workloads that are part of these private clouds. The same goes for setups with multiple virtual private clouds of your cloud provider. What makes things a bit more complicated is that multiple environments require duplication of individual setups for each cloud service provider. This comes with additional costs and the need for more complex technical expertise.
At the edge, you can have a single setup to cover all users and locations. Going with this option simplifies managing multiple functions in different environments which comes with greater efficiency and less trouble in terms of support.
3) How close do you want to be to your assets?
Being closer to the source i.e. to the place where the data and applications are needed is important when it comes to planning their future management. The idea is that these valuable assets need to be made accessible to the users as fast as possible. This is where SASE comes into play as a way to distribute network architecture.
To achieve this, SASE implementation relies on the public cloud, private data centers, and colocation. SASE stack operates with the help of nodes that are found in the proximity of the public cloud. The result is easy access to cloud-based resources which is not impaired by high latency.
This is why SASE works best if your organization does not want to build its own secure access and networking infrastructure brick by brick. Instead of this, SASE will provide you with a single solution that functions as an umbrella for all devices, users, and policies. If you are after minimizing networking costs and streamlining deployment with the proximity of resources as a bonus, SASE is the path to go.
4) Check your provider for the quality of integration and the global coverage
By definition, SASE should provide you with a platform that brings together security and networking functionality in a cloud-native environment. This should not be taken for granted, as some providers may market their solution as SASE despite failing to fully converge the services on offer. For instance, you can check if SD-WAN is fully integrated with security functions such as NGFWaaS or SWG.
Also, SASE is a cloud-native solution, meaning that this quality should equally encompass all points that constitute your network’s edge. This includes cloud, mobile, and on-premise environments.
Your SASE solution should also offer a balanced performance wherever it is needed. This is ensured by the points of presence that your provider operates to ensure the optimal experience of using SASE. Check these in advance to avoid unwelcome outcomes when trying to use an application you need at a critical moment.
5) What about Zero Trust Network Access?
The traditional approach to protecting cloud and mobile environments with endpoint solutions does not cut it today when compared with SASE. SASE uses Zero Trust Network Access (ZTNA) with a set of specific benefits.
For starters, you will find it easier to introduce policies that can deny access to particular IP addresses. This allows for more granular access control all the way to individual identities.
SASE with ZTNA allows for easier scaling of network security no matter how fast your network grows. This is made possible since it can support multiple tenants as part of a cloud-native platform.
Also, better security with ZTNA is ensured by having SASE offer more than an ancient castle-and-moat approach which is often unsuitable for modern network topologies and edges.
Conclusion
Choosing the best SASE solution is no easy task, but sticking with key considerations such as those we presented above should make it a bit easier. While minding all of them is useful, you should also consider that your individual use case will also have an impact on your final choice of SASE, as this is a complex technology and not a skeleton key for every situation you can think of.
