Menu
Tailoring SASE to enterprise requirements

Tailoring SASE to enterprise requirements

Secure access service edge is a well-defined model, but there are variations that achieve the same ends and give businesses flexibility to meet larger goals

Credit: Dreamstime

Businesses considering the secure access service edge (SASE) model need to understand that there are numerous ways to implement it that can be tailored to their future needs and the realities of their legacy networks.

As defined by Gartner, which coined the term, SASE calls for security to be built in as part of the network and delivered as a cloud service, but that might not fit the circumstances faced by all enterprises.

Depending on their needs, it may make more sense to have SASE delivered as a managed service package or even in an architecture that includes privately owned security infrastructure that is managed from the cloud – alternatives that can achieve the same goals.

Understanding SASE options

SASE is the next step for wide area network (WAN) transformation. Current WAN architecture has largely remained the same for the better part of four decades. SD-WANs were a big leap forward and made the network more efficient but did not transform it. SASE optimises it for current trends such as cloud, mobility and even the rise in work from home induced by Covid-19.

One issue with SD-WAN is that it creates new security challenges. For example, SD-WANs make it simple to configure a split tunnel from a branch office so workers can have direct access to the cloud instead of having to go over the corporate WAN and out to the data centre.  This improves user experience and uses the network more efficiently, but it also creates a huge security hole.

One way to fix it would be to put a firewall in every branch office, but that’s expensive and creates an operational headache because keeping dozens or even hundreds of firewalls in sync is difficult, if not impossible.

SASE addresses this by integrating security capabilities into the network so they become a network service. Management of security and networking is done via the cloud so administrators can make a change once and push it to every location at once.

Integrating security and networking doesn’t just evolve the WAN but transforms it. Traditional WANs, SD-WANs included, connect and secure branch offices and company locations. SASE enables businesses to connect remote workers, IoT endpoints and anything else that needs to connect.

For businesses considering SASE, it’s important to understand that there are numerous ways of consuming it. Here are a few.

Cloud-native SASE

Following the Gartner definition, cloud-native SASE is where all network and security services are made available via the cloud. The only on-premises infrastructure is a lightweight hardware device similar to a home router that directs the connection to the cloud node.

Recently, a few SASE vendors have released software clients enabling a computer or IoT endpoint to connect directly to the cloud, obviating the need for additional hardware.

The benefit of this approach is that any location as small as a single device can have enterprise-grade security and network services. The downside is that for large locations, SASE generates a significant amount of network traffic as all security inspection is done in the cloud. Cloud-native SASE is best suited for highly distributed organisations with many small locations. Insurance companies and retailers are good examples.

Cloud-managed on-premises SASE

The world may have gone cloud crazy, but there is still a role for on-premises infrastructure. With SASE managed from the cloud, each location would have its own router, firewall, unified threat management (UTM) and other security appliances. Managing them from the cloud is critical to success because it provides the ease of use of cloud-native SASE.

The big benefit is that all security inspection is done locally, improving the performance of large sites. A big downside is obviously the cost of supplying each location with hardware.

Another benefit is that this approach offers some level of investment protection. If the organisation recently purchased on-premises infrastructure, it may not be ready to toss it out. Shifting to a cloud-managed approach enables companies to keep using their relatively new routers, firewalls and other devices.

Cloud managed on-premises SASE should be used for organisations that have hundreds or thousands of workers in a single location. Manufacturing organisations and healthcare institutions are examples. Also, companies that prefer a do-it-yourself model should choose this approach.

Managed SASE

While SASE offers many benefits, it does increase the complexity of the WAN.  Network engineers need to consider things like where to use split tunnels, level of meshing between offices, how to provision security, creating user profiles and other factors. Legacy WANs were inefficient but had fewer considerations.

SASE lets businesses do much more with the network but also rachets up complexity to a level that many organisations may not have the skills to address. Managed SASE has the benefit of allowing a third party that’s well experienced in best practices to configure and run the network.

The downside is a loss of control. A recent trend has been for managed service providers to offer co-managed services where the organisations can perform tasks it’s comfortable with and offload other functions to the MSP.  Businesses looking to move quickly to SASE but are highly risk tolerant should look at a managed service.

Hybrid is an option

Ultimately, most organisations of any significant size will likely take a hybrid approach where a combination of cloud-native and on-premises SASE is used. Consider a global law firm with one or two offices per country, but each location having hundreds of employees.

The firm could use on-premises infrastructure for the physical offices but connect home workers with a cloud-native service. Another example is manufacturing organisations that use local infrastructure for large facilities and connects its autonomous vehicles using cloud services.

Strategies for SASE adoption

A fast path toward SASE may be to shift current infrastructure to being managed by equipment vendors’ cloud-management tools. It’s likely that products made during the past couple of years offer such an option, even though customers might not use it today. Using these tools can ensure that policies and configuration parameters easily be ported from a traditional WAN to SASE.

If a cloud-native approach is being considered, see if the vendor offers a path to cloud-managed on-premises infrastructure. This becomes important as the number of corporate locations grows.

At deployment time, businesses may have a number of small locations and prefer a cloud approach.  Over time, if one or more of the locations grows to the point where network overhead is causing problems, the business will want to shift to a cloud-managed on-premises model. Ideally, the vendor would offer a transition plan so that can happen without disruption.

Another key consideration is security. Some of the smaller SASE vendors have their own security stacks, but the customer organisation may prefer the comfort of using a name-brand vendor.

Many SD-WAN vendors have partnered with the top security companies to round out their SASE capabilities so potential customers should find out what security vendor is involved to make sure they are working with the security vendor of their choice.

Enterprises should ensure their SASE provider has a rich dashboard that provides visibility and analytic capabilities. Although this isn’t part of the Gartner definition, it should be. Networks aren’t static and need to evolve as businesses do. This requires having end-to-end visibility of network traffic patterns, density of users, security policies and other factors

SASE vendors need to provide this so customers can be informed and make changes when needed. Even if a managed service is used, the MSP needs to provide visibility into the environment. As the axiom goes, you can’t manage or secure what you can’t see, and with SASE it’s critical you see everything.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments