How do I select a SASE solution for my business?
Many organizations have turned to SASE adoption as a result of the pandemic, seeing it as a a security-first initiative, a recent survey has revealed. The report found that 48% of those surveyed view SASE as a security-first initiative, while 31% see it as a network-first strategy. SASE adoption is most often being led by senior IT leaders, and is still relatively early, with only 37% having begun implementing a plan.
But while it can be a lenghty process, it has a lot of benefits.
To select a suitable SASE solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.
Amit Bareket, CEO, Perimeter 81
My top recommendation for CISOs evaluating SASE solutions are:
Prioritize the tools that are most critical for your organization. Since SASE is a relatively new concept, no SASE vendor offers the full set of networking and cybersecurity tools. CISOs should evaluate their organization’s top cybersecurity priorities, then determine which SASE solutions best address those needs. For example, effectively securing remote access should be a top priority for many organizations due to hybrid work, so a SASE solution with a strong ZTNA component to replace hardware VPN solutions is critical.
Don’t attempt to implement everything all at once. Completely replacing existing security infrastructure at once is unrealistic. SASE is a cloud-based, software-driven solution, making it easy to integrate into existing infrastructure and allows for a gradual shift from on-premises networking security infrastructure to the cloud edge. Focus on a smart, long-term strategy for a SASE rollout rather than trying to suddenly replace everything.
Don’t underestimate the importance of user experience. In order for a SASE solution to deliver its ultimate value, it should be easy to manage, to scale and easy for end-users to use in their day-to-day work. You should give as much weight to a SASE vendor’s UI/UX as to their security features. Remember, if a cybersecurity service doesn’t work well for your team, it won’t really work at all.
John Graham-Cumming, CTO, Cloudflare
SASE models replace legacy networks and appliances with cloud-delivered solutions that improve security, visibility, and speed.
Vendors need a network that does force organizations to compromise on those goals.
Organizations should select a SASE solution that has a network with the following capabilities:
- The scale to handle their organization’s traffic
- Points-of-presence deployed close to their users
- Each point-of-presence can run all SASE services, and
- The network accelerates their traffic.
Next, organizations should define their goals for their SASE journey and choose a vendor that can meet them where they are. Test the following outline against the SASE vendor’s feature set and roadmap.
- Start by migrating applications that live on a virtual private network (VPN) to a zero trust solution where the network evaluates every connection and request for identity, device posture, and other signals.
- Next, protect your organization with DNS filtering – a base layer security that can be deployed to offices and devices in minutes.
- Expand security filtering by applying HTTP inspection and replacing network firewalls with a firewall delivered in the SASE vendor’s network.
- Build on the deployment of Secure Web Gateway filtering to apply data loss prevention (DLP) rules.
Finally, consider the ease-of-deployment and ease-of-use of each vendor. The biggest challenge to SASE deployments can often be the inertia inside an organization to transform its security model.
Marc Lueck, EMEA CISO, Zscaler
When it comes to implementing SASE, it is essential for organizations to know what business value they are trying to achieve, and then to visualize the outcomes that will support that value. For example, organizations should know whether SASE is being used to improve access capabilities such as latency and bandwidth or whether it is being used to save on costs – then implement SASE accordingly.
Another effective way of using SASE is to ensure security across the whole of companies’ corporate networks. If an organization is just implementing SASE for the acronym, then they have already made a mistake – it’s about the business outcomes and not just the SASE name.
At its very core, SASE pushes the controls to the edge but keeps as close to the user as possible. In the past, security was primarily about finding sensitive data or traffic and then applying controls. However, SASE is fundamentally flipping this upside-down ensuring traffic flows through a common point, which means an organization can inherit controls even after SASE is in place. When a company is looking at the best way to deliver this model, they need to ensure they use a trusted security partner who understands the fundamentals of SASE.
Shamla Naidoo, Head of Cloud Strategy, Netskope
Earlier this year, I helped survey 900 executives and 49% of them cited complex infrastructure as their biggest impediment to building out a more secure technology footprint.
Many CEOs are on a cloud journey not because they want to replace aging infrastructure, but because they must build business capability quickly. They want speed and scalability to enable business transactions and serve clients globally. And with the increase in remote workers connecting to services all over the internet, there simply aren’t enough security skills at most organizations to secure the influx of data. Therefore, security must not add complexity and instead support the need for speed and scale, to which SASE is well-suited.
When looking for a SASE solution, evaluate if it:
- Accelerates security while simplifying the technology needed
- Consolidates multiple layers of security protection into a single platform
- Offers convenient convergence points to inspect traffic and apply policies seamlessly
- Reduces latency to speed up transactions
- Removes friction in the workflow to create a hyper-productive workforce
- Offers career paths with skills for the future vs. older and disparate technical security skills
- Adapts security solutions for multi-cloud environments
- Offers fast yet granular protection for data assets, which are the most valuable digital asset for most companies
Edward Qin, Chief Product Officer, Algoblu
SASE is not a new technology but an architecture to integrate networking and security technologies. SASE is responsible for securely accessing applications in the cloud or private data centers from any device at any location.
When considering SASE, here are key criteria to evaluate vendors:
Single-vendor vs best of breed: Networking and security are distinct technology sectors and equally important for organizations. Today there are few vendors who can provide a complete SASE portfolio. Choosing different vendors to provide various functional stacks with leading-edge networking and security capabilities can realize the full benefits of SASE.
Ability to integrate IT infrastructure: Organizations moving towards SASE cannot replace existing network and security infrastructures overnight. Vendors’ ability to make this transition smoothly is critical.
Internet-based backbone vs private backbone: To ensure users’ access to the applications and data in cloud or private data centers, vendors having a private backbone is key to guaranteeing latency and optimizing network performance.
Microsegmentation tool: Microsegmentation improves visibility into data flows and restricts access to applications and data based on approved identities and roles. Organizations need to select vendors who have the granularity that is right for a specific environment according to the risk profile of applications.
Terry Traina, CTO, Masergy
Every provider approaches SASE differently, so teasing out the differences is important. Three key things help CISOs choose wisely.
Core capabilities
Gartner defines SASE solutions as having five capabilities (below). Few vendors offer a complete solution today. Align your needs with their strengths.
- SD-WAN
- Secure Web Gateway (SWG)
- Firewall as a Service (FWaaS)
- Cloud Access Security Broker (CASB)
- Zero Trust Network Access (ZTNA)
Effective cybersecurity today goes beyond this checklist (ie. endpoint security, threat detection and response services, AI and security analytics). Providers ideally should cover the wider gamut.
Tech stack compilation
Solutions must consolidate all five tools (above) into one toolbox, and providers typically take two different approaches with pros and cons to both:
Homegrown solutions
Pros: Solution simplicity
Cons: You may not always get the best available technology, and you may need to rip and replace overlapping technologies where you’ve already invested.
Best-of-breed solutions
Pros: All the leading brands/tools in your toolbox
Cons: Integration can cause complexities when everything should interoperate.
Mastering a constellation of capabilities
With SASE, clients rely on a single provider to deliver a constellation of services, so it’s critical to understand your provider’s strengths and weaknesses which can yield very different SASE offerings and client experiences.