Paving your path to SASE: 4 tips for achieving connectivity and security
Today, optimized network connectivity and security are both first-class citizens; IT teams can no longer sacrifice one for the other.
As the number of distributed workers continues to skyrocket, the quantity of new devices linking to company networks follows. Consequently, IT teams cannot effectively combat all their Internet connectivity and security challenges.
In response, enterprise usage of Secure Access Service Edge (SASE) has soared. SASE helps by teaming cloud-based SD-WAN with cloud-delivered secure service edge (SSE) security services — including access control, threat defense, data protection, security monitoring and more — to deliver a boundless security perimeter while radically increasing performance.
As you consider building or modifying your SASE architecture and start your vendor search, finding a sole provider for converged SASE solutions will be tough. Security-as-a-Service (SECaaS) vendors struggle with SD-WAN because their background has been historically to block or drop traffic, not ensure timely delivery of critical service. Alternatively, some Network-as-a-Service (NaaS) vendors are gradually proving they have the chops to blend both security/networking into their SASE solution.
There are also other issues to ponder: Should you prioritize deployment of SD-WAN over SSE? How do you successfully deploy SSE? How do you integrate best of breed SD-WAN and SSE components to achieve your ideal SASE solution?
Let’s explore each of these questions.
1. Giving SD-WAN and SSE equal weight in your SASE game plan
Most companies will prioritize SD-WAN over SSE because it’s logical: If they can’t connect to their resources, they can’t make money.
For example, sometimes when IT teams introduce security into an organization, they adopt the approach of “leaving the gates open.” They’re simply monitoring the network without making any big security upgrades that could temporarily pause business, potentially resulting in millions in lost revenues. So, optimized connectivity remains a necessity.
But if you’re prioritizing connectivity over security then you might be missing the bigger picture. You’ve seen the headlines — no enterprise remains safe from ransomware attacks or network security breaches. Even nation-state actors are launching cyberattacks. This presents a truly dire situation, which requires pervasive SSE throughout your network, where nothing transacts without a security gatekeeping mechanism.
2. Using SD-WAN as your SASE starting point and launchpad to SSE
Without laying the proper connectivity foundation with reliable SD-WAN, implementing SSE will be difficult. You’re not going to easily integrate your connectivity with security or easily steer your traffic. It’ll be like a flashback to 1990, where you’re banging away at the command line interface, just typing on a keyboard, as opposed to using a web interface, APIs, and automation — SD-WAN’s secret sauce that turns a 1000-minute job into a five-minute job.
What’s the key to building your ideal SASE solution? Find SD-WAN vendors who offer:
- Strong partner ecosystems
- A proven track record for servicing large global customers
- An established SD-WAN solution that seamlessly connects with renowned SSE tools as well as the third-party SASE solutions that may already be in your mixed environment
3. Use an established NaaS vendor as your SD-WAN supplier
Why do most SECaaS vendors fail at delivering a true SD-WAN solution? Maybe they took shortcuts when they built their SD-WAN solution.
Many SECaaS vendors will make SASE a security conversation because they may excel in one area like SSE but may lack expertise in another area like SD-WAN.
To compensate, these vendors may buy another company which may not deliver an optimum SD-WAN platform.
Alternatively, SECaaS vendors may acquire and assemble SD-WAN components and call that SASE instead of building out a true SASE platform.
For example, SSE/SECaaS vendors have struggled to address the connectivity use case and either turned towards acquiring an SD-WAN vendor or chose to partner with a best in breed SD-WAN provider. Unfortunately, this approach has led to component-based solutions that don’t have optimized performance in the same sense a truly integrated SASE solution would have.
Your best means for optimizing your network solution is to select a vendor who offers an established SD-WAN solution that helps create the access layer within your WAN that connects other renowned SSE tools, while ensuring end users receive rapid, dependable, and secure access to their apps.
4. Integrate best of breed SD-WAN and SSE solutions for best results
If you’re beginning your SASE journey, and especially if you support a large IT environment, you might be considering an integrated, multi-vendor SASE approach. This mixed offering empowers you with choice and flexibility, piecing your ideal SASE solution together to get the exact capability that your business needs. Are you interested in upgrading your SD-WAN? Or do you need a secure web gateway? This flexibility lets you evaluate components individually, empowering you to choose best of breed components across SD-WAN and SSE vendors. Think of it as having Ferraris in each of your respective technology domains.
So, in this scenario, you’re not cutting over all your services at once — you’re finding vendors who support a phased migration, which is much simpler to manage.
This mixed solution is also easier if your organization has siloed security and networking teams — dramatically reducing inter-team negotiation. For example, if your networking team wants to upgrade your SD-WAN, you can just do it, probably without even conferring with your security team. Bottom line, you benefit from a clear separation between church and state.
A multi-vendor integrated solution is simply a short-term answer — and not your destination — as the world speeds towards a converged, single-vendor SASE solution. As you begin or continue your SASE journey, it’s not just where you begin, it’s also who you trust to deliver as promised. By selecting vendors with proven track records of supporting large, global customers — including many of the Fortune 500 — you’ll set your network and end-users up for tremendous success.