Despite its strengths, Secure Access Service Edge technology is still a niche solution. Here are some pointers for CISOs to consider…
The last two years have seen a mass shift to remote work, which requires great flexibility and agility without compromising one of the top business risks: cybersecurity.
There is no doubt that working remotely and relocating applications to the Cloud has made cybersecurity an imperative with further operational complexity.
One way to handle the challenges of cybersecurity across an ever-expanding attack surface is to adopt the Secure access service edge or SASE.
Four letters with big benefits
As a cloud architecture model, SASE offers comprehensive and holistic network security services to support the needs of organizations and advance their digital transformation.
SASE facilitates the accelerated adoption of cloud-native services and edge computing platforms, enabling organizations to provide IT services at speed, with highly secure remote access, and at reduced costs.
The four top benefits are:
- Better security in the cloud: SASE enables centralized and cloud-based management of enterprise security policies, with distributed reinforcement points that are logically close to the network units. Every access request can be checked using the same central security policies, and this significantly reduces the risk of a data breach. In addition, SASE supports end-to-end encryption with integrated web application and API security services (WAAP) as well as strict access controls via the Zero Trust Networking Access (ZTNA) model.
- Improved network performance: In addition to the advantages of Software-defined Wide Area Network (SD-WAN), the integrated security approach of SASE can increase network performance. User sessions are only checked once before the security engines are operated in parallel on a scale-out approach. This results in lower latency times compared to conventional network security architectures.
- Reduced complexity and costs: SASE consolidates network and security services, thus reducing overall complexity and costs. Thanks to a cloud-based architecture, it reduces the number of necessary network components at decentralized corporate locations, the number of agents on end-devices, and the number of providers needed. Furthermore, SASE uses cloud technology to solve security stack scaling problems.
- Greater visibility and control: SASE reduces the number of security agents on user devices as well as the number of edge network appliances in remote corporate locations. This ensures transparency and makes it easier for users to access data regardless of location. It is also highly likely that users will consolidate various tech vendors and SD-WAN/Security into a single platform.
While the benefits are evident, why is implementation still nascent?
The four biggest hurdles for SASE implementation
The implementation of SASE is not immediate, and brings with it challenges:
- Lack of in-depth experience among vendors: With the increasing adoption of SASE, the market could be flooded by a multitude of new and inexperienced vendors lacking in-depth expertise in the areas of cloud-native networks and security.
The danger here is that SASE offerings are being developed and provided by cloud providers and emerging SASE providers that are new to the security market and lack a deep understanding of the connections between the data, resources, and users.
This lack of experience can present challenges in defining and implementing effective multi-cloud security policies. Organizations should therefore turn to providers with a cloud-native mentality and the necessary in-depth SASE experience. - Silo thinking in corporate culture and policy: Network- and network- security services are typically managed by different teams. The goal of reducing complexity and improving operational management with a SASE approach is therefore often in contradiction to traditional siloed departmental thinking which involves a cultural mindset of not sharing nor wanting to give up “control”.
The acceptance of SASE should therefore be supported and accelerated by IT and senior management to promote and implement successfully across departments. - Lack of an established market environment: In the coming years numerous changes such as mergers and acquisitions can be expected in the market environment for SASE.
There will be SASE components that combine different networking and security features. If this keeps up, consequences include even greater complexity, higher costs or poorer performance. Therefore, good service integration is important here.
The smaller SASE vendors pose a further threat as they may not have the network Point of Presence and peering relationships, which can ultimately result in high costs and poor performance. They also usually tend to focus on specific areas, which is either SD-WAN or Security.
Secrets to successful SASE adoption
Despite the hurdles, the advantages of SASE are attractive. However, introducing the concept requires a fundamental transformative strategy and there are a few points that must be observed.
- SASE must be integrated into a company’s network and security transformation strategy. For this to happen, IT executives must work with SASE providers to create a roadmap that takes into account all of the company’s objectives and requirements.
- As a rule of thumb, SASE should be implemented in a phased approach to guarantee a smooth transformation aligned with business and risk outcomes. In addition, the implementation of SASE requires the strong involvement of the Chief Information Security Officers and other senior security and risk leaders. Integration across teams and departments is essential for the transformation process.
- Having resilient and diverse WAN connectivity is important to provide a strong foundation. Organizations must deal with the integration and consolidation of the core capabilities of SASE at an early stage. It is important to identify the right network and security providers and involve them as soon as possible in the process so that SD-WAN, secure web gateway, cloud access security broker, and ZTNA solutions can be evaluated together and concurrently.
- In the vendor selection process, insist on actual case studies with proven delivery capabilities, evaluate for the ability to support managed and integrated and operated solutions; look out for a partner that brings multiple internet vendor options to the table.
SASE is still evolving
Organizations that decide to implement a SASE approach should work out a comprehensive, yet synergistic transformative strategy as a first step.
They need to evaluate all possible SASE components and providers carefully, and align them with corporate objectives, while keeping an eye on potential hurdles that may arise.
While the support of company leadership is of fundamental importance, it is also crucial to convince team members to evolve from the traditional disparate network and security architectures before getting onboard the SASE journey.
Whilst it is never easy making changes, transforming to SASE (which is still evolving) gives an opportunity for organizations to streamline technology vendors and facilitate the selected providers to work well together in satisfying corporate expectations.