4 minute read
THE MOVE TO SASE
from SUSTAINABLE IT
by cxoinsightme
branches and cloud providers, but if the organisations must support a distributed workforce and a complicated edge, a policy-based approach to access, bandwidth, and security is essential, and SASE comes in as a perfect solution, he adds.
Tarek Abbas, Senior Director, Systems Engineering at Palo Alto Networks, MENA, CIS and Turkey, says in addition to being more cost-effective, a SASE solution provides mobile users, branch offices, and retail locations with secure connectivity and consistent security from any location by offering companies a single, centralised view of their entire network. This helps companies to quickly identify users, devices, and endpoints, apply their networking access and security policies, and security policies a, securely connect users to their applications and data in a cloud or mobile environment, all while ensuring multi-branch and multi-cloud network security.
Advertisement
Nirav Shah, Vice President of Products - SD-WAN, SASE, Zero Trust at Fortinet, offers another perspective: “Every organisation has a unique digital acceleration journey. Some are implementing controls inside data centers and in the cloud and are offering secure connectivity across branches, campuses, and manufacturing facilities. Many are implementing SD-WAN for application-steering needs, while others are taking the next step and adding secure remote access through SASE.”
Gartner developed the SASE (secure access service edge) model in 2019 and defined it as architecture that delivers converged network and security as a service capability, including SD-WAN, SWG, CASB, NFFW, and zero trust access network.
Because of its unified nature, SASE promises to eliminate WAN complexity and cost and is a fast-growing market slated to touch $10 billion this year. Secure access service edge (SASE) is a framework for network architecture, a cloud-based cybersecurity solution offering comprehensive WAN capabilities and network security functions. It brings cloud-native security technologies together with wide area network (WAN) capabilities to securely connect users, systems, and endpoints to applications and services anywhere.
“SASE is the organisation enablement to the cloud while MPLSbased links cannot cope with the cloud transition as they were designed simply to connect branches to enterprise data centers. SASE improves manageability and enhances security while lowering cost and complexity,” says Peter Chalouhy, business transformation leader at Kyndryl.
SD-WAN works well when we are connecting the organisations to
Organisations considering deploying SASE must consider whether this allin-one service model meets their needs better than a best-in-breed approach. So how do you determine whether SASE is the right WAN option for your organisation?
“We believe SASE is the right option when the customer’s answers to the following questions are yes: Do you have a dispersed and hybrid workforce/ environment - including not just the people using your applications, but the applications, devices, and more? Do you need to protect sites, remote users, and the consumption of cloudbased applications, and optimise their usability? And third, do you need to consolidate outdated standalone and legacy solutions not designed for hybrid/cloud environments?” says Jesus Cordero, Consulting Solutions Engineer, Network Security, Barracuda.
Shah from Fortinet says it’s important for us to understand the core definition of SASE—secure access service edge. It’s all about the convergence of networking and security. “If you think about what happened during COVID-19 and now post-pandemic, it’s about users working from anywhere and enabling anytime access from any device. And in this case, SASE as a framework makes sense as we talk about cloud-delivered security,” he says.
Abbas from Palo Alto Networks says If an organisation is looking for one seamless solution to embed all their performance and security policies and that has users and devices as the focal point, SASE will be the best fit. SASE enables organisations to raise security levels, reduce costs and complexity since you need to only deal with one vendor for your network and security solutions.
What are the pros and cons of singlevendor SASE?
The burgeoning SASE market encompasses established networking vendors as well as startups in addition to telecom service providers offering their own SASE solutions.
“Knowing that SASE is about combining networking and security together, a single-vendor approach has its pros in terms of unifying and simplifying the solution and the relationship for further operations. However, it poses its own challenges; for example, the vendors combining two different broad topics may not be able to continuously provide the best in each area,” says Chalouhy from Kyndryl.
There is a continuous need for security to evolve and cover new complex threats while, at the same time, networks are under pressure for different automation requirements. In the market, the well-known vendors evolved from security backgrounds, capitalising on expertise in firewalls, antivirus, and other security solutions.
Those vendors are attempting to build expertise in the network and WAN where they did not have previous indepth knowledge, he adds.
Also, many organisations, still operate legacy data centre applications and may continue to do so for a very long time. Therefore, they will need a multi-vendor strategy to cover both SASE in the cloud and others for the data centre.
Cordero from Barracuda says that a single vendor strategy reduces latency due to the nature of SASE architecture as there’s no need to scan traffic through different engines and standalone solutions. A single-vendor strategy also reduces the overall cost in term of services and licensing subscriptions; and reduces the risk of human error in the misconfiguration of different solutions that need to work together. It also reduces the time lost to risk management in the case of an incident, as the customer needs to deal only with one technical support team.
“A possible downside of a one-vendor strategy is the single point of failure, but in my experience, creating a redundant assets design will help with this. There is a more important choice for customers to make than between single- or multivendor: the need to use a vendor that offers cloud-first and cloud-native deployment and management without needing a vendor-owned “pre-public cloud” instance, which incurs additional usage costs,” sums up Cordero.
