Secure Access Service Edge (SASE) is a network architecture that provides a security-centric alternative to SD-WAN. SASE, first outlined by Gartner in 2019, converges SD-WAN services with a range of security-as-a-service offerings. Gartner now predicts that at least 40% of enterprises will consider adopting SASE by 2024.
Leading SASE vendors range from networking incumbents to well-funded startups. These include Cato Networks, Cisco, Fortinet, HPE, Palo Alto Networks, Perimeter 81, Versa, VMware and Zscaler.
If your organization is evaluating its WAN options, SASE should be among them. But how do you know if SASE is the right WAN option for your organization? The following five key questions will help you determine if SASE is right for your business:
1. What are your current WAN investments?
Companies that have already made significant investments in WAN infrastructure and hardware such as MPLS and SD-WAN may be hesitant to adopt another WAN technology.
For some large enterprises, SASE only makes sense if their existing WAN architecture becomes too expensive or difficult to maintain. For many companies, this issue is already pressing. The complexity and cost of hybrid WAN solutions has prompted many enterprises to leave the management of their SD-WAN to their existing MPLS providers (usually large carriers).
For those struggling with complex hybrid WANs and considering a change, SASE offers simplicity through outsourcing and consolidation. For large enterprises that view existing WAN investments as sunk costs, SASE provides a way to break path dependencies.
However, moving away from existing architectures such as MPLS for mission-critical traffic and SD-WAN for everything else may be premature for some, especially since the holy grail of SASE – using A single pane of glass for networking and security—yet yet a reality today.
However, for mid-market and small businesses, SASE will not only simplify their WANs, but also provide security and networking capabilities they previously could not afford, maintain or manage as a collection of standalone point products.
2. Does your organization prefer best-of-breed or integrated cybersecurity tools?
Many analysts say SASE is particularly beneficial to mid-market companies because it replaces multiple (often on-premises) tools with a unified cloud service. On the other hand, many large enterprises not only have legacy limitations to consider, but they may prefer to adopt a layered security approach with best-of-breed security tools. Another factor to consider is that the SASE product may be presented as a comprehensive solution, but if you dig deeper, it may actually be a collection of different tools from different partner vendors, or acquired through acquisitions that are not yet fully integrated. Function.
Depending on the service provider, SASE provides a unified set of security services, including but not limited to encryption, multi-factor authentication, threat protection, data loss prevention (DLP), DNS and traditional firewall services. Many providers also offer advanced security services such as next-generation firewalls (NGFW), cloud security gateways (CSG), and zero-trust network access (ZTNA).
With incumbents such as Cisco, VMware and HPE rolling out SASE services, businesses with existing vendor relationships may be able to adopt SASE without worrying about protecting previous investments.
3. How many hybrid/work-from-home employees do you have?
Before the COVID-19 pandemic, enterprise IT teams typically only needed to provide secure, remote access to centralized resources to a small group of employees. Some combination of VPN (for remote and mobile workers) and MPLS plus SD-WAN (for branch offices) is usually sufficient.
The pandemic has changed the equation dramatically. Now, as the pandemic slowly morphs into a lingering epidemic, the legacy of COVID-19 remains.
According to research from the National Bureau of Economic Research (NBER), many employees are more productive in hybrid or work-from-home (WFH) environments, and they don’t want to lose the productivity gains or flexibility that comes with working remotely. The NBER found that less than 30% of WFH employees intend to return to the office full time, while a Morning Consult survey found that as many as 39% of employees would quit if forced to return to the office full time.
SASE vendors are responding to the WFH trend by investing in the ability to extend the enterprise edge to wherever employees are, including home offices, branch offices, coworking spaces, mobile devices, and more. SASE enables enterprises to authenticate users at the edge and enforce policies after the user is granted access to company resources.
Meanwhile, enterprises with small cybersecurity teams now need to figure out how to protect networks that extend to the far edge, while also ensuring that BYOD and IoT endpoints don’t introduce malware and other threats into the corporate network.
Enterprises without the technical knowledge or resources to manage distributed workforce security should consider SASE as a way to enhance security and productivity through fast, secure access to on-premises and cloud resources.
The SD-WAN side of SASE is also important here because many remote workers rely on residential broadband connections that may be shared with other WFH or homeschooling family members. Therefore, features such as traffic control, the ability to aggregate 4G and 5G bandwidth, and advanced content delivery network (CDN) capabilities help provide a user experience that is very similar to an office.
4. What hybrid and multi-cloud challenges does your business face?
In its recent Global Cloud Survey, Frost & Sullivan found that 75% of IT decision-makers believe a strong cloud strategy is critical to staying competitive. Enterprise migration to the cloud is still happening, but today’s multi-cloud strategy now involves more than just moving data centers to a service provider’s location.
In the post-pandemic era, cloud-native tools are critical for working from home, and new development architectures are promoting the expansion of enterprise edges. At the same time, cloud-native architectures are breaking down application silos, allowing applications to share data across an organization and from cloud to cloud, but getting data to the right place at the right time can be tricky.
SD-WAN is a powerful tool for providing access to centralized resources, whether on-premises or in the cloud. But providing bandwidth and application access to everything from WFH laptops to IoT devices to industrial sensor networks to medical devices leaves critical privacy, security, and compliance gaps that SASE can handle for you.
5. What does your network edge look like?
Frost & Sullivan’s Global Cloud Survey found that as of October 2021, 43% of enterprises had deployed branch or edge sites, and another 41% expected to expand their edge sites by 2023.
Modern development tools, containers, and microservices continue the trend of freeing software from the underlying hardware and infrastructure. SD-WAN worked well when organizations connected to branch offices and cloud providers, but now that organizations must support distributed workforces and complex edges, a policy-based approach to access, bandwidth, and security is critical.
With SASE, the SD-WAN half of the service enables enterprises to automatically select networks based on policy. As a result, expensive MPLS links can be automatically reserved for mission-critical applications (HR, ERP, CRM, etc.), while isolated IoT devices can be connected to edge data centers via 4G or 5G.
At the same time, SASE decentralizes security, delivering security from the cloud. SASE implements multi-factor authentication for WFH users, protects the network from malware with CSG, and provides threat protection for every endpoint.
For many organizations, the overhead of managing all these security tools is becoming unsustainable, making it attractive to offload these tasks to a SASE service provider.
Over time, the lines between SD-WAN and SASE may start to blur, but for now, if your organization needs to support a distributed workforce, complex edge, and hybrid/multi-cloud applications, SASE should be the On your WAN radar.