Hybrid computing and hybrid workforces are driving SASE (Secure Access Service Edge) adoption, which for a time lagged because many companies didn’t exactly understand what SASE was and what it does. As such, there is often hesitation preventing enterprises from implementing SASE.
That is about to change. In December 2022, Gartner VP Andrew Lerner predicted that by 2025, “65% of enterprises will have consolidated individual SASE components into one or two explicitly partnered SASE vendors, up from 15% in 2021.”
In a nutshell, SASE is cloud architecture that combines network and other services into a single function and that can apply a uniform set of security policies and procedures to networks and users no matter where they are—on-premises or remote.
As companies deploy more networks on the edge and more employees work remotely, the holistic and hybrid architecture of a cloud-based solution like SASE becomes more compelling. So now that most companies understand why they should consider using SASE and what its benefits are, how can SASE best be implemented?
SASE providers offer a broad range of security solutions that are grouped around the following:
You might already have many of these capabilities on your networks and at your edges. In other cases, there will be gaps in your security that SASE can fill. Once you know what you need, you’re in a position to look for SASE solutions that fit your particular situation.
Most enterprises with edge technology already have segmented networks. These “mini networks” are deployed individually in manufacturing plants, remote field offices, and so on. Company employees are also segmented in a fashion because some work on-premises and some work remotely.
From a security standpoint, it’s a good idea to segment networks. If one network gets attacked, you can quickly wall it off and avoid the intrusion from spreading to other networks.
It’s also a good idea to “segment” your SASE providers. Your segmented edge networks give you an excellent opportunity to assign some networks to one SASE provider and other networks to a second SASE provider. This enables you to avoid vendor "lock-in" and places you in a favorable position to negotiate pricing and service. From a disaster recovery (DR) perspective, having multiple vendors also enables you to move from one service to another if one of the services fails.
If you are just getting started with SASE, it’s best to pilot-test the technology on a single, small network first to see how the SASE is working and how it integrates with your other security software. This gives you an opportunity to see where adjustments and modifications might be needed.
From here, the best strategy for continuing to deploy SASE is to systematically move one network after another to the SASE service, making sure that everything is working properly before you move on to the next network.
One common IT oversight is failure to follow through on implementing rulesets and running assets on the cloud with the same degree of conscientiousness that IT uses for its on-premises assets. You can't afford to use this 'hands-off" approach if you are moving to SASE.
Each SASE provider has its own set of tools for installing your security rules, monitoring security, responding to security alerts, etc. Most offer training on these tools that IT staff should take so they can be thoroughly familiar with the security configuration setups, monitoring, and mitigation methods that are available in each SASE environment. This tools training should be completed by IT before SASE goes live with enterprise networks. If additional assistance or consulting is needed from the SASE vendor, get it.
Like on-premises networks, SASE zero-trust and other security software must be informed as to which users are authorized to use which IT networks and resources and what the level of each user's access permissions is.
A list of user authorizations and permission levels can be sent to the SASE provider or vendor. But the most important part is that you keep this list updated and current in the same way you maintain your internal user access authorizations and permissions with business managers.
This five-step approach gives enterprises a roadmap to ensure a successful SASE deployment and implementation.
Related articles:
Senior stakeholders who want to hold on to their CISOs must ensure that they have sufficient incentives and, more importantly, support to cope with the burden of risk that they are carrying.
The most alarming takeaway from Cisco’s new Cybersecurity Readiness Index report is that even after decades of having the importance of cybersecurity driven home, cyber threats are still taken too lightly.
In today’s data-driven world, higher educational institution networks and their management must be modernized to address the needs of everyone across campus. Enterprises face similar challenges and also need to modernize their networks.
