Hybrid computing and hybrid workforces are driving SASE (Secure Access Service Edge) adoption, which for a time lagged because many companies didn’t exactly understand what SASE was and what it does. As such, there is often hesitation preventing enterprises from implementing SASE.
That is about to change. In December 2022, Gartner VP Andrew Lerner predicted that by 2025, “65% of enterprises will have consolidated individual SASE components into one or two explicitly partnered SASE vendors, up from 15% in 2021.”
In a nutshell, SASE is cloud architecture that combines network and other services into a single function and that can apply a uniform set of security policies and procedures to networks and users no matter where they are—on-premises or remote.
As companies deploy more networks on the edge and more employees work remotely, the holistic and hybrid architecture of a cloud-based solution like SASE becomes more compelling. So now that most companies understand why they should consider using SASE and what its benefits are, how can SASE best be implemented?
Step 1: Determine what you need from SASE
SASE providers offer a broad range of security solutions that are grouped around the following:
- SD-WAN (software-defined wide area network), which can automate and optimize your network traffic routing between clouds and on-premises and remote IT.
- Cloud Access Security Brokers (CASB), which uniformly enforces your security policies and access rules both on-premises and in the cloud.
- Firewall as a Service (FWaaS), which includes firewall functions like web filtering, advanced threat protection (ATP), intrusion prevention, and Domain Name System (DNS) security.
- Zero-trust networks (ZTNA) which continuously authenticate, authorize, and validate for security before allowing access to applications and data.
You might already have many of these capabilities on your networks and at your edges. In other cases, there will be gaps in your security that SASE can fill. Once you know what you need, you’re in a position to look for SASE solutions that fit your particular situation.
Step 2: Segment networks and SASE providers
Most enterprises with edge technology already have segmented networks. These “mini networks” are deployed individually in manufacturing plants, remote field offices, and so on. Company employees are also segmented in a fashion because some work on-premises and some work remotely.
From a security standpoint, it’s a good idea to segment networks. If one network gets attacked, you can quickly wall it off and avoid the intrusion from spreading to other networks.
It’s also a good idea to “segment” your SASE providers. Your segmented edge networks give you an excellent opportunity to assign some networks to one SASE provider and other networks to a second SASE provider. This enables you to avoid vendor "lock-in" and places you in a favorable position to negotiate pricing and service. From a disaster recovery (DR) perspective, having multiple vendors also enables you to move from one service to another if one of the services fails.
Step 3: Implement SASE incrementally
If you are just getting started with SASE, it’s best to pilot-test the technology on a single, small network first to see how the SASE is working and how it integrates with your other security software. This gives you an opportunity to see where adjustments and modifications might be needed.
From here, the best strategy for continuing to deploy SASE is to systematically move one network after another to the SASE service, making sure that everything is working properly before you move on to the next network.
Step 4: Learn the SASE environment
One common IT oversight is failure to follow through on implementing rulesets and running assets on the cloud with the same degree of conscientiousness that IT uses for its on-premises assets. You can't afford to use this 'hands-off" approach if you are moving to SASE.
Each SASE provider has its own set of tools for installing your security rules, monitoring security, responding to security alerts, etc. Most offer training on these tools that IT staff should take so they can be thoroughly familiar with the security configuration setups, monitoring, and mitigation methods that are available in each SASE environment. This tools training should be completed by IT before SASE goes live with enterprise networks. If additional assistance or consulting is needed from the SASE vendor, get it.
Step 5: Review and enforce your user authorizations in SASE clouds
Like on-premises networks, SASE zero-trust and other security software must be informed as to which users are authorized to use which IT networks and resources and what the level of each user's access permissions is.
A list of user authorizations and permission levels can be sent to the SASE provider or vendor. But the most important part is that you keep this list updated and current in the same way you maintain your internal user access authorizations and permissions with business managers.
A final word on SASE implementation
This five-step approach gives enterprises a roadmap to ensure a successful SASE deployment and implementation.