It’s only human to focus on what’s in front of us. In our zeal to solve the problems that confront us every day, however, we run the risk of overlooking those that don’t. This is the scenario IT finds itself in as enterprises look to implement Secure Access Service Edge (SASE).
SASE provides a welcome update to legacy data center-centric architectures. The approach combines network-as-a-service (SD-WAN), remote connectivity (zero-touch network access), and security-as-a-service (cloud firewall and web security). This unified network and security stack lives in the cloud, where it can follow users no matter where they’re located or where applications are hosted. As such, it provides a secure connectivity model better suited to today’s distributed enterprise.
As powerful as SASE can be, early solutions seem designed by IT, for IT. Too often, they overlook an important piece---users. Securing resources will always be a top priority. But sacrificing user experience is a poor tradeoff. This is likely to create as many problems as it solves. When implementing SASE, it is important to take steps to understand the experience from your users’ perspective, not just IT’s.
Strategies for managing enterprise IT have evolved considerably. But even today, they can overlook the critical importance of user experience. Modern SD-WAN solutions, for example, optimize both user experiences and WAN resources for enterprise locations. Often, the latter consideration takes the spotlight. Now, as we add SASE into the mix, it can be tempting to focus mostly on the topline rationale for implementing it: ensuring applications, whether hybrid or cloud-hosted, are always secure, scalable, and available, regardless of a user’s location.
These considerations are absolutely important, but they can blind us to questions that aren’t getting asked: What does all this mean for my users? Under this new model, has the user experience gotten better? Worse? Most importantly, how would I even know?
These questions came into sharper focus in the past year, as millions of employees shifted to work from home. IT can’t be responsible for troubleshooting employees’ home Wi-Fi networks. But they are responsible for making sure users can work productively whenever they log on. That is hard without visibility into the employee experience.
Poor-quality internet connections, lack of QoS, and lack of prioritization for critical applications can all greatly impact user experience. It doesn’t help that, as enterprises rely more heavily on cloud applications and distributed workforces, many networks still hairpin traffic through the central data center to secure it. This makes latency almost inevitable. And there’s no quicker way to ruin an employee’s important Zoom call than by adding latency.
Ultimately, enterprises must find ways to reduce the distance between users and security services. One option is to handle it yourself—deciding where to place data centers, determining optimal reach to users, and configuring policy at all edge locations to connect along the shortest possible path.
Ideally, though, you should be able to offload this burden to your SASE provider. Large-scale SASE solutions with global points of presence (PoPs) are geographically close to users as well as cloud and SaaS providers. Users just connect to the nearest cloud gateway, and the SASE solution provides the necessary networking and security treatment from there.
As with SD-WAN, current SASE management strategies employ powerful tools to help IT understand when a given VM or gateway is having issues and effectively respond. They often don’t, however, include user-centric context: How many users are affected by this issue? How are they affected? Is it global? Or does the problem reside with a third-party cloud or broadband Internet provider?
In the short term, you want to be able to recognize those problems so you can intervene (or, for issues outside your control, at least explain to users what’s happening). Looking ahead, your SASE solution should lay the groundwork for closed-loop self-healing, which implies integration with artificial intelligence for IT operations (AIOps) tools.
Arguably, AIOps should be right up there with the other core components of SASE. It’s this intelligence, after all, that will allow the network to not only fix application issues autonomously but to identify underlying trends. For instance, if a certain Salesforce gateway gets congested between 4 and 6 p.m., tomorrow’s SASE solutions will proactively route users through an alternate gateway during those times.
Keep Your Users in Focus
As SASE solutions evolve to incorporate more user-centric intelligence, you can expect the enterprise IT stack to become even more dynamic, even more, supportive of the real-world problems confronting enterprises every day. Even in the early days of SASE deployments, though, that journey can start now with a simple request: please don’t forget about your users.
Karl Brown is Senior Director of Product Marketing, SD-WAN & SASE Business, VMware.