Secure access service edge (SASE) is an architecture that is being rapidly adopted by companies of all sizes – from small businesses that have combined network and security teams to some of the largest multinational companies with incredibly mature and even siloed security and networking teams. Its benefits extend far beyond legacy security architectures by integrating identity, trust, and context regardless of the connection, user, device, or application. SASE also allows policies to be delivered pervasively, consistently, and ubiquitously, so organizations can easily meet security, networking, application, compliance, and business needs.
SASE comes in a variety of flavors, including integrated, disaggregated, multi-product, unified, single-vendor, and more. Gartner, which coined the SASE phrase a few years ago, favors single-vendor and integrated solutions. With today’s soaring interest and growing enterprise requirements around SASE, it is no surprise that a multitude of vendors have emerged onto the scene. Gartner’s count was 56 in a study in late 2020 comparing vendors’ SASE components, and that number has surely increased.
What’s needed for a SASE architecture
Let's review the top 10 things to look for in a SASE architecture based upon Gartner's favor of single-vendor and integrated solutions. It is important to evaluate different SASE architectures to ensure that you select an offering that can deliver the security benefits you expect while simultaneously providing a single pane of glass with the networking performance and scale you require. Here are ten important things to look for in a SASE architecture:
1 – It must be able to coexist in any ecosystem, meaning it should be able to be deployable in any brownfield (mixture of new and existing/legacy systems) environment.
2 – It must be built on a secure architecture with the flexibility and scalability required for deployment in any cloud environment, such as Equinix, Amazon Web Services (AWS), Microsoft Azure, Google Cloud, Alibaba, and many others.
3 – It is recommended that it supports running in containers/microservices or bare-metal devices with the ability to scale out for maximum performance.
4 – It must be cloud-native and multiservice capable, and it is recommended to have multi-tenant capabilities.
5 – It must have centralized management through a single-pane-of-glass with distributed security enforcement, providing policy enforcement via strategically placed globally available points of presence (PoPs).
6 – It must know to use the security policy enforcement point that is closest to the user/device from which the application access is being made.
7 – It must have an effective intrusion-resistant single security stack that provides a multitude of classification and detection capabilities, along with policy enforcement mechanisms.
8 – It must combine software-defined wide area networking (SD-WAN), routing, and encryption with security capabilities to deliver the best user and application experience while also enforcing all aspects of security.
9 –The solution must have a single, unified management system that provides full visibility and analytics for every component of the SASE ecosystem, including work-from-anywhere entities.
10 – It must be optimized for software as a service (SaaS) and performance.
Key to a SASE architecture: Single-vendor SASE solutions
As I mentioned before, Gartner favors single-vendor and integrated SASE solutions over disaggregated and multi-product solutions. Single-vendor solutions offer all the ten items above while also enabling customers to reduce the total cost of ownership by helping with the time to deploy the solution in production, the initial deployment costs, ongoing maintenance, training of staff, and more. You can find out more about Gartner's view and predictions of single-vendor SASE by reading Andrew Lerner's blog post: Single-Vendor SASE.
It can be argued there may be other elements of a SASE architecture that might be important for corner-case use cases or distinct organizations' needs. But it can't be argued that today's workstyle requires a security approach with these attributes which will protect employee devices at the edge of the cloud, as well as secure apps and key data, all the while enforcing consistent cyber policies and rules across the diverse range of connections employees leverage. This explains the rapid adoption today of SASE, which integrates cybersecurity with network connections to offer a more effective way of ensuring that employees are connected to the resources they need while securing networks from cyberattacks.
How a well-planned SASE architecture enables operations at scale
Because of the inherent pervasiveness of SASE deployments, the SASE architecture must provide scalability for the data plane and for the control and management planes. This enables large network and security operations teams to effectively provide SASE services for many tenants at scale while also delivering hybrid operational models where aspects of the services can be co-managed by both the service provider and the organization.
In today's world, where any organization can be a target for a cyberattack, SASE can help ensure organizations can create a more streamlined and secure network architecture, whether from headquarters or remote locations. As such, organizations of all sizes are adopting SASE architectures and transitioning to this new all-purpose, fully integrated networking and cybersecurity approach. They are seeing results of simplifying their systems, protecting the business, and saving money. This allows today's work-from-anywhere organizations to adopt this flexible new workstyle while keeping the wave of cyber thieves in check.
Jon Taylor is the Director and Principal of Security for Versa Networks.