Why SASE Shouldn’t Be Siloed

Hybrid networks aren’t going away, and by implementing an integrated SASE architecture, organizations can extend the convergence of networking and security from the edge to remote users.

Why SASE Shouldn’t Be Siloed
(Source: Pixabay)

Although people like to talk about technological innovations, the reality is that in most organizations, technology consistently lags behind changes to the business itself. And nowhere is this truth more obvious than in networking and security.

Most security solutions were designed to defend a perimeter-based network akin to a moat defending a castle. A moat may have been an adequate defense from battering rams, climbing, and tunneling, but it became far less effective after the development of firearms.

In much the same way, networks are no longer perimeter based. As organizations adopt multi-cloud strategies and remote workforce policies, networks have grown more distributed, and workers are more dependent on cloud applications and environments to do their work. These changes have greatly increased the attack surface and security complexity.

In fact, networks have become so distributed that attempting to overlay security onto a modern hybrid network often leads to a complicated mess that is difficult or impossible to maintain. A side effect of this complexity is that many networks are now also chock full of bottlenecks and vulnerabilities. Hybrid networks are necessary to meet today’s business requirements, so organizations need to get smarter about how they secure them.

Secure Access Service Edge (SASE) couples SD-WAN with cloud-delivered security and is an important cloud-delivered architecture for securing remote access. It’s also sometimes touted as the solution to every problem. But as the hype subsides and the market matures, enterprises need to face reality in terms of how they build their hybrid networks. To meet business needs, CIOs must stop looking at SASE in isolation and instead view it as a key element of their overall infrastructure.

The future of networking is unlikely to be cloud-only or on-premises only, so SASE shouldn’t be siloed. A SASE architecture converges cloud-delivered networking and security technologies, and SASE solutions should be made up of integrated products and be converged with on-premises solutions. Taking this approach makes it possible for enterprises to take advantage of their existing on-premises investments, including SD-WAN, and avoids the need to re-architect everything that has already been deployed.

Reducing Complexity with a Unified, Integrated Solution

Networking and security convergence is important, but it shouldn’t be only in the cloud or only on-premises. Enterprises with hybrid networks need both. Because many organizations have taken a piecemeal approach cobbling together disparate tools from multiple vendors over time, their networks suffer from complexity and struggle to meet security and connectivity needs for their branch and remote locations.

Gartner predicts that “by 2025, 50% of new SD-WAN purchases will be part of a single-vendor SASE offering, up from 10% in 2022.” CIOs should prioritize consolidation by choosing solutions that can seamlessly integrate across both cloud and on-premises and be able to provide consistent security and a consistent user experience no matter where users or applications are located.

Single-vendor SASE refers to the delivery of networking and security capabilities from a single vendor in a unified solution. It converges networking and security both in the cloud and on-premises, which reduces complexity and can help improve efficiency and lower costs by reducing the number of vendors and products IT teams must manage.

By consolidating multiple products, single-vendor SASE helps reduce complexity. It converges cloud-delivered SD-WAN and cloud-delivered security (composed of a secure web gateway, ZTNA, cloud access security broker, and Firewall-as-a-Service).

Reducing complexity can improve the user experience as well if the solution has a single agent. To implement zero-trust network access (ZTNA), some vendors require a different endpoint agent for their SASE product vs. their hardware firewall to help enforce ZTNA. Having multiple agents means users have to learn multiple interfaces, and IT must manage multiple solutions. Dealing with a patchwork of different products with a varying look, feel, and deployments increases complexity, cost, and risk. But if there's only one agent, it's easier for users and IT alike.

Reduce Complexity and Improve Security

Networking and security convergence offers many benefits for security and IT teams, but it shouldn’t be isolated to cloud or on-premises. Today’s organizations need to provide a reliable and consistent user experience everywhere, no matter where users are working. Hybrid networks aren’t going away, and by implementing a single-vendor SASE architecture, organizations can extend the convergence of networking and security from the edge to remote users. The resulting reduced complexity improves efficiency, security, and the user experience.

Nirav Shah is vice president, products and solutions at Fortinet.

Related articles:

About the Author(s)

Nirav Shah, Vice President of Products and Solutions, Fortinet

Nirav Shah is vice president of products and solutions at Fortinet. He has more than 15 years of experience working in the enterprise networking and security industry. Nirav serves as the products and solutions lead for Fortinet’s Security-Driven Networking portfolio with a focus on SD-WAN, network firewall, SASE, segmentation, and NOC products. Prior positions include senior software developer and senior product manager for enterprise networking and security solutions at Cisco.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights