How to Evaluate and Select SASE Technology
Businesses are adopting SASE technology today for many reasons: to consolidate and integrate enterprise security, combat cyberattacks, manage cloud environments and improve network performance.
SASE has seen an increase in adoption over the past two years, largely due to the COVID-19 pandemic. A June 2021 study commissioned by Versa Networks found that approximately 64% of 500 security and IT decision makers surveyed said their organization is adopting or planning to adopt SASE within the next 12 months. Market researcher Gartner predicts that at least 60% of companies will have explicit strategies and timelines for SASE adoption by 2025, up from just 10% in 2020.
What is SASE?
SASE, short for security access service edge, combines networking and security functionality through a management platform. A typical SASE offering handles important functions such as authentication and policy enforcement.
SASE products typically include the following:
- Malware Protection
- Data Loss Prevention
- Intrusion detection and prevention
- Secure Web Gateways
- Cloud Access Security Brokers
- Zero Trust Network Access (ZTNA)
SASE offers many advantages. Among these benefits is the ability for applications to live anywhere. Organizations can also integrate and centralize security and routing. Additionally, SASE’s role-based policies can streamline operations.
“Essentially, SASE is an evolution of branch connectivity,” said Rik Turner, principal analyst at research firm Omdia. “If you are a very geographically dispersed entity, [SASE] makes a lot of sense. Previously, HQ would ship you a router and a firewall, possibly in the same box, which would allow you to do SD-WAN and security. So, SASE is the next logical step to using networking and security as managed security. »
Tips for Choosing SASE Products
SASE technology is only as good as its environment. As such, organizations should put effort into identifying the right product for their needs.
Choose the right type of SASE technology
There are dozens of SASE providers today. Some of these vendors have on-premises experience with firewalls and SD-WAN, while others have developed SASE offerings specifically for cloud environments. And then there’s SASE-As offerings that do application networking, which is similar to SASE.
Selecting a SASE product depends on your organization’s priorities and how comfortable it is with its IT environment, Turner said. For example, if your company was born in the cloud or is rapidly migrating to the cloud and you want to enable employees to work from anywhere, a cloud-based SASE offering would make sense. But if you have standardized security and/or network technologies from a vendor that has on-premises experience, maintaining continuity with that vendor may be the way to go.
Make sure the SASE product inspects all traffic
Although you may think this is an obvious point, it is not. Some SASE products, for example, bypass Office 365 traffic inspection, assuming Microsoft covers it. It is a mistake, said Jason Clark, chief security officer of Netskope, a SASE vendor.
“Office 365 is the most important application most organizations use today, so make sure your SASE solution inspects everything traffic,” Clark said.
SASE is only as good as the planning associated with it
To get the most out of SASE, an organization needs to bring its network and security teams together to make decisions and agree on the direction of business and IT strategy. “SASE is a great reference architecture, but if IT and security aren’t in sync with the evolution of the business, you’ll be caught off guard,” said Steve Winterfeld, CISO at Akamai, a security services provider. content delivery network.
One way to get your teams in sync is to perform a maturity audit of your organization’s current network and security situation. By understanding the gaps, you can choose a SASE offering that fills those gaps.
SASE is not a silver bullet
While SASE technology is exceptional for protecting an organization’s personnel and the resources employees need to access, it does not offer the same type of protection for an organization’s customers and other external users. That’s why it’s important to include additional tools that provide those protections, like API and firewall security tools, Winterfeld said.
Consider SSE, a subset of SASE
The Security Services Edge (SSE) is a set of integrated services that become the primary inspection point for all traffic. Essentially, SSE is the security stack required to achieve SASE. But although SSE is part of SASE, it is also a valuable technology in its own right.
Moving to an SSE stack requires planning and technology migration to achieve the right end state. Netskope’s Clark recommended adding ZTNA to strengthen the security of specific private apps and augment existing VPN technology. This replaces legacy on-premises secure web gateway appliances with a cloud-based alternative and transitions to secure managed SaaS applications, Clark said.