Tips for developing a better SASE strategy

Secure Access Service Edge (SASE) architecture has become a cornerstone for IT and security teams in recent years. SASE became important when demand for cloud-based operations soared, and organizations needed a better way to ensure consistent, fast, and secure access to resources on any device at any location. Today, SASE architecture continues to grow and by 2024, at least 40 percent of enterprises will have strategies in place to adopt SASE. But managing architecture that combines secure access and SD-WAN capabilities with cloud-native security functions, like web gateways, cloud access security brokers, firewalls, and zero-trust network access, is no small feat.

Understandably, SASE deployments can be complex and make end-to-end visibility challenging for IT. In this article, I’d like to explore some of the key criteria to consider when implementing SASE (outside of the obvious cyber security requirements). But first, I’d like to review a few foundational elements including integration, visibility, and remote access.

There are many components in SASE, and isolating issues, particularly related to performance, down to a single source or domain can be challenging especially when multiple vendors are used rather than a single vendor SASE solution. Today, enterprises are using analytics platforms alongside SASE to provide a vendor-neutral view into deployments with the ability to analyze telemetry for network, security, and compliance purposes. These solutions provide visibility once the traffic ingress or egress the SASE fabric or cloud and into the branch, data center, colocation, or public and private cloud.

Granular visibility allows IT to better understand network and application traffic and verify that policies and their intent are working as designed. It also enables troubleshooting and the remediation of network and/or security issues. So as issues arise, IT can identify the root cause and understand the most appropriate remedial action to take. Finally, establishing comprehensive, end-to-end network visibility allows IT to understand how application traffic and data flow through the SASE system.

Remote access in SASE architecture helps organizations to maintain the security of their network and data, regardless of where their users are located, and on which device they are accessing the network. Thus, remote access is a critical component of SASE architecture and essential for modern organizations. Whether accessing cloud applications for work, such as Salesforce or Office365, or accessing proprietary applications such as call center systems, having secure access for WFH employees has become essential alongside the need for robust security controls. 

Deciding on a SASE strategy is challenging, and these are some of the questions to consider:

• Is the technology mature? -- Are the network or security features fully baked? Is it completely integrated or separate, or does it allow integration with other solutions? SASE requires mature technology to effectively integrate various security functions like secure access, firewall, CASB, and SWG, handle high volumes of traffic, and be able to adapt to changing needs, protect sensitive data and ensure the security of network access. Advanced networking skills and flexible, scalable, and secure cloud-based delivery are also crucial components of a successful SASE deployment, making mature technology a key consideration. In summary, mature technology is essential for ensuring the effectiveness and security of a SASE solution. And most importantly, deciding whether to go with a single vendor or multi-vendor solution.

• What is the management setup? -- Is all the functionality easily managed through a centralized cloud-based service? If so, how is this done? This can be important for reducing the complexity and management of a SASE solution. Proper management setup helps ensure the effective and efficient operation of the solution. This includes establishing clear policies, setting up centralized management and monitoring, and automating security and network management processes. A well-designed management setup can also provide valuable insights into network and security performance, allowing organizations to make informed decisions and continuously improve their SASE implementation.

• Do the cloud integration capabilities suffice? -- Does it easily provide access to the public cloud and offer private cloud connectivity through colocation and remote sites? This is important as more applications live in a hybrid cloud model. Sufficient cloud integration enables organizations to access cloud and on-prem applications from any location securely. This requires a robust and secure connection between the SASE solution and the cloud environment and the integration of cloud security services into the SASE architecture. Adequate cloud integration helps protect sensitive data, improves performance and scalability, and enables organizations to take advantage of the full benefits of cloud computing.

• Is there scalable, secure remote access? -- Does it include a scaled approach to remote user access with respect to points of presence that allow for better performance from various locations mapping to customer needs? Scalable secure remote access is a critical component of SASE, as it allows organizations to securely access cloud and on-prem applications from any location, providing a flexible solution for remote and hybrid work. To be effective, the SASE solution must be able to accommodate increasing volumes of traffic and adapt to changing business needs, making scalability a key consideration. By providing secure and scalable remote access, SASE helps organizations maintain business continuity and increase the productivity of their remote workforce.

SASE architecture is an important solution for modern organizations looking to securely access cloud and on-prem applications from any location. However, troubleshooting a SASE solution for things like application performance can be challenging due to the integration of multiple security and network functions. Organizations must carefully evaluate their current infrastructure, security needs, and network performance monitoring plans before deploying a SASE solution to ensure its effectiveness and ease of deployment and troubleshooting. Despite these challenges, the benefits of SASE in providing a unified solution for secure network access, combined with its flexibility, scalability, and cost-effectiveness, make it a crucial consideration for organizations seeking to secure their network and protect sensitive data.

Image credit: mc_stockphoto.hotmail.com/depositphotos.com

John Smith is Founder, and CTO at LiveAction.