10 Requirements to Consider When Evaluating SASE solutions
Director and Principal of Security, Versa Networks
June 6, 2023
In today’s world where any organization can be a target for cyberattack, Secure Access Service Edge (SASE) can help ensure organizations can create a streamlined and secure network architecture that spans from the central headquarters to remote locations and mobile end users. SASE enables small businesses that often have converged network and security teams to scale their infrastructure easily while maintaining low total cost of ownership (TCO). For large multinational companies with mature SOC and NOC operations with siloed security and networking teams, a SASE solution unifies the data in order to architect and troubleshoot at a much greater efficiency. The benefits extend far beyond what legacy security architectures provide by integrating identity and context. SASE also allows security policies to be delivered consistently, and ubiquitously by applying a zero trust policy for every connection between entities and the apps/services they are trying to access, so organizations can easily meet both industry compliance as well as their defined security standards to meet the organization’s business needs.
SASE comes in a variety of different flavors, including integrated, disaggregated, multi-product, unified, single vendor, and more. Since the SASE was coined, security and networking teams have favored approaches that are unified, single-vendor, and integrated solutions. Because of this it’s no surprise that a multitude of different vendors have emerged onto the SASE scene.
Let’s take a look at the top 10 things to look for in a SASE architecture based upon the analysist’s favor of unified, single-vendor, and integrated solutions. It is important to evaluate different SASE architectures ensure that you select an offering that can deliver the security benefits your security policy requires while simultaneously providing a single pane of glass for management with the networking performance and scale your business requires. Here are the 10 most important things to look for in a SASE architecture:
1 – The solution must be able to coexist within any ecosystem, meaning it should be able to be integrated in any brownfield environment, with existing security and network solutions that would integrate with a deployment. that would.
2 – The solution must be built on a secure architecture. It must also have the flexibility and scalability required for deployment within any cloud environment such as Equinix, Amazon Web Services (AWS), Microsoft Azure, Google Cloud, Alibaba, and more.
3 – The solution is recommended that it supports running in containers/microservices and/or bare-metal devices with the ability to scale out for maximum performance.
4 – The solution must be multi-service capable and be cloud-native. It is also recommended the solution should have multi-tenant capabilities at scale.
5 – The solution must have centralized policy configuration and management with distributed security enforcement. This should provide policy enforcement via strategically placed globally available points of presence (PoPs).
6 – The solution must be AI/ML driven and able to identify and utilize the security policy enforcement point that is closest to the user/device from which the application access is being requested.
7 – The solution must have a robust intrusion detection/prevention security stack that is coupled with an advanced Firewall as a Service (also known as Next Generation Firewall) that provides a multitude of classification and detection capabilities, along with policy enforcement mechanisms.
8 – The solution must combine software-defined wide area networking (SD-WAN), routing, and encryption with security capabilities in a single operating system in order to deliver the best user and application experience while also enforcing all aspects of security. It is also recommended that the solution should employ a traffic engineered backbone (interconnected PoPs) in order to provide an optimized user experience.
9 –The solution must have an analytics engine that provides full visibility for every component of the SASE ecosystem including work from anywhere entities.
10 – It must be delivered as software as a service (SaaS) and elastic in such a way that it dynamically scales to the customer needs to provide optimal performance.
The SASE architecture must provide elasticity for the data plane as well as the control and management planes. This enables network and security teams to effectively provide SASE services for many users/devices potentially over multiple tenants at scale all while delivering hybrid operational models where aspects of the services can be potentially co-managed by both the Manages Security Service Provider (MSSP) and the organization.
Unified, single vendor, and integrated SASE solutions are increasingly favored over disaggregated and multi-product solutions. These types of solutions are allowing organizations of all sizes to adopt SASE architectures and transition to this new all-purpose fully integrated networking and cybersecurity approach. They are seeing the results of unifying their systems, protecting the business, simplifying ongoing maintenance, and saving money. This allows today’s work-from-anywhere organizations to adopt a flexible new workstyle while keeping the wave of cybercrime in check.
