SASE can save your company a lot of money. Use the industry’s-first SASE ROI calculator to quantify the cost savings you can achieve in services, asset consolidation, and labor when deploying Versa SASE.
A large, publicly traded energy company operating in all areas of the oil and gas industry has dramatically simplified their network stack and realized huge cost savings with Versa SASE.
EMA evaluates the different SASE vendors and their approaches to architecture, go-to-market, and support for their cloud-delivered and hybrid services.
SASE is the simplest, most scalable way to continuously secure and connect the millions points of access in and out of the corporate resources regardless of location.
This is a continuing series on Zero Trust Networking – you can read Part 1 here: The Need for Zero Trust Networking – Part 1.This series began with a discussion on the impact of digital transformation and heightened cyber threats on our infrastructure strategies and the challenges of “bolt-on” approaches when everything has become hybrid – from your users and devices, locations, workloads and data.
The future will rely on an authentically Unified Zero Trust Networking platform – a singular, integrated platform meticulously crafted to seamlessly converges networking and security. What must Zero Trust Networking deliver? According to Andrew Lerner and John Watts, Gartner Analysts:
Access to the network is granted only after identity is authenticated and authorized.
Access is restricted only to necessary resources – authorized applications for users or necessary resources for devices.
Access is continuously adjusted in near real time, based on risk derived from identity and context.
Let’s look at what this means:
The platform must span a unified secure perimeter across WAN, LAN, data center, cloud, users and devices. It needs to be designed with Zero Trust as its security foundation, and natively integrated with threat and data protection. Zero trust doesn’t just consistent of one time authentication and access – authentication and continuous real-time posture assessments are performed for users, devices, and networks after initial access has been granted.
To build this requires a fresh, ground-up approach – from day 1 – to unify and bring together security and build it into every network edge.
If done right, this shift from “Bolt-On” to “Unified” is transformative. It simplifies management, consolidates costs, and enhances your security posture. With this evolution, user experiences are amplified, and businesses are equipped with a forward-looking, adaptable foundation to drive their business.
Before: Bolt-On
After: Unified
Disjointed Management Manual, edge-by-edge configuration and management. Multiple consoles create swivel-chair management experiences and gaps in visibility and observability.
Simplified Management and automation Merge multiple services into a single platform reduces the need to manage, configure, and update multiple point solutions. Centralized, multi-tenant “define once, deploy everywhere” approach for configuration and management.
Point products drive high cost and complexity New investments for each “Edge” as they arise; new personnel required for each investment
Cost efficient, future proofed platform By consolidating vendors and solutions, realize cost savings from reduced infrastructure needs, licensing fees, and management overhead. No need to add new products as a new “Edge” is incorporated or as new security requirements rise. The Versa Unified SASE platform will evolve with your business.
Islands of policies per perimeter Ad hoc security is deployed for each use case creating inconsistent policies and gaps
Unified and consistent policy An integrated approach to best-of-breed can provide better visibility and a more cohesive security posture.
Inconsistent experiences Separate architecture for each capability that requires hairpinning between points of enforcement. Connectivity fails to incorporate an application-aware backbone.
Consistent, User and User-to-App performance Pair an architecture that eliminates hairpinning between different points of the architecture with an application-aware backbone that can balance between the latest providers and connections.
So, how can this be delivered to help you?
Purpose Built Platform
For incumbent vendors who have are mired with technical debt, building a platform can often takes years in order to bring together bespoke architectures, designs and tools to deliver a unified capability. Many have tried to repurpose their existing product to add other capabilities but not succeeded in delivering the richness of network and security needed for this new world. Others continue down a path of ‘platformization’ which will take years.
In the meantime, you cannot wait for them as you still need to meet your business goals and deliverables.
Fortunately, Versa has what you need. Unlike most incumbents, Versa was founded with a vision that in the future, there would be no network worth having without security being built-in and delivered this platform many years ago. While the initial use case was Secure SD-WAN, the extensibility of the platform approach has expanded to address secure private, secure internet access for remote as well as on-premise workers and also extend a secure overlay into a private data center with a secure software defined NIC or into private cloud with secure multicloud/hybrid cloud networking.
A Unified Architecture to Protect Every Site, User, Device and Connect to Workloads Anywhere, Anytime
Versa Zero Trust Networking Platform delivers this to you today. You can start by using it for part of your infrastructure and gradually expand the use of the platform to other places as and when the business demands.
AI Powered
The platform is built upon a foundation of AI that is used for data and threat prevention, to determine the most optimal path for a user-to-app experience and for operations.
Multi-tenant by design
Versa is the industry’s singular true multi-tenant solution, ensuring unparalleled scalability across cloud, management, data center, branch, and edge device locations. This delivers ultimate flexibility for you to design and deploy your network while isolating control and management planes and using different topologies for different tenants. For example, a branch or corporate office using Versa at the edge can support up to 256 distinct tenants – each using their own individualized virtual routing, VLANs, and service chains, maintaining complete independence across control, data, and management planes.
Flexible & Extensible
Remote or hybrid users have a client-based or clientless option for an “always on” connection to workloads in private or public clouds. Users are connected to gateways based on proximity, load, and other real-time variables. Using the client unlocks device posture information that can be used for policy enforcement.
Branch or corporate offices use a Versa Secure SD-WAN device or a third-party SD-WAN, router, firewall to enable users/devices to access workloads in private or public cloud or connect to other corporate sites. Using Versa SD-WAN as an on-ramp uniquely delivers end-to-end observability and control for user/device-to-app performance and security.
Versa is fundamentally different than proprietary and expensive network software and hardware. Using software to define the network introduces an open and automated approach that enhances reliability, grants granular control, and provides flexibility. Versa supports the widest set of deployment options in the industry and is designed to run directly on bare metal Versa CSG appliances with industry leading features and competitive price points. Versa also runs on certified and preconfigured white box platforms, hypervisor VMs (VMware ESXi, KVM, Xen and Microsoft Hyper-V), and IaaS platforms (Amazon, Google and Microsoft).
At Versa, these core elements are not only modular but also natively embedded and interconnected – working together to create a unified security and networking posture. What is the benefit to you?
OtherVendors
Versa
Multiple point products Many incumbents have amalgamated organic and acquired products under a commercial construct that they call a “platform” that includes hardware appliance-based products as well as cloud services. Even if they are one bill, this is not a platform – it’s a portfolio under the same logo much like you would get from your value added reseller.
Unified software stack Move away from disjointed product stacks and hairpin routing between security and networking. Embrace the Versa Operating System (VOS™) – a fully integrated security and networking software stack and point of enforcement. Centrally configured and deployed across cloud, on-premises, and remote locations, the platform can be tailored to any environment. Our unique single-pass parallel processing differentiates us in the SASE market, providing both simplicity and enhanced security for modern networks.
Multiple data lakes Traditional systems scatter data across siloes, making root cause analysis challenging as your teams are drowning in an ocean of logs and events from siloed systems. Even a portfolio approach results in the same scatter with multiple repositories of data that then need to be stitched together with additional expensive systems using precious resources in the company or external partners.
Unified data lake Versa’s unified data lake combines security and networking data from all edges into a single repository. This simplifies and accelerates the configuration, monitoring and lifecycle management of user, device, site, application, security policies. A unified data lake accelerates routine tasks through easy automation and be integrated with external tools such as multiple user or device identity engines to quickly distribute policies to all edges based on continuous posture assessment.
Multiple management systems Using point products results in a swivel chair approach with multiple management systems – making root cause analysis challenging and extending your Mean Time to Innocence (MTTI).
Unified console Versa’s unified console delivers a single view for a centralized view across users, devices, sites and workloads. The platform includes a built-in analytics system that provides you with real-time and historical insights, robust traffic monitoring, multi-organizational reporting, and seamless integration with third-party tools. All this is driven by policy-based data logging, simplifying your analytics and offering comprehensive visibility.
Appliance based approach Traditional approaches are mired with physical or virtual appliance based approaches of the past. If choosing physical appliance, you are restricted to purchasing the hardware + software from the same vendor, creating a lock-in as you are now compelled to follow their hardware lifecycle. If choosing a virtual approach, the picture of a hardware agnostic, multi-vendor approach looks appealing but the cost & complexity of integrating multiple virtual appliances limits applicability to a subset of the footprint. Did I mention the troubleshooting challenges?
Open architecture Versa’s ZTN platform is built on a hardware and hypervisor agnostic software stack. You can deploy in any IaaS platforms such as AWS, GCP, Oracle, Azure clouds, a virtualized system or a certified open hardware appliance as bare-metal. The richness of the network and security capabilities means you don’t need multiple physical or virtual appliances. You can have all you need to secure and connect user, devices, locations, workloads anywhere. Fitting into an existing brownfield requirement is easy. With open APIs at its core, Versa provides compatibility with a range of external tools and services.
