Primary SASE Challenges
SASE converges all networking and security capabilities into a single-service cloud-native, globally distributed architecture that shifts the security focus from traffic-flow-centric to identity-centric.
SASE encompasses a package of technologies that embeds security into the global network fabric so it is always available no matter where the user is, where the application or resource being accessed is, or what combination of transport technologies connects the user and the resource.
SASE is not an instant panacea for all security exposures, but it is a technology that locks down the new software-defined “border” in an era when networking interactions are increasingly disassociated from known locations or devices, and yesterday’s fixed-border security measures no longer provide adequate protection.
As with the adoption of all new technologies, SASE implementation will come with bumps in the road. Choosing the right strategy, and the right partner/vendor can significantly ease the path of a successful implementation.
Gartner and other industry analysts advise everyone to pay close attention to the following aspects of SASE implementation to navigate the most likely hurdles.
SASE is Not a New Technology, but an Integration of Technologies
Networking and security have long existed in parallel as separate, yet interconnected, technologies that engendered specialized IT skills, IT structures, vendors and products. SASE integrates both disciplines in a new playing field, with new rules, new solutions, and new packaging of technologies.
Trusted SASE Vendors and Providers
Vendor selection should be done with great care, and an organization must do sufficient piloting and testing to ensure a SASE solution fits their needs before implementation. SASE encompasses all networking and security technologies, making it difficult to apply a policy of no single-sourcing. Enterprises should familiarize themselves sufficiently with a proposed SASE solution to understand the technology and security practices underlying the solution, as well as the vendor’s ability to provide specific features the enterprise may be looking for.
SASE Architecture Must Scale
SASE must scale to provide top application performance to a potentially vast number of globally distributed endpoints, users, devices and applications. Encryption/decryption and security enforcement policies must be applied at line-rate speeds. The SASE architecture must provide scalability not only for the data plane, but also for the control and management planes, as well as for cloud-native and on-prem solutions.
A streamlined, single-pass software architecture—where the traffic flow is opened (potentially decrypted) and scrutinized a single time only using multiple policy engines in parallel, ideally in-memory, without requiring chaining of inspection services—is the best candidate to provide the required scalability. The Versa SD-WAN from-the-ground-up SASE implementation provides all of these advantages.
Organizational Culture
SASE is not just a technology, or even a package of technologies. It spans the traditional IT separation of security and networking teams and responsibilities. Integrating the technologies into a single solution also requires that IT teams be tightly integrated in operations, responsibilities, deployment, management, solution testing and vendor selection.
The business world is increasingly moving to an on-demand model. Companies beginning their transformation toward this more flexible and agile structure and means of operation will see the prominence of SASE increase.
A Distributed System of Cloud Gateways
Cloud-native SASE offerings are bounded by the distribution of the set of cloud gateways (POPs) they can leverage. A global build-out of POPs is necessary to provide predictable application performance and QoE for all users. You may use your own system of gateways (though this may prove costly for smaller enterprises), and/or leverage gateways provided by your SASE vendor or service provider.
Skillset of the SASE Provider or Vendor
SASE integrates the services encompassed by traditional networking and security solutions. Legacy hardware vendors with backgrounds in either field may not be the best SASE vendor choice as they may lack expertise in the other field. They may also not bring a true cloud-native mindset to the SASE architecture, leading to lack of performance and insufficient integration capabilities. As the SASE market is still young, Gartner expects disparate offerings from vendors with differing backgrounds while the market settles.
Integration and Interoperability
The scope of SASE makes it important that providers have well integrated features, not ones that are strung together from pre-existing standalone point products. SASE endpoint agents must integrate with other agents to simplify deployments, with cloud gateways of various flavors, and with a number of types of proxies required in the overall solution.
Avoid DIY Solutions
SASE solutions that cobble together a disjointed set of single-purpose appliances or services are destined to result in a solution with undesirable attributes.
- Complex infrastructure and management
- High latency
- Unpredictable attack surface
- Insufficient performance at scale
- A general lack of network visibility, control as well as the administrative tools necessary to comply with industry standards and government regulations/laws
- Lacking the flexibility, simplicity, and security that a well-engineered SASE solution should deliver
Gartner recommends adopting a true SASE solution provided by one or two vendors. Enterprises are advised to do thorough SASE solution testing to ensure it fits your scale, deployment and security needs, rather than just doing a “datasheet comparison”.
Free eBook
SASE For Dummies
Learn the business and technical background of SASE including best practices, real-life customer deployments, and the benefits that come with a SASE enabled organization.
Learn More
Find more research, analysis, and information on SASE (Secure Access Service Edge), networking, security, SD-WAN, and cloud from industry thought leaders, analysts, and experts.