Primary SASE Challenges

SASE is Not a New Technology, but an Integration of Technologies

Networking and security have long existed in parallel as separate, yet interconnected, technologies that engendered specialized IT skills, IT structures, vendors and products. SASE integrates both disciplines in a new playing field, with new rules, new solutions, and new packaging of technologies.

Trusted SASE Vendors and Providers

Vendor selection should be done with great care, and an organization must do sufficient piloting and testing to ensure a SASE solution fits their needs before implementation. SASE encompasses all networking and security technologies, making it difficult to apply a policy of no single-sourcing. Enterprises should familiarize themselves sufficiently with a proposed SASE solution to understand the technology and security practices underlying the solution, as well as the vendor’s ability to provide specific features the enterprise may be looking for.

SASE Architecture Must Scale

SASE must scale to provide top application performance to a potentially vast number of globally distributed endpoints, users, devices and applications. Encryption/decryption and security enforcement policies must be applied at line-rate speeds. The SASE architecture must provide scalability not only for the data plane, but also for the control and management planes, as well as for cloud-native and on-prem solutions.

A streamlined, single-pass software architecture—where the traffic flow is opened (potentially decrypted) and scrutinized a single time only using multiple policy engines in parallel, ideally in-memory, without requiring chaining of inspection services—is the best candidate to provide the required scalability. The Versa SD-WAN from-the-ground-up SASE implementation provides all of these advantages.

Organizational Culture

SASE is not just a technology, or even a package of technologies. It spans the traditional IT separation of security and networking teams and responsibilities. Integrating the technologies into a single solution also requires that IT teams be tightly integrated in operations, responsibilities, deployment, management, solution testing and vendor selection.

The business world is increasingly moving to an on-demand model. Companies beginning their transformation toward this more flexible and agile structure and means of operation will see the prominence of SASE increase.

A Distributed System of Cloud Gateways

Cloud-native SASE offerings are bounded by the distribution of the set of cloud gateways (POPs) they can leverage. A global build-out of POPs is necessary to provide predictable application performance and QoE for all users. You may use your own system of gateways (though this may prove costly for smaller enterprises), and/or leverage gateways provided by your SASE vendor or service provider.

Skillset of the SASE Provider or Vendor

SASE integrates the services encompassed by traditional networking and security solutions. Legacy hardware vendors with backgrounds in either field may not be the best SASE vendor choice as they may lack expertise in the other field. They may also not bring a true cloud-native mindset to the SASE architecture, leading to lack of performance and insufficient integration capabilities. As the SASE market is still young, Gartner expects disparate offerings from vendors with differing backgrounds while the market settles.

Integration and Interoperability

The scope of SASE makes it important that providers have well integrated features, not ones that are strung together from pre-existing standalone point products. SASE endpoint agents must integrate with other agents to simplify deployments, with cloud gateways of various flavors, and with a number of types of proxies required in the overall solution.

Avoid DIY Solutions

SASE solutions that cobble together a disjointed set of single-purpose appliances or services are destined to result in a solution with undesirable attributes.

• Complex infrastructure and management
• High latency
• Unpredictable attack surface
• Insufficient performance at scale
• A general lack of network visibility, control as well as the administrative tools necessary to comply with industry standards and government regulations/laws
• Lacking the flexibility, simplicity, and security that a well-engineered SASE solution should deliver

Gartner recommends adopting a true SASE solution provided by one or two vendors. Enterprises are advised to do thorough SASE solution testing to ensure it fits your scale, deployment and security needs, rather than just doing a “datasheet comparison”.