Businesses adopt SASE technology today for many reasons: to consolidate and integrate enterprise security, fight cyberattacks, manage cloud environments, and improve network performance.
SASE has seen an uptick in adoption over the past two years, largely as a result of the COVID-19 pandemic. A June 2021 study commissioned by Versa Networks found that about 64% of the 500 security and IT decision makers surveyed said their company was either adopting or planned to adopt SASE in the next 12 months. Market researcher Gartner predicts that at least 60% of enterprises will have explicit strategies and timelines for SASE adoption by 2025, up from just 10% in 2020.
What Is SASE?
SASE, short for security access service edge, combines networking and security features through a management platform. A typical SASE offering will handle important functions like authentication and policy enforcement.
SASE products generally include the following:
- Malware protection
- Data loss prevention
- Intrusion detection and prevention
- Secure web gateways
- Cloud access security brokers
- Zero-trust network access (ZTNA)
SASE provides plenty of benefits. Among those benefits is the ability for applications to live anywhere. Organizations can also integrate and centralize security and routing. In addition, SASE’s role-based policies can streamline operations.
“Essentially, SASE is an evolution of branch connectivity,” said Rik Turner, a principal analyst at research firm Omdia. “If you are a highly geographically dispersed entity, [SASE] makes a lot of sense. Previously, the head office would ship you a router and a firewall, possibly in the same box, which would enable you to do SD-WAN and security. So, SASE is a logical next step to use networking and security as a managed security.”
Tips for Choosing SASE Products
SASE technology is only as good as its environment. As such, organizations must take some efforts to identify the right product for their needs.
Choose the right type of SASE technology
There are dozens of SASE vendors today. Some of those vendors have on-premises backgrounds in firewalls and SD-WAN, while others have developed SASE offerings specifically for cloud environments. And then there are SASE-like offerings that do application networking, which is similar to SASE.
Selecting a SASE product depends on your organization’s priorities and comfort with its IT environment, Turner said. For example, if your business was born in the cloud or moving swiftly to the cloud and you want to enable employees to work from anywhere, a cloud-based SASE offering would make sense. But if you have standardized on security and/or network technologies from a vendor that has an on-premises background, maintaining continuity with that vendor may be the way to go.
Make sure the SASE product inspects all traffic
While you might think this is an obvious point, it isn’t. Some SASE products, for example, bypass the inspection of Office 365 traffic, assuming Microsoft has it covered. That’s a mistake, said Jason Clark, chief security officer for Netskope, a SASE vendor.
“Office 365 is the most important application most organizations use today, so verify that your SASE solution inspects all traffic,” Clark said.
SASE is only as good as the planning that goes into it
To get the most out of SASE, an organization must bring together its network and security teams to make decisions and agree on the direction of the business and IT strategy. “SASE is a great reference architecture, but if IT and security aren’t in sync with where the business is going, you’ll be caught off-guard,” said Steve Winterfeld, CISO at content delivery network service provider Akamai.
One way to sync up your teams is to do a maturity audit of your organization’s current networking and security posture. By understanding the gaps, you can choose a SASE offering that plugs those gaps.
SASE isn’t a silver bullet
While SASE technology is exceptional at protecting an organization’s workforce and the resources that employees need to access, it doesn’t provide the same type of protection for an organization’s customers and other external users. That’s why it’s important to include additional tools that provide these protections, like API and firewall security tools, Winterfeld said.
Consider SSE, a subset of SASE
Security service edge (SSE) is a set of integrated services that become the primary inspection point for all traffic. Essentially, SSE is the security stack required to achieve SASE. But while SSE is a part of SASE, it’s also a valuable technology on its own.
Moving to an SSE stack takes planning and technology migration to achieve the right end state. Netskope’s Clark recommended adding ZTNA to boost security for specific private apps and augment existing VPN technology. Doing so replaces legacy on-premises secure web gateway appliances with a cloud-based alternative and moves to secure managed SaaS applications, Clark said.