Attributed to Matthieu Smessaert, Head of Connectivity Solutions, APAC, Orange Business Services and David Allott, Head of Cyber Defence, APAC, Orange Business Services
The last two years have seen a mass shift to remote work, which required great flexibility and agility without compromising one of the top business risks – cybersecurity. There is no doubt that working remotely and relocating applications to the cloud made cybersecurity an imperative with further operational complexity. While there is an increasing requirement for cybersecurity to mitigate risk across an ever-expanding attack surface, businesses should not fret as many of these challenges can be addressed by adopting a strategy of SASE.
The secret behind SASE
In 2019, Gartner published a report “The Future of Network Security Is in the Cloud”, describing the concept of the Secure Access Service Edge or SASE. This approach was projected to protect digital business transformation with cloud-based, software-defined secure access. Since then, SASE has become a topic on the lips of enterprise technology decision makers globally.
As a cloud architecture model, SASE promises to provide comprehensive and holistic network security services to support the needs of companies and advance their digital transformation. SASE facilitates the accelerated adoption of cloud-native services and edge computing platforms, enabling companies to provide IT services at speed, with highly secure remote access, and at reduced costs.
But what are the most outstanding benefits of SASE that organisations can reap?
Four letters with big benefits
Companies that choose SASE gain from these four most outstanding benefits:
Better security in the cloud: SASE enables centralised and cloud-based management of enterprise security policies – with distributed reinforcement points that are logically close to the network units. Every access request can be checked using the same central security policies, and significantly reduce risk of a data breach. In addition, SASE supports end-to-end encryption with integrated web application and API security services (WAAP) as well as strict access controls via the Zero Trust Networking Access (ZTNA) model.
Improved network performance: In addition to the advantages of Software-defined Wide Area Network (SD-WAN) with SASE, the integrated security approach can increase network performance. The user sessions are only checked once before the security engines are operated in parallel on a scale-out approach. This results to lower latency times compared to conventional network security architectures.
Reduced complexity and costs: SASE consolidates network and security services, thus reducing overall complexity and costs. Thanks to a cloud-based architecture, it reduces the number of necessary network components at decentralised company locations, the number of agents on end-devices and the number of providers needed. Furthermore, SASE uses cloud computing to solve security stack scaling problems.
Greater visibility and control: The implementation of SASE reduces the number of security agents on user devices as well as the number of edge network appliances in remote corporate locations. This ensures transparency and makes it easier for users to access data regardless of location. It is also highly likely that users will consolidate various tech vendors and SD-WAN/Security into a single platform.
While the benefits are evident, why is implementation still nascent?
The four biggest hurdles for SASE implementation
The implementation of SASE is not immediate and brings with it challenges. The four most important obstacles can be summarised as follows:
In-depth experience is lacking: With the increasing adoption of SASE, the market could be flooded by a multitude of new and inexperienced vendors who lack in-depth expertise in the areas of cloud-native networks and security. The danger here is that SASE offerings are being developed and provided by cloud providers and emerging SASE providers, who are new to the security market and who do not have a deep understanding of the connections between the data, resources, and users. This lack of experience can present challenges in defining and implementing effective multi-cloud security policies. Companies should therefore turn to providers with a cloud-native mentality and necessary experience with SASE.
Silo thinking in corporate culture and policy: Network and network security services are typically managed by different teams. The goal of reducing complexity and improving operational management with a SASE approach is therefore often in contradiction to traditional siloed departmental thinking – a cultural mindset of not sharing nor wanting to give up “control”. The acceptance of SASE should therefore be supported and accelerated by IT and senior management to promote and implement successfully across departments.
There is still no established market environment for SASE: Numerous changes such as mergers and acquisitions can be expected in the market environment for SASE in the coming years. There will be SASE components that combine different networking and security features. If this keeps up, consequences include even greater complexity, higher costs or poorer performance; therefore, good service integration is important here. Smaller SASE vendors pose a further threat as they may not have the network POPs (Point of Presence) and peering relationships, which can ultimately result in high costs and poor performance. They also usually tend to focus on specific areas, which is either SD-WAN or Security.
Streamlining your existing partners
Whilst we understand it is never easy making changes, transforming to SASE gives an opportunity for you to try and streamline your technology vendors. You need to weight in your existing vendors capability and ask yourself not just if your vendor is able to fulfil your existing requirements but are they also able to protect your investment given SASE is still evolving. Where you do require more than a single vendor, they should already work well together in complementing each other.
How can SASE become a success for companies?
Despite the hurdles, the unparalleled advantages of SASE are attractive to most companies. However, introducing the concept requires a fundamental transformative strategy and there are a few points that must be observed.
SASE must be integrated into a company's network and security transformation strategy. For this to happen, IT executives must work with SASE providers to create a roadmap that takes into account all of the company's objectives and requirements. As a rule of thumb, SASE should be implemented in a phased approach to guarantee a smooth transformation aligned to business and risk outcomes. In addition, the implementation of SASE requires the strong involvement of the Chief Information Security Officers (CISO) or other senior security and risk leaders. Integration across teams and departments is essential for the transformation process.
SASE implies the Internet is always available and efficient. Hence, having resilient and diverse WAN connectivity is important to provide a strong foundation to SASE. Companies must deal with the integration and consolidation of the core capabilities of SASE at an early stage. It is important to identify the right network and security providers and involve them as soon as possible in the process so that SD-WAN, secure web gateway (SWG), Cloud access security broker (CASB), and ZTNA solutions can be evaluated together and concurrently. In your partner selection process, insist on actual case studies with proven delivery capabilities, evaluate for the ability to support managed, but also integrated and operated solutions, and look out for a partner who brings multiple internet vendor options to the table.
SASE helps in mastering the next normal
As markets in APAC recover unevenly, a remote and flexible working environment will be the new normal, and companies are recognising the urgent need for short-term planning for different work environments and scenarios.
Companies that decide to implement a SASE approach should therefore work out a comprehensive, yet synergistic transformative strategy as a first step. They need to evaluate all possible SASE components and providers carefully and align with their own corporate objectives, while keeping an eye on potential hurdles that may arise. While the support of the company leadership is of fundamental importance, it is also crucial to convince team members to evolve from the traditional disparate network and security architectures and get onboard the SASE journey.