ARN

Sussing out SASE and what it offers partners

What is SASE and what does it mean for channel players?
L-R: Bjarne Munch (Gartner), Craig Sims (CCNA), Sachin Verma (Oreta)

L-R: Bjarne Munch (Gartner), Craig Sims (CCNA), Sachin Verma (Oreta)

SASE, or secure access service edge, is an integration technique that’s picked up in popularity in recent years.

The idea behind it is to combine numerous network-based security functions — such as secure web gateways, firewalls, zero trust network access (ZTNA) and cloud access security broker functionality — with software-defined wide-area network into one solution.

It’s a bit more complex than simply lumping network and security capabilities together, but once understood, the integration can provide partners with an intriguing selling point.

Research firm Gartner is said to have first defined the term SASE back in 2019, so its opinion on the matter shouldn't be ignored. Bjarne Munch, senior principal analyst at the firm, believes SASE offers improved performance due to operating out of one piece of software and improved operations through uniform policies.

Bjarne Munch (Gartner)Credit: Gartner
Bjarne Munch (Gartner)

“A key driver for SASE right now is the large number of employees that work remotely because current IP VPN- [virtual private network] and firewall-based security is too crude and generally allows too much access,” he told ARN.

“With ZTNA it is possible to define very granular access policies, per employee, per device and location, and hereby ensure uniform security policies across all locations.”

The popularity of SASE is expected to snowball over the next few years, with Gartner claiming in its Market Opportunity Map: Secure Access Service Edge, Worldwide report from July that by 2023, SASE will be the dominant consumption model for WAN (wide area network) edge in new and updated deployments.

The same report also forecast that the enterprise adoption of SASE will grow at a compound annual growth rate (CAGR) of 36 per cent through to 2025.

Some partners are starting to capitalising on SASE, with managed services providers Converged Communication Network Applications (CCNA) in Sydney and Oreta in Melbourne both skilled in the area.

Craig Sims, co-managing director at CCNA, views SASE as an enabler of secure and fast cloud transformation. Specifically, Sims sees SASE tying together SDWAN (software-defined wide area network) with security functions like threat prevention, web filtering, sandboxing, DNS security, credential theft prevention, data loss prevention and next-generation firewall policies.

Meanwhile, Sachin Verma, co-founder and managing director at Oreta, believes SASE offers boosted network performance and a reduction of the number of vendors being used in one cloud-delivered service model.

One of the benefits of the integration technique, according to the partners, is a focus on simplification.

For example, Sims pointed to easy-to-deploy cloud solutions, ease of management, scalability of the WAN and cost reductions, resulting in a consistent edge to edge secure network solution.

Craig Sims (CCNA)Credit: CCNA
Craig Sims (CCNA)

“A good SASE solution will look at the real edge — the end user or the edge device — and not the branch office or the data centre,” he said.

Similarly, Verma said the technique largely offers “simplicity and flexibility” to manage WAN traffic and security from one place.

While dealing with an offering from a single vendor can simplify things, Munch also said enterprises will need to put all of their security solutions into one basket, which might not be an attractive prospect to some.

“A key negative is that many enterprises may look at different vendors as their preferred brand for these various functions,” he said. “This means that in order to get to a full SASE solution they may need to compromise on their preferred vendors in certain areas.”

As a result, this places partners at a crossroads — whether to provide a SASE offering from a single vendor, or multiple security offerings from a variety of vendors.

“SASE is still new and there are only a few vendors that have all the functionality required of a SASE solution, but many of these vendors are not equally good in all areas,” Munch added.

“This means that enterprises or businesses that would like SASE need to approach it as a strategy where their need to ensure that what they buy today has a roadmap to a full SASE solution.”

Due to the reliance on cloud-based functionality, Munch noted, situations where accessing the cloud is not available could be better suited to an on-site security deployment.

Read more on the next page...

Page Break

Additionally, just because security functions can be rolled into a SASE offering, it doesn’t always mean they should, and decisions whether to use SASE or not need to be taken on a case-by-case basis, Sims noted.

“Each network solution needs to be looked at and scrutinised; not all the functions need to be added to all architectures even though they are core elements of a SASE offering,” he said.

“Sometimes they are covered by other functions — threat prevention, web filtering, sandboxing, DNS security, credential theft prevention, data loss prevention and next-generation firewall policies.”

Sachin Verma (Oreta)Credit: Oreta
Sachin Verma (Oreta)

Verma holds the same belief, claiming that no solution, including SASE, fits every use case.

“Sometimes a standalone SASE model may not fulfill all the requirements of an organisation,” he said. “For example, an office that requires application and data to be locally hosted would require a hybrid approach to allow balance of on-prem and cloud networking/security requirements.

“However, there are certain businesses that rely on legacy MPLS [multiprotocol label switching] or on VPN [virtual private network] tunnels, where SASE may not be suited for them.”

Munch also recommended looking at the needs of the business, rather than slapping on a SASE solution and calling it a day.

“If there is a need to renew the WAN today, it is more important to ensure an SD-WAN deployment than waiting for the perfect SASE solution,” he said.

“Similarly, if the business is now allowing a large percentage of employees to work remotely then ZTNA should be a priority.”

In addition, Verma said, the emerging nature of SASE means the technology still has a “significant” room for improvement and with security services can be better suited with existing solutions.

“For example, organisations find limited features in automated configurations, network monitoring and device troubleshooting,” he said.

“In some cases where a business may have recently implemented SD-WAN, adding SASE can create duplication, introduce inefficiencies and make troubleshooting more difficult.”

Regardless, that room for improvement is something partners are looking at closely.

“SASE is still an emerging technology category of products and services that will continue to develop and become more widely acknowledged and skillsets sort after as cloud technologies continue to grow,” Sims said.

“This is just the start of SASE.”