E-Handbook: SASE model aims to boost network security, performance Article 3 of 4

sdecoret - stock.adobe.com


Why SASE adoption requires a paradigm shift

Enterprises preparing to adopt Secure Access Service Edge should understand how the architecture presents organizational and architectural challenges for network and security teams.

As businesses continue to evolve and move to cloud-based models, IT departments have moved toward delivering more of their capability as a service instead of deploying fixed-function hardware.

Software-defined WAN (SD-WAN) indicated the first major networking change in this shift toward as a service. It virtualized the WAN connection control, opening that service level to other network aspects, like routing, caching, acceleration, quality of service and traffic shaping.

Delivering WAN services to branch offices through a cloud infrastructure also introduced the basis for half of the as-a-service puzzle: network as a service (NaaS). Networking capabilities that were previously delivered by physical appliances can now be provided in a virtual manner through a cloud service, like Microsoft Azure or AWS, under the NaaS moniker.

With NaaS in place, the natural evolution to a service-enabled strategy is to address security as a service -- often called SECaaS. Through SECaaS, the security components used to safeguard network traffic can also be virtualized and delivered through a cloud service. Businesses can consume this service in real time instead of deploying proprietary hardware platforms with steep upfront capital costs and complex configuration requirements.

What is SASE?

SASE adoption can be challenging, but the payoff will be huge for those companies that are able to make the move.

When combined, NaaS and SECaaS create what Gartner refers to as Secure Access Service Edge (SASE). SASE is a cloud-based architecture that distributes networking and security functions to connected clients, including data centers, IoT sensors and mobile users. Businesses will undertake SASE adoption to connect their branch offices in the future, as their reliance on physical networking gives way to the virtualization and servitization of these functions.

The key benefits of SASE include the reduction of complexity and cost, the ability to scale up and down to meet business needs, and the ability to rapidly change based on fluctuations in the business environment. The centralized policy management still enables local enforcement, down to the system or user, and this enforcement is invisible to the branch office.

While these benefits may sound like a nirvana all businesses would clamor to achieve, IT organizations that aren't fully prepared for change may face roadblocks along the way to SASE adoption.

SASE architecture
SASE architecture converges networking and security functions into a cloud-based platform.

Cultural challenges for SASE adoption

The first challenge with SASE adoption is not technical but organizational. In many companies, networking and security teams are not as intertwined as they should be. Teams in these situations have probably come to a peaceful detente over the years, but a move to services can disrupt both their worlds. It can be a jarring experience that requires teams to relearn the art of cooperation.

As teams overcome this first organizational obstacle, they will also need to resolve three architectural challenges in this new SASE world.

Architecture challenges for SASE adoption

1. Nascent markets. The first challenge is the markets for NaaS and SECaaS are both still nascent at this point. The SASE vision is clearly a future state, and while many businesses may start their journey down that path, the road isn't fully paved yet. This expectation needs to be front and center for all adoption discussions, even if it means doing work that may not be fully used in that final state.

2. Vendor selection. The second challenge comes from the selection of SASE vendors. While a single cloud platform provider can deliver NaaS and SECaaS, the actual underlying networking and security components might not always be optimal for either team. The goal in overcoming this obstacle is to understand which components are the most critical; these are the no-compromise components that are essential in tying everything together. Getting these components right early can keep teams' projects moving forward by not stalling progress.

3. Disparate offerings. The third major challenge is the disparate offerings from vendors. Just because a team has used a vendor for physical load-balancing devices doesn't mean the vendor will also have a service-based cloud component to use. Even if the vendor does, that doesn't mean a cloud provider will offer that component. This is an area where detailed discussions with vendors about both their capabilities and their roadmaps will pay heavy dividends as teams decide how to best move toward a service-based world.

Centralization of IT resources in the headquarters data center is an outdated strategy that creates disadvantages for organizations that aren't adept at change. The business world is increasingly moving to an on-demand model. Companies beginning their transformation toward this more flexible and agile means of operation will see the prominence of SASE increase. SASE adoption can be challenging, but the payoff will be huge for those companies that are able to make the move.

Dig Deeper on Cloud and data center networking

Unified Communications
Mobile Computing
Data Center