Everyone is seemingly talking about it. Some aspire to be it. Some even claim they are it. Some are already fed up with it. A lot, however, are confused by what it is and what to think about it. Let’s take a straightforward and pragmatic look at SASE.
The core functional elements of SASE are not new. As I covered in my previous blog post, the market transitions making a SASE architecture an increasingly compelling proposition have actually been playing out for the better part of a decade.
A recap of what it is
SASE, short for secure access service edge and pronounced “sassy,” is a label for a consolidated architectural solution that provides effective and homogenous levels of security and experience for users from anywhere (i.e. the office, home, coffee shop, etc.) on any device.
Even more simply put, if SASE had a mission statement, it would be to deliver consistent security and quality of experience (QoE) for end users, no matter their location.
In order to accomplish this, SASE describes an architecture which converges networking and network security functions and shifts them towards an as-a-service (aaS) cloud edge model:
- Networking for QoE
The most widely cited technology here is SD-WAN, but of course the LAN also plays a role in QoE too - Security for… security
Security is a complex beast and not a singular entity but instead a stack of security technologies such as firewall, secure web gateway (SWG), cloud access security broker (CASB), zero-trust network access (ZTNA), etc. - As-a-service cloud edge model for consistency
What is an as-a-service cloud edge model?
To deliver consistency, SASE proposes a consumption of its core technologies as-a-service by leveraging a global network of cloud points of presence (PoP). In this way, no matter where in the world end users are, they can connect to their nearest (and least latent) local PoP, and seamlessly have consistent networking and security functions applied as a service, en-route to their multi-cloud or on-premises workloads.
We’re sold. We’ll have one SASE please.
Here’s where things get a little grey. Currently a complete SASE solution is like a fully autonomous car as-service; a lot of the individual technologies are available but have yet to be fully integrated so you can summon the nearest available self-driving vehicle to your doorstep. Consolidating the technologies within SASE to leverage a shared network of global PoPs and deliver them aaS will arguably be the biggest transformation for most enterprises and vendors. Consequently, moving SASE capabilities to an aaS cloud edge will be a multifaceted journey for enterprises and technology vendors.
The enterprise organization journey
Assuming, as an organization, you see value in the SASE architecture, implementation will most certainly be a journey that will evolve over time. There are multiple factors that will influence how much of the SASE architecture enterprises choose to implement and when:
- Existing infrastructure and any related managed service contracts
- Geography—as with other cloud technologies, there are regional limitations that can impact availability
- Size of organization—the larger the organization, the more likely it is to have a complex existing IT infrastructure and change process
- Industry, especially regulated ones with compliance requirements such as HIPAA, FIPS, etc.
- Corporate IT investment strategy—does your organization believe in SASE and are they willing to invest in it
- SASE technology maturation and availability
The technology journey
This will vary for technology vendors based on their starting point and the number of SASE puzzle pieces they’re missing:
- Networking
- Security
- Consolidation of the two technologies
- An as-a-service cloud edge model
This might seem straightforward, but just consolidating the two powerhouses of networking and security, and doing it well, cannot be underestimated. For almost all vendors, the journey will involve either in-house development, acquisition, partnership with another vendor, or perhaps even a combination of all three.
If only there was a vendor that is an outright leader in SD-WAN and networking and also has a best-in-class suite of as-a-service cloud security technologies…
More on that next time. Until then, stay SASE.