The digital business is all about being prepared for whatever comes next. Ready for developing new products, delivering them rapidly to the market, and responding effectively to sudden changes in business conditions. Historically, IT solved emerging business needs with point products. For example, adding SD-WAN boxes to offload capacity-constrained and expensive MPLS connections to Internet links, or adding firewalls in branches to enable secure direct Internet access. The result of this approach was technological silos, built upon point solutions that were loosely integrated and separately managed.
Ultimately, IT needs to provide consistent performance and strong security in a cost-effective way to all business resources worldwide. This is an architectural challenge – not a functional problem – that requires the elimination of IT silos and “point solution patches” to address new business requirements. The realisation that IT architecture must evolve is driving the Secure Access Service Edge (SASE).
SASE is a new category defined by Gartner analysts Neil McDonald, a security analyst, and Joe Skorupa, a networking analyst. It delivers an architectural transformation of enterprise networking and security, enabling IT to provide a converged, agile, and adaptable service to the digital business.
SASE creates a holistic platform that connects all edges to the networking and security capabilities an enterprise requires. This lowers the cost, complexity and risk of supporting the business in a dynamic environment. Here are some of the key benefits a SASE platform provides:
With SASE, IT can deliver optimised networking and strong security to all locations, applications, and users, regardless of their location. Provisioning of new resources and capabilities is fast and simple. All that’s needed is to deploy the right edge client, connect to the SASE platform, and corporate policies drive the network and security experience.
IT can leverage the convergence of network and security to manage all features and policies through a single interface, using a common terminology, and gain deep visibility into network and security events. Cross-team collaboration improves overall service delivery to the business, which often involves a combination of availability, performance, and security requirements.
With SASE, IT is relieved of the grunt work of maintaining on-premises infrastructure. Physical topology, redundancy, scaling, sizing and upgrading are dramatically reduced. IT can now deliver better service to the enterprise, while focusing precious resources and skills on core business issues, rather than generic infrastructure maintenance.
The simplification of the network and security stack, along with the consolidation of multiple point products, enables both vendors and customers to reduce the overall cost of maintaining the infrastructure.
“Customer demands for simplicity, scalability, flexibility, low latency and pervasive security force convergence of the WAN edge and network security markets.” - Gartner.
Migrating to SASE is a long-term project that requires thorough planning; the sooner you start, the better. The ideal time for actual migration would be before digital transformation; still, even during and after transformation, SASE delivers great value. SASE enhances IT’s ability to support business needs, providing high-throughput connectivity and easily managed, unified network security.
Here are four key signs indicating that it’s now time to start planning your SASE migration.
Your current network isn’t flexible enough to adapt to business changes and future initiatives, such as supporting new cloud workloads, addressing the growing mobile workforce, and fostering quick branch expansions.
You’re becoming overwhelmed by the heavily fragmented security solutions and find yourself having to install, manage, and maintain an increasing number of products to secure new and existing sites, applications, data, and users.
Your employees are complaining about poor business application performance that affects their productivity. This is especially apparent with latency-sensitive applications, such as voice and video, and the situation only worsens for remote workers.
You don’t have full visibility into your network, making it hard to control and manage application performance and security. Imagine having to determine which QOS configuration needs adjustment without being able to identify the root cause of a voice quality issue.
There can be several other signs that indicate the need to start planning a SASE migration. In a nutshell, if your network can’t support business needs and growth plans, it’s a clear indicator to begin your journey to SASE.
Most SASE vendors support a gradual migration process, during which a SASE platform can co-exist with legacy networks and security products until they’re fully retired. This ultimately means you can allocate already available budget for your SASE migration, rather than trying to find new budget resources.
“SASE adoption will be driven by network and network security equipment refresh cycles and associated MPLS offload projects. However, other use cases will drive earlier adoption.” - Gartner
When considering both current and upcoming spend on your existing legacy network, you’ll realise that the budget for SASE already exists, around projects such as MPLS contract renewal, security appliance refresh, and M&A integration.
Let’s take a closer look at these key events, representing budgeted projects that can effectively fund your SASE migration:
MPLS services are expensive, and this cost increases even more when additional bandwidth is required. A SASE offering, which includes a global private backbone and natively integrated SD-WAN, can augment and ultimately replace MPLS altogether. SD-WAN aggregates multiple high-capacity Internet links, providing a significant increase in last-mile bandwidth over MPLS with built-in redundancy. Leveraging the private backbone for the middle mile guarantees network performance and availability to any enterprise, regardless of its size or geographical distribution.
It is expected to maintain a strong security posture across the enterprise at all times. Today, most network security spending is related to purchasing security appliances, such as next-generation firewalls (NGFW), unified threat management (UTM), and intrusion prevention systems (IPS). As existing network security appliances reach the end of their lifecycle, you can utilise their refresh budget to migrate your network security to SASE. Since SASE delivers all network security needs from a cloud service, you’ll no longer have to worry about appliance lifecycle management.
Business initiatives , such as cloud migration, regulatory compliance, and M&A integration, all come with a budget. Take an M&A integration project, for instance: The intended budget for aligning the different networks and security stacks into a single SASE platform can be rerouted to your SASE migration. Don’t worry about the scope of the migration project. The right SASE vendor will tailor a plan to meet your needs, gradually, based on your budget and the pace of your business transformation.
Enterprises too often underestimate the impact a network has on driving a business to be more efficient, competitive and secure. The business value that SASE promises to deliver is so impactful that the market is likely to see a battle among SASE wannabe vendors. This is why careful planning, including selecting the right vendor, is crucial for a successful migration.
We’ve simplified the challenges of planning a SASE migration into the following practical recommendations:
Please verify that your vendor of choice can replace point products, such as MPLS, SDWAN, NGFW, UTM, SWG, and VPN, with its SASE platform. Please pay special attention to security players that claim to have a SASE offering but, in reality, will refer you to a different vendor to buy SD-WAN alongside their SASE. And, beware of networking players offering another vendor’s security solution. A true SASE platform delivers SD-WAN and network security that are natively integrated. In addition, make sure the SASE platform incorporates these capabilities:
A PoC is the ideal way to ensure your vendor of choice will deliver on the promise of SASE. Verify that the Proof of Concept (Poc) encompasses both SD-WAN and security capabilities, and that all are provided by a single vendor and managed from a single pane of glass. Ensure you’re getting a natively converged solution, not multiple applications and an orchestration layer.