SASE provides converged network and security services from a single, globally distributed and cloud-native architecture. This includes the network, such as SD-WAN, and security services including cloud secure web gateway (SWG), firewall as a service (FWaaS), and zero trust network access (ZTNA).
Digitization, remote working and cloud-based computing have accelerated the launch of cloud-delivered SASE offerings to enable users to work from any device, anywhere, at any time, according to analyst Gartner.
Making a transition to SASE
By 2025, at least 60% of enterprises will have strategies and timelines for SASE adoption covering user, branch and edge access, up from 10% in 2020, forecasts Gartner. Today, most enterprises are in the early phase of the SASE transformation. However, enterprises that have adopted SD-WAN to deliver cloud-based services will need to take SASE onboard. SD-WAN delivers on cloud, agility and cost savings. SASE goes a step further by building all-important security into cloud-native architectures. This provides a holistic network that can address enterprise WAN and security requirements on a global scale.
It is important to note that SASE is not a single technology or a specific product; it’s a concept and a reference architecture. Achieving SASE takes time and a well-thought-out strategy. Some enterprises will be in the middle of hardware refresh cycles and still have time outstanding on software contracts, for example, which can slow down the transition. Most companies are already on the journey to SASE, even if they don’t know it.
At a high level, deploying a SASE architecture is based on the concept of enabling secure connectivity and access to resources from the edge. To be effective, enterprises need to integrate and centrally manage all parts of the SASE model, namely connectivity, networking and security.
Charting the SASE journey
The road to SASE is different for every enterprise. There are many variations in how SD-WAN and SASE are deployed to meet business needs.
In addition, not every vendor claiming to offer a SASE product currently delivers all the required and recommended SASE capabilities. For large enterprises, this includes sensitive data visibility and threat awareness, contractually enforced SLAs, modular architecture and single-pass encryption on a global scale.
Enterprises will need to make significant changes to how networks operate and are secured. The result, however, is secure access no matter where users, workloads, devices or applications are based. This is crucial with the rise in hybrid working, the use of software as a service (SaaS), and the dynamic movement of data between data centers, branch offices and multi-cloud estates.
This single-platform approach significantly increases the efficiencies of IT resources and offers the enterprise greater agility and flexibility by bringing network and security into a single pane of glass.
The journey will require enterprises to address any challenges they have with digital transformation, edge computing, organizational alignment and mobile workforces, for example.
For this reason, we at Orange Business Services advise enterprises to set up a joint network and security team to develop a long-term SASE transformation roadmap. It is important that this joint team also includes employees responsible for branch office transformation, applications and cloud environments, as well as:
SD-WAN is at the center of SASE transformations and often includes WAN redesign for direct Internet access and MPLS offload projects.
Establishing Zero Trust
Enabling zero trust network access is a key component in the SASE architecture and is vital to deliver end-to-end security.
Zero trust is an IT security model that assumes everything is a threat inside and outside the network until it is verified. It demands stringent verification for all users and devices. ZTNA offers controlled identity and context-aware access to resources.
In the long term, enterprises should look to replace 90% of legacy network-level VPN access with zero trust network access. However, this could be accelerated in line with hardware refresh cycles and branch office transformation plans.
An ongoing journey
SASE comes with the big promise of integrating disparate technologies into cloud-native environments, simplifying deployments, security and ongoing management. But it isn’t a switch-and-go project. Like any new technology, it is advisable to start with specific use cases, such as MPLS replacement, and gradually change existing on-premises solutions, such as firewalls.
Of course, enterprises that are born in the cloud will be able to accelerate their journey to SASE, as they don’t have the legacy solutions to replace.
All SASE migration strategies, however, should consistently be refreshed as the SASE market matures. Using a single vendor for network security as a service and consolidating technology stacks can reduce cost and complexity.
SASE has the potential to be a game changer when it comes to security and infrastructure management. The trick is to get it right from the start.
To find out more about SASE and how you can ensure a successful journey, strengthening security, reducing complexity and costs, and improving global scale and operational efficiency, download the Orange Business Services/Palo Alto Journey to SASE whitepaper, the Orange Business Services/Cisco SASE eBook and information on the integration of Fortinet’s Security-driven Networking technologies into the Orange telco cloud infrastructure.