Busting the myths that surround SASE

Secure Access Service Edge, otherwise known as SASE, is a hot topic right now. This is little surprise as this cloud-based framework promises to address the network and security challenges linked to digital transformation. But, as typical with innovations, myths have grown around it. Here we try to debunk them.

To view this video content, you must accept YouTube cookies.

These cookies make it possible to share or react directly on the social networks to which you are connected or to integrate content initially posted on these social networks. They also allow social networks to use your visits to our sites and applications for personalization and targeting advertising.

SASE is undoubtedly garnering attention. Gartner forecasts the total worldwide organizational spend on SASE will reach nearly $9.2 billion this year, a 39% increase on 2022. This is driven by a shift to hybrid working, a desire for optimized performance from evolving networks, a need to consolidate vendors to reduce complexity and zero-trust security appeal. SASE addresses the issues that come with more applications sitting in the cloud, data stored in multiple cloud services and users connecting from anywhere on any device.

With such rapid take up, myths and misconceptions inevitably emerge, such as how to deploy it and what it can and can’t do. This can leave organizations confused and disappointed with the results.

Myth #1: One model can solve any organization’s issues

The biggest myth to dispel is that SASE is a one-size-fits-all route to solving all security woes. SASE isn’t a single product; it is a network-security framework that combines networking and networking security into a single cloud service. Neither is there one approach that works with all organizations, because each and every one is different.

Remote working and the evolution of the network are now the key drivers in Orange Business customers beginning their SASE journey. “They are reconsidering the network, how it works for them and the performance they can get. There is no single answer to these questions. There is no one way to SASE,” explains Emmanuel David, Product Manager, Orange Cyberdefense.

Neither are all the SASE offerings on the market the same. Enterprises need to be very clear on what they want from SASE before they choose a partner to navigate their journeys. However, they must look for a SASE framework that can be seamlessly integrated into their networking infrastructure and security architectures to ensure secure and robust connectivity alongside an enhanced user experience.

“Enterprises must plan. SASE is a transformation project. You have to analyze your current situation and work out the next step,” says Emmanuel. “This will determine how you build your roadmap.”

Myth #2: It all needs to be in the cloud

Enterprises are told that everything should sit in the cloud for SASE to work, and it will give the same level of security across the entire enterprise. Unfortunately, this is a half-truth.

More and more enterprises are migrating to the cloud, but a hybrid approach is proving appealing for many. This combines a private cloud with public cloud services and often on-premises infrastructure. Hybrid can help enterprises ease into cloud migration, optimize workload resources and protect data according to its sensitivity.

“There are a few who have gone all the way to the cloud, but hybrid is still the mainstream way to go,” explains Emmanuel. “It is typically a combination of on-premises and cloud.”

Whether hybrid or cloud-only, vendor consolidation is one of the main reasons enterprises are looking to SASE. So much so that by 2025, 65% of enterprises will have consolidated individual SASE components into one or two explicitly partnered SASE vendors, up from 15% in 2021.

At the same time, SASE is a combination of networking and security, so it is vital that you come up with a common design and ensure synergy between in-house teams to reach SASE goals; this is supported by security specialists from Orange Cyberdefense and networking specialists from Orange Business.

Myth #3: Zero trust is an off-the-shelf product

A single zero-trust product does not exist. Zero trust is a set of security principles that are built on strictly designed permissions. These need to be kept up-to-date and accurate for the model to work.

The issue, according to Gartner, is that security leaders are inundated with marketing literature around zero trust and are struggling to translate technical reality into business benefits.

“What customers want is an easier way to be compliant or prove they are compliant. Again, the more security tools you have, the more difficult it is to prove that” explains Emmanuel David, Orange Cyberdefense. “If you combine consolidation with a compliance strategy, zero trust becomes a driver for SASE as it is easier to do it with it than without it.”

But as Gartner points out: “Zero trust is falsely promoted as “the” optimal approach to cybersecurity, when in fact it is an approach that makes it possible to optimize security for the business.”

Enterprises must understand that zero trust is evolving. It requires continuous monitoring to control what each user can do in each application using its principles. In addition, the technologies must be configured to ensure users get the right level of access while adhering to the enterprise security strategy and policy. Customizing these needs is an important element, notes Emmanuel. “Any technologies will not achieve miracles; they must be applied to your situation and needs,” he says.

Myth #4: There is a single model for adopting SASE

There is no cookie-cutter regime to adopting SASE. Every enterprise needs to draw up its own customized strategy based on an audit of what they already have in place. A transformation to SASE takes time.

With so many vendors offering SASE right now, it is crucial to understand that they do not all offer the same SASE capabilities. Enterprises should look at their technology requirements for best-of-breed offerings and business outcomes.

SASE advanced, which is powered by Orange Business, is part of Evolution Platform and is secured by Orange Cyberdefense, combines unique capabilities in cloud, connectivity, security and digital integration. The SASE platform seamlessly merges connectivity, security and operational expertise to satisfy changing business priorities. Working with Orange Cyberdefense, along with world-leading partners, customers get personalized protection explicitly designed for their daily organizational demands.

Deploying SASE does not have to be complex. Visibility will significantly increase with the right partner and milestones in place. At the same time, enterprises will effectively meet the security and performance demands of an increasingly distributed workforce.

Find out how SASE can help your organization work better with a smarter, secure user experience for distributed enterprises.

Emmanuel David
Emmanuel David

With expertise in cybersecurity solutions, Emmanuel David is a Product Manager for the Global Service Lines division at Orange Cyberdefense and is the lead for the global SASE strategy. He was previously a technical director for Orange Cyberdefense Belgium where he managed the solution team, lead the portfolio strategy and was part of the Orange Cyberdefense CTO Community.