When it comes to Secure Access Services Edge (SASE), there’s still a lot of confusion in the marketplace. Organizations with remote offices and hybrid workers need to make sure users have a good work experience both on and off the network, and at the same time ensure that security policies are being applied and enforced consistently. A SASE architecture helps address these issues by extending secure access and high-performance connectivity to users anywhere.
Much of the SASE confusion stems from the fact that some solutions only solve part of the problem. Either they don’t provide enterprise-grade security to remote users, or they don’t integrate well with the physical and virtual network and security tools that are deployed at the network edge. And sometimes they can’t meet either requirement. When rolling out SASE, I recommend that IT leaders keep four things in mind when they are evaluating solutions.
1. Flexible deployment
The SASE solution you choose should support flexible deployment options that give you the ability to roll everything out at your own pace. It should not force you to rearchitect everything you already have deployed. SASE is a journey to consolidate and integrate key networking and security technologies. Your vendor should be able to support that journey.
Many organizations attempt to cobble together solutions from different vendors but trying to get everything to work together as a unified SASE architecture can be difficult or impossible build, maintain, and troubleshoot. A single-vendor SASE approach converges networking and security, so you can control management, optimization, and policy enforcement through a single interface.
Only by truly converging networking and security across the entire business environment can organizations implement a comprehensive zero-trust architecture that delivers consistent security and a good experience for users no matter where they’re located.
2. Enterprise-grade security
Organizations need to look carefully at the quality of the security within any given solution. Is it enterprise-grade security that is fed by threat intelligence? Many organizations offering SASE solutions leverage third parties for their security. You should look for a SASE vendor that is backed by trusted security, fed by real-time threat intelligence, and that takes advantage of mature AI and machine learning.
An effective SASE solution includes secure web gateway (SWG) capabilities, cloud access security broker (CASB), and firewall as a service (FWaaS) to monitor and protect data and applications against web-based attacks. It also should include other features such as URL filtering, DNS security, anti-phishing, antivirus, anti-malware, sandboxing, and deep-SSL inspection.
Selecting a single-vendor SASE solution means it can interoperate across the distributed network with the ability to hand off connections between the cloud and on-premises devices. Access and security policies can then follow users and applications end to end rather than terminating connectivity and control at either edge of the network.
3. On-premises integration
It’s important that the SASE solution you choose can integrate with your on-premises deployments. When you’re looking at SASE, what you need to understand is that it is the convergence of cloud-delivered networking and security. Thinking that convergence only needs to be in the cloud or convergence only needs to be on-premises when you have a hybrid network is not the right way to look at it. You need both.
Solutions should not just provide an isolated, cloud-only approach because you need broad visibility, granular control, and consistent, and even proactive, protection everywhere. The SASE solution you select should enable you to use SASE to connect both on-premises security and cloud-delivered security with consistent security for users, whether they are on or off the network.
Your SASE solution should provide comprehensive cloud-delivered security with natively integrated zero-trust network access (ZTNA) for consistent protection for both local and remote users. It should seamlessly integrate with SD-WANand next generation firewall (NGFW) solutions to provide intelligent steering and dynamic routing capabilities through the SASE PoP. This approach provides a better user experience because it automatically finds and secures the shortest path to corporate applications.
4. Single agent for users
A SASE solution should provide a single agent that can be used for multiple uses, including ZTNA, CASB, and endpoint protection, while automatically redirecting traffic to protect assets and applications through cloud-delivered security. A single unified agent is far less complex and expensive to maintain over time.
Networking and Security Convergence
Fortinet delivers a comprehensive SASE solution by integrating cloud-delivered software-defined wide-area network (SD-WAN) connectivity with a cloud-delivered Security Service Edge (SSE) to extend the convergence of networking and security from the network edge to remote users.
Our SASE solution is unique in the industry as it is powered by a single operating system and enhanced with AI-powered security services, so security and networking are woven into a single, integrated system that delivers consistent security and user experience to any user anywhere.
Learn more about FortiSASE and how Fortinet can deliver SASE solutions that provide consistent security and user experience no matter where users and applications are located.
Copyright © 2023 IDG Communications, Inc.