Today it’s critical for organizations to support a work-from-anywhere workforce. Employees need consistent security whether they’re located on-premises, at home, or anywhere else. To meet this need, many organizations have already adopted a secure access service edge (SASE) solution or plan to implement one soon.
SASE is an architecture that converges networking and security. It combines integrated SD-WAN with network security solutions, including cloud-access security broker (CASB), secure web gateway (SWG), zero-trust network access (ZTNA), and firewall as a service (FWaaS).
The excitement and hype surrounding SASE has continued since it first appeared in a 2019 Gartner networking security report. If SASE is done right, it extends the same protections and performance to workers in remote environments as they have when they’re working in a traditional on-premises office.
The problem is that it’s not always done right.
The Rise of Network Complexity
At many organizations, networking and security operations are siloed with little coordination and cooperation among people who may have different priorities and vendor biases. Here’s an example of how lack of coordination can lead to unnecessary network complexity. Over time, an organization ends up with three separate networks:
- The head office network uses firewalls from Vendor A.
- The branch offices have routers or SD-WAN from Vendor B.
- Remote workers use a VPN from Vendor C.
This imaginary organization has three distinct products from three separate vendors and there’s no integration, so it’s extremely complex to manage. If a remote user goes to a coffee shop and picks up malware on their laptop, it can easily make its way into the network through the VPN.
The promise of SASE is that it’s supposed to integrate everything. But when the hype hits reality, organizations discover that integration often means they have to throw away everything they have and start over. Sometimes doing so even involves changing their business operations. In many cases, changing operations and architecture simply isn’t going to happen. Some organizations do nothing, leaving security holes and others set up SASE for cloud access only. Neither option is ideal.
The SASE Journey
A better, easier way to approach SASE is to look at it as a journey. Although it does require teams that historically don’t talk to each other to communicate, it’s not impossible. First look at what you already have. For example, if the home office has a next-generation firewall or SD-WAN deployed on-premises, don’t change anything. Leave it as is.
Then use a SASE solution that can connect to this network. The convergence of security and networking should happen both on-premises and in the cloud, so users have the same consistent security and experience no matter where they may be located.
Cutting Through the Noise
Post-pandemic, many SASE vendors appeared on the scene, but often these standalone solutions don’t work with other technologies, so they often add to vendor sprawl instead of reducing it. To cut through all the SASE hype and noise, organizations should look at three key features when making a purchasing decision:
- Flexible deployment options from a single vendor so you can roll things out at your own pace. Look for solutions that don’t force you to remove and remove and rearchitect everything you already have.
- Enterprise-class security that is fed by threat intelligence. Some SASE solutions use third-party solutions for their intelligence. Look for a SASE vendor that is backed by trusted security, fed by real-time threat intelligence that takes advantage of artificial intelligence and automation.
- SASE that integrates with your on-premises deployments. Organizations with hybrid networks need SASE that can connect both on-premises and through cloud-delivered security.
Instead of attempting to cobble together a SASE solution that only works for some users or only in some environments, SASE should converge networking and security into a unified solution that can seamlessly hand off connections between the cloud and on-premises devices with access and security policies that follow the user rather than terminating at the edge of the network.
Security Everywhere You Need It
The right SASE solution can provide flexible, secure private access to corporate applications. It should be able to meet and adapt to an organization’s business environment, not force an organization to change how it does business. And it should be able to provide secure connectivity to corporate applications, whether they are located in a private data center or the public cloud and offer secure access to corporate applications using ZTNA for granular control and seamlessly integrate with SD-WAN and NGFW solutions to facilitate a consistent experience for today’s hybrid workforce.
Learn more about FortiSASE and how Fortinet can deliver SASE solutions that provide consistent security and user experience no matter where users and applications are distributed.
Copyright © 2022 IDG Communications, Inc.