Among the latest networking and security technologies, one stands out not only for its capabilities but also its abbreviated name with an attitude. Secure Access Service Edge (SASE, pronounced “sassy”) brings networking and security technologies into an integrated, scalable service delivered from the cloud.
As the number of vendors claiming to offer a SASE technology grows, be sure the vendor and solution are the right fit for your security strategy and use cases.
To help you evaluate SASE and select the right solution for your organization, we’ll cover what SASE is, what it’s not, tips for a successful implementation, and pitfalls to watch for.
Thanks to Ken Wisniewski, Sayers senior cybersecurity solutions architect, for his “SASE Explained” presentation from the Sayers #Curio Virtual Tech Summit. We’ve pulled these highlights from his 23-minute presentation, which is now available free on-demand.
What Is SASE: 5 Core Technologies, 4 Key Benefits
A one-line definition of SASE: The consolidation of networking and security technologies delivered as a scalable service from the cloud.
What SASE Is Not
Beyond the core technologies and benefits of a SASE solution, it’s also important to understand what SASE shouldn’t claim to be.
SASE isn’t a security appliance. “If a vendor tells you, ‘Here’s my box, it’s SASE,’ they have missed the mark dramatically,” says Wisniewski. SASE should be deployed as a service, be a scalable solution, and in most cases be in the cloud as opposed to on-premise equipment.
SASE isn’t zero-trust. While zero-trust network access can be a component of SASE – and SASE can be part of a zero-trust strategy – no vendor, technology, or specific capability can claim to be zero-trust by itself.
Additionally, SASE isn’t an infrastructure as a service solution, a security stack of several appliances deployed in a colocation data center, nor a point product to specifically handle one use case.
“The whole benefit here is the scalability and the consolidation of capabilities for your network security needs, deployed in a cloud-type environment,” Wisniewski says.
Tips For Success
Pitfalls To Watch For When Adopting SASE
You likely won’t find a vendor specializing exclusively in SASE – yet. If the vendor you’re considering covers only one of those five core technology areas, make sure they have an aggressive roadmap to adopt or to expand their capabilities.
In terms of performance, review the number of points of presence (POPs) the vendor has deployed as well as any available latency information. The more POPs they’ve deployed, the better your performance is likely to be.
Also consider decryption limitations, one of the most important aspects from a scalability perspective. Wisniewski advises:
“Be sure the solution you’re adopting supports all of the cipher suites, TLS 1.3 protocol, and all the new changes related to TLS and SSL.”
Keep in mind the vendor’s licensing models. A true-up model instead of a hard limit will save you from deploying a solution that cuts you off when you hit one more user than you’re licensed for.
Lastly, ensure the vendor’s capabilities support all the use cases you want to deploy. They may have a use case capability, but it might be limited to a specific mode of implementation or integration or only supported on a certain SaaS application. These are all worth vetting through a proof of concept.
Questions? Contact Sayers today to help you choose the right SASE vendor, set up a proof of concept, and implement the ideal solution for your business.
Ken Wisniewski, Sayers Senior Cybersecurity Solutions Architect
Ken Wisniewski is a senior cybersecurity solutions architect at Sayers. He works with clients to understand and solve some of their most complex cybersecurity challenges. His areas of expertise include cloud security, network, and gateway security, endpoint and mobile security, and security monitoring and operations. Prior to joining Sayers, Wisniewski led the network security team at a Fortune 100 financial institution where he managed an array of network security technologies.