5 Tips of Choosing SASE Security Vendors

Leave a Comment / SASE Security

Now people are working from anywhere; at home, on the Go, eventually back in the office.
A recent survey from Gartner revealed that 82% of company leaders plan to allow employees to work remotely, at least sometimes moving forward.
And with this shift, the data center is no longer the hub. The user is, and to give them access to work resources and applications are users. Now it almost has to be treated as a branch of 1.
And with this hybrid work environment becoming the new norm, users are connecting in many different ways. More and more companies are adopting a multi-cloud strategy.
93% of companies report that they’ve embraced a multi-cloud strategy, and it’s not just one or two different clouds. The average company connects to over 20 different cloud services.
And this adds complexity to what used to be a fairly simple task of connecting the user at the campus or branch to applications in the data center.
But regardless of the complexity, users still expect a seamless connection to the applications that they need. How users are connecting to their business applications differs almost daily in this hybrid environment. And you know, 60% of organizations expect most apps to now be SASE, so IT needs to factor in where the user is connecting from and how they’re connecting to those apps, which are now all over the place.
So let’s look at how this impacted the network.
This is how things used to work with network and security. All of your applications used to be hosted on Prem in the data center. Users had to be on the corporate network to access them and get work done.
And branch offices would tunnel all that traffic back to the corporate data center over MPLS. And 80% of that traffic was internal into your internal network, and all of your Internet access was routed through there.
And you had this complete security stack, firewalls, secure web gateway, and so on deployed within your corporate Data center headquarters.
And for years, this was how most companies deployed their network architecture, and it allowed you to have this single place for all security on your network.
But when you look over the last five years, there’s been this drastic increase in Internet traffic. Organizations have continued to adopt cloud applications and storage and are running more of their workloads from the cloud.
And now the percentage of Internet traffic is typically higher than the internal traffic, and backhauling all of this traffic through expensive MPLS lines and VPNs doesn’t necessarily make sense anymore, so more organizations are moving to direct.
Internet access, which exposes them to more threats because they’re bypassing that traditional security protection. And so, this old centralized approach forces all of the Internet traffic through a single stack of security appliances. And this leads to a lot of performance problems, especially impacting user satisfaction and causing issues with Sass adoption too.
As a result of these changes, networking and security teams often struggle, first of all, to disconnect users to applications and data.
When you have to backhaul everything, there’s often a poor user experience when accessing those cloud apps.

And there’s also complexity and connecting to multiple cloud providers.
Then you think about, you know, protecting against evolving threat vectors.
Because of these gaps and security protection, if you’re connecting directly to the Internet and bypassing on-prem security, you’re leaving yourself open.

And then, there are often inconsistent policies in force across these disparate locations because they’re all managed in different ways.
And it can also be difficult to verify the identity of users and devices. Then you think about delivering a high-quality user experience.
It would help if you had end-to-end visibility on application performance, and a lot of times, you lack this right. If something is running slow, how do you pinpoint the cause and fix it quickly?
So it can be challenging also to isolate and resolve performance issues across the Internet, different cloud providers and SAAS.
And you know it can be unable to get escalations and enforce the right SLAs around this.
So this is requiring this new approach to networking and security. So that’s where SASE comes in.
This was a term coined by Gartner back in 2019, and it stands for Secure Access Service Edge.
It’s all about moving security and networking to the cloud and delivering it as a subscription service. Today’s cloud-centric world is driving the need for this new architecture, and SASE combined networking and security functions in the cloud to deliver secure access to applications anywhere that users work.
Gartner describes five core functions, including SD Wan Firewall, Secure Web Gateway, CASBE, and Zero Trust network access coming together.
And the goal is to consolidate these functions, which were traditionally delivered as siloed point solutions, into a single integrated service. So SASE, really helps you
● to combine networking and security functions in the cloud.
● Be able to connect users, the apps and the data that they need in any environment, from anywhere
● And being able to control, access and enforce the right security protection anywhere that users are working.
When you think about being able to 1st connect to the cloud, that’s really where software-defined Wan or SD Wan comes in.
You know, remote access for those remote workers connecting them to the needed applications and then on the control side, right pulling together from a cloud security perspective, secure web gateway firewall as a service.
DNS Security CASBE or the cloud access security broker.
And SASE is really about converging that together.
Being able to see an end to end from the user up to the application. When you think about this increased reliance on the Internet.
In cloud services, more networks are outside of your ownership or direct control. So you need to ensure the performance and integrity of that underlying transport, even when you don’t own the infrastructure or control how servers, providers route traffic and observe ability is; this evolution of monitoring into a process that generates actionable insights.
So having visibility into something doesn’t necessarily imply being able to do something about it.
It’s about providing both, so not only giving you complete visibility from the user to the application over any network but also giving you insight into any performance issues so that you can remediate incidents quickly and maintain reliable connectivity.
SASE architecture is really about combining these elements, making it available as a single offer and having integrated solutions and driving toward bringing these all together into a single subscription service as well in the future.
So by using SASE architecture, you’ll be able to converge your networking and security together in the cloud. And really, there are a few when we think about the outcomes that you’re going to achieve as part of this.
First of all, it’s connecting and securing access for all of your locations, all of the remote workers that you know, regardless of what device they’re on. And even workloads that are in the cloud. Being able to secure all of it.
Then being able to optimize performance right by finding the fastest and most reliable and secure path.
In delivering the best application experience, right so with that end-to-end observability, resolve any anomalies from users to the apps, over any network or cloud.
And you’ll be able to adopt A zero-trust network access right by being able to verify user identity in the health of devices and do that on a per session basis.
And then finally being able to make your business more agile by leveraging the cloud to remove complexity from your infrastructure and provide this more immediate scalability to support your business as needed.
Let’s close things off.
Just take a look at the

Top five tips to consider when Choosing A SASE Vendor

 Tip #1– look for complete integrated SASE architecture: 

It can be overwhelming when you look at the different capabilities of a SASE architecture. So first, think about what Use Cases you’re trying to solve.

 Two major ones are:

  • securing remote workers and
  • securing the edge across your WAN and all location.

 But break those down into what an ideal state looks like for your company.

 And it might be a phased approach.

So think about how that will help you in the future.

 Tip #2- Consider a flexible consumption model

 Over the past year, we’ve seen huge changes in the way that businesses operate. So you need to be able to move with speed and agility and the flexibility to quickly adapt to changing priorities and even scale up and down in different areas when needed.

 For example, what if we need to quickly spin up access for a new location or 2000 remote workers?

 What would that look like? And beyond technology, think about how the SASE architecture can be delivered.

 Are there flexible delivery models, including usage-based or paper use or pay as you grow options?

And even if the options aren’t all there today, what’s the vision and the plan for that, you know?

 And if there are generic hardware pieces needed on Prem, can those be delivered as a service?

With SASE, the goal should be to have instant global coverage, with the ability to provision thousands of locations in minutes and scale up and down the level of service, the features that you use and the number of connections in your subscription.

 Tip #3- Not all cloud architectures were created equal

When you think about your network and security infrastructure running in the cloud, it becomes pretty important for that cloud to be rock solid or liable and fast.

 So look into the cloud infrastructure.

You know how long the company has been running the cloud infrastructure and what’s their track record like?

 And when you look at the data center locations, don’t just look at the sheer number of data centers that they have with

Also important is how well connected they are?

 So how many peering partners and peering sessions do they have?

 That’s how you get fast. The fastest connections to sites and applications.

 So that’s all about helping us find the fastest path, and we’ve done testing and found that we’re able to reduce latency by 73% compared to an Internet service provider.

 And finally, think about how the cloud services are architected.

 Is it a cloud-native solution, or is it virtual machines running in the cloud?

A microservices-based architecture will enable the service to scale much better.

Tip #4- Security, efficacy and observability

 Advocacy is not something that’s always factored in, but it’s pretty important.

Just as we talked about the fact that not all clouds were created equal, the same goes for the advocacy of security products. And while no product is 100% affected, you want to make sure that you’re stopping as much as possible.

 So when you’re evaluating solutions, consider this as a test criterion or look for third-party comparisons.

 And with observability, we talked about that a bit earlier, but it’s about getting that view from the user up to the application that end to end view and identifying any potential problems.

And it’s not just about monitoring for issues, but being able to pinpoint where the problem may be so you can quickly take action.

Tip #5- Customize SASE architecture your way

 When you’re looking at moving from Prem to the cloud, it doesn’t have to happen overnight.

 So look for someone you can partner with to map out the right approach for you. You may already be on your SASE journey, or it may take you time to get there. So it would help if you chose a Vendor that can meet you where you are today with a vision that enables a long-term SASE transformation – one that works for you in your business.

 You may need to consider a hybrid approach.

 Maybe your goal is to move everything to the cloud, or you may need some regions or locations on-Prems support.

 So look for a vendor that can support you in this.

 And finally, think about investment protection.

You’ve already probably invested quite a bit into your existing infrastructure, and it may take time for you to fully move to the SASE model.

 Maybe you just invested in a refresh recently, and it might not seem easy to justify another investment.

 So look for vendors that are offering that investment protection to help you in that transition.

About The Author

Team ZCySec strives to simplify complex cyber security concepts and provide practical tips and advice that readers can use to protect themselves against online threats. Whether it's through blog posts, white papers, or other types of content, our 'security awareness' team is committed to helping readers understand the importance of cyber security and how they can safeguard their digital lives.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top