Since Gartner defined Secure Access Service Edge (SASE) as a new product category that combines wireless local area network (WAN) functions and network security functions, Secure Access Service Edge (SASE) has been a hot topic. Everyone agrees that SASE is conceptually meaningful, but when it comes to transforming an idealistic framework into a realistic IT approach, misunderstandings abound. Here, the SASE principle may go too far, and IT buyers may be a little confused.
Misunderstanding 1: SASE requires zero daisy chain
Gartner’s 2019 Enterprise Network Hype Cycle includes the following warning statements about virtual machine service chains (also known as daisy chains), which can sometimes lead people astray:
“Software architecture and implementation are important. Be wary of those It is recommended to provide services by linking a large number of functions [virtual machine] service Links, especially when the product comes from many acquisitions Or partnership.This method may speed up the time to market, but it will lead to Inconsistent services, poor manageability and long delays. “
The solution architecture is important, yes, you want to reduce the number of daisy chains to reduce complexity.However, this doesn’t mean you can’t have any Daisy chain in the solution. In fact, specifying a zero daisy chain may have consequences-not for performance, but for safety.
SASE integrates a wide range of security technologies into one service, but today, each technology is an independent market segment with its own industry leaders and laggards. Any buyer who requires “no daisy chain” believes that a single SASE provider can (all on its own) build the best technology within an ever-expanding set of functions. Considering that the occasional daisy chain greatly improves the ability to integrate the best technology under the umbrella of a service provider, it is not unrealistic to attract a company. Some other reasons for daisy chaining:
- In today’s ruthless attacker environment, no vendor (especially a startup company) can effectively implement all areas of SASE security based on the product maturity, proficiency, and best practice levels that companies need and expect . The SASE function should be proven on the severe network battlefield, and most startups will not survive.
- Any incremental complexity caused by one or two strategically placed daisy chains should be managed by the provider and should not affect customers. If the performance of the SASE platform exceeds expectations, why is the number of daisy chains important?
- “No daisy chain” means technology acquisition and huge market integration, which means that a few very large SASE suppliers may have too much market power, stifling innovation and increasing prices. For IT buyers, this is not always a good thing.
Misunderstanding 2: You must use SASE to take an all-cloud approach
SASE revolves around cloud computing, and there is no doubt that it is the speed and agility achieved through the security of cloud deployment. But SASE does not mean that the cloud is the only solution, you should ignore everything else. On the contrary, IT leaders must use the best technology according to the situation and the problem, and take a more practical standpoint. For example, for large offices where performance and total cost of ownership are the main goals, local next-generation firewall equipment is usually still the best choice. If your SASE approach is “cloud first” instead of “cloud only”, make sure your solution is also applicable.
Misunderstanding 3: SASE will solve all your security issues
Don’t think that SASE is a total solution. SASE covers many areas, but it does not cover all the technologies that companies need to protect remote work and multi-cloud environments. For example, Cloud Workload Protection (CWP) and Endpoint Detection and Response (EDR) are essential for protecting users and the cloud computing environment, but it is not part of the SASE framework. Although EDR is the main technology to solve ransomware (a proliferating threat vector), it can be excluded from SASE because it does not require network traffic inspection. Rather, it is an agent-based solution for monitoring the activity and integrity of the operating system.
In addition, SASE only addresses the technical part of an effective security plan, while ignoring the experts required for 24/7 security monitoring and mature incident response. Without a dedicated team of security analysts, security technologies are ineffective-regardless of whether they are included in the SASE. Professional skills are required to investigate threats and stop them before they cause major damage.
Purity and pragmatism
SASE is all the rage, promising the ideology that IT leaders have dreamed of for years, but taking a pure approach can have consequences. The strict requirements for daisy chain and cloud should be relaxed to maximize security and business results. Likewise, the SASE solution needs to be compared with broader security and network strategies to understand where it adds value and where it still falls short. By taking a pragmatic approach, companies can make ideology practical and achieve agility and productivity through off-the-shelf security.
Jay serves as the Director of Safety Product Management and brings more than 20 years of safety experience to Masergy. He is responsible for the product vision of Masergy managed security services and leads the product team to execute. Prior to this, Jay served as the Director of Security.