Making a Case for Single-Vendor SASE

Thanks to a workforce that is increasingly operating remotely and accessing applications that reside outside the corporate perimeter (i.e. cloud), businesses are lacking a scalable and secure architecture that is built around an increasingly remote, cloud-based and perimeter-less environment. What’s more, with the growing adoption of edge computing and internet-of-things (IoT) devices, enterprises are struggling to maintain end-to-end visibility and control over all of their attack surfaces. And since a majority of enterprise infrastructure is built using multi-vendor and siloed security solutions, managing these individual solutions can be extremely challenging, not to mention the growing skills gap in security. To future-proof enterprises, analysts are calling single-vendor secure access service edge (SASE) a cloud-centric, converged network and security-as-a-service model that connects primary resources (users, devices, locations) in the cloud.

SASE is a relatively new cloud-based networking architecture combining the power of software-defined networking (SDN) with network security functionality. Single-vendor SASE means that businesses deploy a single stack to deliver an integrated networking and security architecture as opposed to multiple disjointed tools which can fail to communicate with each other. Let’s explore the top business use cases of SASE and how it helps overcome challenges of connectivity, security, scalability and remote access at scale.

1. Overcoming the Rigidity and Scalability of MPLS

Organizations are constantly growing and entering new markets, adding employees, opening new offices and onboarding partners. As a result, they need secure and scalable options for connectivity.

Most organizations opt for an MPLS connection; however, setting up a new connection for every new office can be prohibitively expensive and carriers may not provide the required support needed to maintain a dedicated MPLS connection. SASE helps overcome this limitation through efficient use of the public internet by creating a global private backbone through a network of points of presence (PoPs). Not only do PoPs deliver more affordability than MPLS, but they also optimize for high performance. Another area where SASE can offer a better user experience is through a pool of SLA-oriented network providers which use WAN and cloud optimization techniques to deliver predictable, low-latency network exposure. While deployment on MPLS may take weeks or months, SASE deployments take hours or days.

2. Improving Cloud Acceleration

MPLS is built for point-to-point connectivity, which means that it is not feasible to access SaaS applications directly. This has major user performance implications. To overcome this problem, some organizations opt for SD-WAN; however, SD-WANs are not so reliable on the public internet and setting up cloud appliances to reduce latency is not always feasible due to resource limitations.

SASE has native connectivity with third-party SaaS applications and accelerates cloud traffic by routing traffic from all network edges to the SASE PoP that is closest to the cloud data center. Because SASE providers share the same data center footprint as cloud providers, the latency between SASE and the cloud is negligible. Optimizing cloud performance in SASE is as simple as adding a single application rule that specifies where the cloud application traffic should be routed to.

3. Enabling Remote Access at Scale

When it comes to remote access, a majority of organizations still use VPNs. However, one of the major drawbacks of VPN technology is that it is not designed for a large remote workforce which is also highly prone to cyberattacks. VPNs lack granular controls, which means that once users authenticate, they receive blanket access to all resources on the network. Unlike traditional VPNs, SASE can be scaled globally to support and meet the performance expectations of the remote workforce. SASE uses zero-trust network access (ZTNA) to limit access to resources that users are allowed to see. SASE administrators can configure and enforce granular access control regardless of the location or device users log in from. SASE’s global backbone optimizes traffic for thousands of users and filters traffic for threats and access control. This means that remote users will receive the same level of performance and security they would typically experience when working from the office.

4. Securing Branch Office Connectivity

In traditional branch office networking, organizations will typically backhaul internet traffic back to a regional data center or hub for security inspection. This means organizations must invest in additional hardware to connect, secure, and manage various branch offices, leading to greater overhead and complexity. SASE simplifies branch office networking with a cloud-delivered network security stack. It eliminates the need for standalone security devices by packing technologies like IPS, ZTNA, web content filtering, etc., as part of the single-vendor SASE. Since all security updates are handled by SASE and the entire WAN is protected by the entire security stack, organizations no longer have to worry about backhauling traffic or investing in security devices that make controls and connectivity that much more complex.

Gartner predicts, “By 2025, half of new SD-WAN purchases will be part of a single vendor SASE offering, up from 10% in 2022.” If organizations closely study the business benefits of SASE and the challenges it helps overcome, it’s not too hard to see why SASE is well poised to become the architectural backbone of choice for nearly all businesses.

Avatar photo

Etay Maor

Etay Maor is senior director of security strategy at Cato Networks.

etay-maor has 5 posts and counting.See all posts by etay-maor