By Jacob Chacko, Regional Director – Middle East, Saudi & South Africa at Aruba, a Hewlett Packard Enterprise company
When we go shopping for new clothes, we often select different brands for shoes, shirts, or trousers. We rarely select a single brand for every clothing item simply because we want the best brand quality for each of those three categories. Similarly, when it comes to technology, why would we not want the best choice for networking and security technology platforms when it comes to SASE? Does one size fit all?
SASE is the term Gartner coined to describe the Secure Access Service Edge framework that has emerged to define the convergence of WAN and network security functions into a single, cloud-delivered model that will support enterprise digital transformation initiatives.
One of the key foundations of a SASE framework is a robust SD-WAN component. So how should enterprises and service providers evaluate and assess the networking and security technology components of a multi-vendor or single vendor SASE technology vendor solution?
The promise of SASE
For most enterprises, software-defined wide area networks (SD-WAN) have emerged as the technology of choice to evolve existing legacy WANs to a network connectivity architecture that is focused on supporting a cloud-first environment – where the majority of business applications are hosted in the cloud rather than the data centre. Advanced SD-WAN solutions can reduce networking complexity, improve application performance, and enable more efficient connectivity between users and applications residing in the cloud. Depending on the solution, they can also be deployed by organizations either as DIY (do it yourself) or as part of a managed SD-WAN service from a managed service provider.
The promise of SASE for service providers is to make it easier to deliver a converged or bundled managed networking and security service. But service providers will likely need to revamp their existing siloed (separate security and separate networking) organizational structures to be able to deliver integrated managed networking and security services to enterprise customers, which is really what SASE is all about. This means partnering with their networking and security technology vendors to leverage open APIs, automation, provisioning/deployment integrations and service chaining between security and SD-WAN vendors to help simplify the service integration and an eventual path towards SASE.
By adopting a SASE architecture on top of their existing transport services, service providers strive to create a managed networking and security practice that can support their customers’ requirements. This enables service providers to accelerate time-to-market with new differentiated services. By owning the transport providing the connectivity to the SASE framework, service providers add value to the end-to-end service. Ultimately, the goal of SASE is to deliver a better end user quality of experience and security for cloud-hosted applications.
A split approach to deployments
Because SASE deployments are in the early stage of the adoption lifecycle, the market will likely see a clear split in approaches. For example, small and medium size enterprises are more likely to be attracted to the all-in-one managed SASE offerings, where simplicity and “one-stop shopping” take priority over advanced capabilities.
On the other hand, large regional or global enterprises will remain unwilling to compromise on security, reliability, or the quality of user experience. They will adopt a dual-vendor approach, pairing a best of breed SD-WAN technology supporting multi-cloud on-ramp access and advanced WAN-facing capabilities, with a fully-fledged, best of breed cloud-delivered security partner delivering secure web gateway (SWG), cloud access security broker (CASB) and zero trust network access (ZTNA) services.
We see SASE services being consumed in five main deployment scenarios:
- Fully managed through one vendor
- Fully managed through multiple vendors
- A hybrid model where security is handled in-house
- A hybrid model where SASE/SD-WAN is handled in-house
- Everything is done in-house (enterprise level)
Matching customer demand
These scenarios highlight how service providers may be able to offer either managed SD-WAN or managed cloud security services and also support enterprises who implement their own (DIY) SD-WAN or cloud security solution. In support of this, in a recent Ponemon survey, 71% of enterprise respondents would select a best of breed vendor when deploying both SD-WAN and cloud-delivered security for a SASE architecture.
Service providers must consider offering multiple managed options to enterprises who may be at different stages of their SASE journey. Do they offer the best of breed SD-WAN and best of breed cloud security and hope that the integration between the chosen technology vendors works? How easy is it to integrate SD-WAN and cloud security solutions?
If service providers can establish this integration and a strong vendor network, they should be able to configure, deploy, and offer a SASE service providing their customers the flexibility of cloud-delivered security options without compromising on best of breed technologies. It also enables service providers to offer a solution for the SASE hybrid scenarios and potentially offer an existing DIY enterprise a migration to a fully managed SASE service.
SASE is a journey that is just beginning for most organizations, and service providers have been an integral part of the evolution of networking and security connectivity technology throughout history. Service providers should carefully consider the benefits of leveraging the integration of a best of breed SD-WAN platform together with a best of breed cloud security. Taking this approach for SASE will help service providers mitigate the risk of depending on a single technology vendor to supply all the components of their managed SASE service, and it will continue their role as a trusted advisor to their customers.