29 August 2024
Dogu Narin, VP of products, Versa Networks
As organisations have evolved throughout the cloud revolution, their networking and security needs have changed radically.
Secure Access Service Edge (SASE) consolidates networking services, such as SD-WAN, with security services, such as Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Leak Prevention (DLP), and other functions into an integrated solution that better enables organisations to support a broad set of use cases, including secure branch office connectivity, network access for remote workers, and cloud networking and data security.
The benefits the industry is realising from SASE are significant, including improved corporate agility by adopting a software-defined infrastructure; reduced security risk; and significant cost savings from fewer vendors, fewer devices and less complexity.
The race is on
Gartner predicts that by 2025, 80% of enterprises will have adopted a strategy to unify web, cloud services, and private applications access using a SASE/SSE (Secure Services Edge) architecture, up from 20% in 2021. One way to get a clearer view of the pros and cons of any given SASE solution is to understand if it has a ‘bolt-on’ or ‘built-in’ approach. We can broadly lump SASE offerings into three types:
Multi-vendor SASE: Some of these solutions have been created by third-party integrators who combine products from multiple vendors into a consolidated offering. A slight variation of this is found in offerings from a single vendor who has acquired or licensed and connected multiple technologies.
Single-vendor SASE: Several leading SD-WAN vendors have ramped up efforts to add a cloud-based security stack to their offerings to deliver a single-vendor SASE solution. And a number of SSE vendors have come from the other direction, acquiring SD-WAN technology to deliver single-vendor SASE. These ‘bolted together’ solutions are integrated across multiple products with different architectures and centricities, often creating significant challenges in terms of management, performance, and troubleshooting.
Unified SASE: Single vendor by definition, unified SASE offers an organic, purpose-built consolidated platform. This approach integrates all SASE components and functionality at the software platform level using one operating system to achieve single-pass architecture.
Why is a ‘unified’ approach better?
Unified SASE embeds security into the global fabric of a software-defined network, taking full advantage of the synergies between the two worlds to optimise latency, scalability, and performance in ways only possible when everything is built-in from the beginning as a single service.
The challenge for multi-vendor solutions is obvious – the lack of a shared platform fails to fully capture the simplicity and performance benefits of SASE.
Similarly, many single-vendor and multiple-service SASE offerings that aren’t truly unified SASE are immature and lack sufficient integration to deliver on the full promise of SASE. These single-vendor approaches have, of course, different levels in their depth of integration, including:
Basic integration – products interoperate with each other through the creation of a tunnel or route, but lack broader data, management, unified policy engine, or visibility integration.
Data plane integration – products share information that can alter or steer traffic routing in an automated fashion but lack integrated management and visibility.
Management plane integration – one vendor product pulls relevant information about the other vendors’ management planes to enable performance management and visibility.
Even non-unified single-vendor offerings that extend to management plane integration still have a bolt-on level of integration in terms of performance and the underlying complexity.
In contrast, a well-architected unified SASE solution comes with a unified management plane encompassing all the functionalities, including single policy engine, one language to define or import apps and users, an API that exposes most capabilities, and a common data lake.
Unified SASE delivers important benefits over the other two SASE categories, including:
Integrated security and networking – A unified solution offers a more tightly integrated security and network stack that can be centrally managed and monitored, reducing the risk of security gaps or misconfigurations across otherwise separate functions.
Tightest integration of components – All components are designed to work together seamlessly, making it easier to manage and troubleshoot, which reduces complexity and streamlines IT operations.
Easier to scale up or down – Since it’s a single-service cloud-native architecture designed for flexibility and scalability, adding additional components or capacity is simpler and quicker.
Consistent user experience – Users can have a consistent experience across all locations and services, with the same set of policies and controls in place.
Reduced operational burden – By combining security and networking policy into a single policy repository, unified SASE avoids the manual and often difficult and inconsistent policy reconciliation found with multiple implementations.
Vendor accountability – With both a unified and single-vendor solution, accountability for issues or outages rests with ‘one throat to choke,’ simplifying the process of problem resolution.
Alignment of service level agreements – When considering uptime and performance, SLAs associated with unified SASE are straightforward as compared to multiple vendor SLAs.
Futureproof – It protects future projects because the company can be sure that when it is ready to tackle something new, there will be no need to change platforms.
Given the complex environment of most organisations today, reducing complexity with fewer products and moving parts while improving network performance and security makes obvious sense.