SASE Solution: Why Best-of-Breed Beats A Single Vendor Approach

Examining the Four Key Advantages of a Multi-Vendor Approach for SASE

istock 1251263531

By: Gabriel Gomane, Sr Product Marketing Manager, Aruba, a Hewlett Packard Enterprise company.

The ability to converge existing networking and security functions into a single SASE vendor is a compelling proposition. Afterall, a full-stack solution offers convenience and a relatively straight-forward deployment paradigm; however, such an approach may come with unforeseen downsides, including gaps in functionality along with a reduction in flexibility required for today’s networks that must serve an increasingly hybrid, work-from-anywhere environment.

In response, Aruba recommends selecting market-leading SD-WAN and cloud security services versus the single SASE vendor option, enabling network administrators to protect and optimize the network, primarily due to four reasons:

1.  No single vendor can offer the best of WAN edge and future-proofed security services

Networking and security, while heavily interrelated, are two different yet very complex domains of expertise. Security must constantly evolve to ensure protection against an ever-changing environment of cybersecurity risks. Meanwhile, network administrators are charged with creating wide-area networking solutions that providefast, robust, and flexible connections across potentially long distances and diverse transports.

Against this landscape, SASE providers are consolidating these two domains into respective single offerings, yet none can deliver best-of-breed capabilities in both security and the WAN edge. In reality, most SASE providers evolved from security backgrounds, such as antivirus protection solutions, firewall, and identity management services. These security-centric vendors are attempting to address the cloud-first future of networking without the experience and product depth that established networking players have created through SD-WAN. The reverse is true for networking incumbents suddenly becoming cloud security services experts.

This convergence of services has often manifested through security vendors adding basic SD-WAN capabilities into the firewall. Yet, these basic capabilities bely the full potential of a robust SASE architecture. In truth, the full benefit is not realized until advanced WAN edge functions are combined with comprehensive security services delivered in the cloud. In other words, SD-WAN is in fact a foundational component of a complete SASE architecture.

Starting with an advanced SD-WAN solution eases SASE implementation, offering a native, automated integration to the best cloud security vendors for the business. At the end of the day, IT does not want to compromise on the quality of experience, flexibility, or security.

2.  The best-of-breed approach significantly improves flexibility while reducing risk

Much like when a financial advisor designs an investment portfolio, where investments are spread across a diverse and non-correlated array of financial instruments and assets to minimize risk, so too must IT decision makers diversify. The financial trader and the IT administrator alike don’t want to lose everything betting it all on a single stock, or in this case, a single vendor.

In the worst-case scenario, that single-vendor, full-stack bet could place the viability of an entire business at risk via a data breach or other nefarious hacking events. More importantly, security threats are dynamic, requiring constant vigilance along with the flexibility to choose and adopt security innovations from othervendors that may have developed better solutions for emerging threats.

Furthermore, the flexibility afforded by a multi-vendor approach can also maintain or increase bargaining power, with the ability to compel competitive bids while forcing vendors competing for your business to reduce fees. With a multi-vendor approach, vendors are incentivized to offer the best prices on the best solutions.

3.  Securing the data center and the cloud

As a cloud-first framework, SASE does not offer the end-all-be-all solution for how most organizations still operate today. A significant portion of organizations, especially in highly regulated or confidential industries from banking, to insurance, and the military, rely on legacy data center applications and may continue to do so for the foreseeable future.

With a multi-vendor strategy, organizations can move applications to the cloud or back again at the pace of their choosing while bolstering security in specific areas, as appropriate, across on-premises, private cloud, hybrid cloud, etc. This is where an advanced SD-WAN solution can help steer traffic intelligently and efficiently in support of granular quality of service (QoS) and security policies.

4.  Managing the IoT explosion and the hybrid workplace

SASE focuses more on protecting internal users that access internal or external resources, and less on external users or IoT devices. Network-connected IoT devices, such as security cameras, point-of-sale terminals, or smart building sensors, and many more, continue to explode in number, drastically increasing the size of the threat area.

Compounding the issue, IoT devices usually include rudimentary security features only, often without the ability to run zero-trust network access agents or VPN clients. Therefore, additional security capabilities are required beyond what is defined by SASE to secure those devices and the corresponding application traffic.

Best practices call for organizations to ensure that users or devices can only connect with destinations on the network that are consistent with established role-based policies. Advanced network solutions with identity-based access control capabilities can unify policy enforcement across wired and wireless networks whilesegmenting the network into multiple zones based on specific roles. For example, IT might define a security policy that creates a segment for IoT devices, a segment for critical app traffic, and another for guest users.

In response to emerging security issues and trends, Aruba has developed a modern, cloud-first SASE architecture.The Aruba EdgeConnect SD-WAN edge platform provides industry-leading SD-WAN capabilities including dynamic path selection, automatic failover, WAN optimization, internet breakout on the first packet, and a stateful zone-based firewall for micro-segmentation. In addition, it offers advanced, automated orchestration and native integration to deploy multiple security partners from Netskope to Zscaler, in minutes. Aruba EdgeConnect is the foundation for a robust SASE architecture that lets organizations choose from best-of-breed, cloud-delivered security service providers now and in the future.

To learn more, visit us here.

aruba sd wan fabric Aruba

Automate orchestration based on application type with Aruba EdgeConnect

Visit the Aruba EdgeConnect SD-Wan edge platform webpage for more.

HPE (Aruba and Silver Peak) was also recently named a leader for the fourth year in a row in the 2021 Gartner Magic Quadrant for WAN Edge Infrastructure - Get the Report.


Copyright © 2021 IDG Communications, Inc.