• United States

SASE check list: 7 key evaluation criteria

Dec 23, 20206 mins
Access ControlNetworkingSecurity

Not all SASE providers are created equal, and here's how IT decision makers can examine their options and choose the best fit.

Credit: istock

The marriage of networking and security into the secure-access service edge stands to improve application performance, reduce infrastructure complexity, and protect sensitive data, and as such SASE is an attractive architecture for enterprises large and small.

Due to the newness of SASE offerings, though, providers are still building and refining the features of their services, so available offerings are complex, often incomplete and require integration with customer organizations’ existing network and security architectures.

Vendors of networking gear, cloud providers, and alliances of the two are trying to fulfill the potential of SASE through cooperation but also via in-house development and mergers and acquisitions. The landscape is shifting, so potential customers need to appraise SASE options carefully before choosing the one to adopt. IT leaders need clear criteria to evaluate how SASE would best fit in their environments.  

Here are seven criteria to help IT in its evaluation of the numerous offerings of SASE suppliers.

Comprehensive network and security portfolio

SASE encompasses a tremendous breath of network and security technology across the edge and core—routing, SD-WAN, SD-Branch, Cloud Access Security Broker (CASB), identity, zero-trust network access, firewalls, secure web gateways (SWG), data-loss prevention and more.

SASE is responsible for securely accessing applications in the cloud or private data centers from any device at any location, and delivery models include on-premises hardware and as a cloud service.

Few suppliers can provide a complete SASE portfolio with leading-edge networking and security capabilities, and those that do are struggling to integrate their technology acquisitions into comprehensive offerings.  The upshot for IT leaders is to evaluate which aspects of SASE are most critical to them and how well each supplier meets their network and security requirements.

Remote, home and mobile access

As events of 2020 have shown, people need secure, reliable access to all their applications and data independent of how they access them, so SASE needs to support workers on the road and on a range of mobile devices.

Many SASE suppliers have ignored remote access until recently and are working to upgrade their services to include access from home networks and mobile devices. Often their remote-access solutions rely on VPNs that and are separate and distinct from their cloud-based security offerings for the branch and data center.

IT organizations should implement unified remote-access architectures that do not require different technologies for the different ways their users access applications and data. IT pros should seek out SASE suppliers that provide remote access solutions that are well integrated – and ones that don’t mandate employees use different security services for home or remote work as compared to those in the office.

Connecting and securing people vs. things

The traditional focus of IT is to securely and reliability connect people and their PCs to on-premises and cloud-based applications. For many organizations, the next wave will be connecting and securing various IoT devices, many of them lacking in security, so they often require new security products and services.

In evaluating SASE solutions, IT organizations should seek out suppliers that have robust abilities to secure a wide range of IoT devices, and whose IoT security capabilities are well integrated with their overall SASE offerings.

SASE as a managed service

Networking and security are distinct technology realms, each of which are extremely complex to deploy, integrate and manage. Current SASE solutions are making strides toward operational simplicity, but most require significant implementation and operational expertise.

Because they may lack the in-house expertise to implement SASE themselves and be attracted by the potential for reduced operational costs, IT organizations will want to consider managed SASE services. Smaller businesses and enterprises with a lean IT philosophy will be among those potential customers.

Those that do should select SASE providers that can scale to the size their organization need, that support customization and that can accommodate multi-tenancy.

SASE ecosystem

IT leaders moving towards a SASE architecture should implement SASE solutions that are flexible enough to incorporate their current network and security infrastructure.

Very few IT shops have a single vendor for all of their LAN, WAN and network security functionality, and most shops have multiple security suppliers to optimize best of breed functionality for each security element—VPN, firewall, CASB, etc.  Collapsing the network and security-appliance sprawl is perhaps the primary benefit and objective of SASE.

Switching to a SASE supplier means either replacing a wide range of this network and security gear—which is unlikely in the near term—or overlaying the SASE architecture on the existing IT infrastructure.  So in evaluating SASE vendors, it is critical for IT decision makers to make sure they pick one that has a broad ecosystem of technology partners to ease this integration, including networking, security and management.

Long-term vision and viability

IT teams will find that onboarding new SASE vendors or switching suppliers will be challenging to implement, take time and add risk.

Picking a SASE vendor and architecture is a significant decision which will impact the IT organization for the next decade. That being so, it’s important that the chosen SASE supplier have a long-term vision and the agility to rapidly adjust to new market requirements.

It should also have the financial resources to acquire innovative start-ups to meet technology needs and the acumen to smoothly integrate new technology into its existing SASE architecture.

Use cases: know which solution fits

Despite the elevated marketing claims, no single SASE solution is likely to fit all use cases. Suppliers, no matter how large, cannot provide everything to all potential customers, especially considering variances in company size, application breadth, vertical requirements, compliance regulations, and geography.

IT decision makers should compile a list of their needs and priorities and correlate them to the list of SASE features they will need to meet them. They should ask SASE suppliers for success stories of customers that have similar needs, operate in similar verticals, have like size, and that have comparable existing IT and security infrastructure.

Migrating to SASE will bring many benefits, but also significant challenges.  Picking the right partner to integrate SASE into the existing IT architecture or to deliver SASE as a managed service will be critical.

lee doyle

Lee Doyle is principal analyst at Doyle Research, providing client-focused targeted analysis on the evolution of intelligent networks. He has over 25 years’ experience analyzing the IT, network, and telecom markets. Lee has written extensively on such topics as SDN, SD-WAN, NFV, enterprise adoption of networking technologies, and IT-Telecom convergence. Before founding Doyle Research, Lee was group vice president for network, telecom, and security research at IDC. Lee holds a B.A. in economics from Williams College.

More from this author