Written by Martin Mascarenhas, Customer Engagement Director at Xalient
Strategic Deployment of Secure Access Service Edge (SASE)
While SASE architecture provides advanced protection for users and assets, it is important to deploy it correctly by following a strategic approach and meeting several criteria to derive the most value from the solution. Once the business and use cases are understood, organisations need to determine which Secure Access Service Edge (SASE) vendors are best suited to meet their specific needs. However, it is also important to be aware of some of the key challenges of SASE deployment and how to address them.
Commercial considerations of Secure Access Service Edge (SASE)
A key consideration for any new investment is the commercial aspect.
When evaluating SASE vendors, cost is inevitably a key factor and will be a consideration for any purchaser. Assessing the value of a Secure Access Service Edge (SASE) solution against your current solution will be necessary to ensure it will add value to your business and create a solid business case. Look at areas where you can eliminate cost, reduce cost or avoid cost. Examples might be eliminating the cost of a VPN, reducing the cost of your firewalls as you reduce (but maybe not eliminate) them and avoiding the cost of a standalone DLP solution that is required.
To weigh up value against cost, it’s also important to consider whether the price of the chosen solution is transparent and cost-effective. Organisations need to clearly understand what is included in the price, what comes as an additional cost, and what the terms and pricing models are. It is essential to assess if these costs align with the business’ commercial model so that the costs remain appropriate if the business’ circumstances change. Additionally, it’s crucial to consider the deployment and management costs, especially when deciding between a single supplier or a multi-vendor environment.
Single v Multi-Vendor Approach
There is often an immediate assumption that when considering a single versus multi-vendor option, the single vendor will provide economies of scale. However, this is not necessarily the case, and the multi-vendor cost may depend upon the specific mix of vendors chosen.
If a single vendor solution does appear to offer economies of scale, does it offer the integration assumed? This may be so, but single-vendor solutions may also have evolved through the acquisition of other businesses to obtain additional components. In this case, it is important to consider how well integrated the components are and, as such, whether they deliver the perceived benefits of a single-vendor solution.
Before finalising vendors, it is important to thoroughly investigate any aspects that the vendor may not have disclosed upfront. Although often difficult to uncover, with the right questions regarding limitations, restrictions and ‘what ifs’, it is possible to uncover, and subsequently avoid some pitfalls.
Choosing an experienced Managed Service Provider (MSP)
An experienced Managed Service Provider (MSP) can be worth its weight in gold here, as they are likely to have seen some of these pitfalls in the past and can provide guidance throughout the selection process to find the vendor that best suits the organisation.
Regarding vendors, it’s worth mentioning the impact that a vendor’s ‘heritage’ can have. If you look at many of the vendors in this market, they have often specialised in security and moved into networking to address the SASE requirement. Some started in networking but have moved into security for the same reason. This heritage can often highlight their strengths and weaknesses.
Also, the value derived from a single vendor solution may not match that of a more appropriate solution obtained by selecting the most appropriate vendors for each component. Organisations must weigh costs to decide if a single supplier offers the desired economies of scale or if a multi-vendor approach provides better value.
As several vendors provide SASE solutions, selecting a vendor to meet the organisation’s needs can be a complex task. This is particularly true because vendors provide varying solutions, each offering unique benefits. However, looking at the security controls and integration of components can shed some light on the matter.
Security Controls and Integration
Companies should evaluate how well any full SASE solution, whether single or multi-vendor best addresses their use cases. Some solutions provide powerful controls and tight integrations. For example, controls might excel in data loss prevention (DLP) or Cloud access security broker (CASB) but be weak in secure web gateway (SWG). Before opting for a solution, it is valuable to determine what is most important to the organisation. After identifying this, it’s crucial to determine if the company has the right controls and can benefit from component integration. For example, some Endpoint Detection and Response (EDR) vendors dynamically assess endpoint security and update other components. This insight lets an Identity application dynamically adjust user groups and authorizations based on security posture, changing their access. In doing so, potentially ‘risky’ access can be managed appropriately. The automation of these controls is powerful.
Operation
Managing a single vendor solution could be easier if it is truly architected as such. A single platform with unified management, visibility, and a comprehensive commercial model is a strong idea. But is this a viable option for all organisations?
With a multi-vendor solution, understand the challenges and time required for managing multiple vendors effectively. Managing these vendors will involve the monitoring and management of various aspects including performance, service quality and meeting compliance. All of this needs to be multiplied by the number of vendors. Vendors often collaborate, making it possible to achieve “best of breed” solutions with high integration.
SASE deployment is challenging, requiring effective collaboration between networking and security teams. Things are changing, but this has been a challenge for a long time. It’s crucial to decide whether to deploy and manage this solution internally or seek help from an external provider.
SASE can reduce user experience friction, but incomplete deployments often create additional challenges. Incomplete or inaccurate URL classifications frustrate users by blocking needed sites. This issue can be avoided.
SASE offers numerous benefits for organisations worldwide. IT teams often struggle with vendor selection and managing demands. A skilled managed service partner can streamline multi-vendor SASE, from selection to management, avoiding costly mistakes and simplifying the process.
