The growth of dedicated internet services and broadband connectivity, along with the rise of software-defined wide area networks (SDWAN), has created cybersecurity challenges for IT departments. The Secure Access Service Edge (SASE) is designed to address the cybersecurity concerns caused by SDWAN. How­ever, SASE is a new area of technology and its implementation is still sparse. There are different approaches to SASE, which suggests that there will be different res­trictive solutions.

A look at the issues and challenges faced in deploying SASE solutions…

Issues and challenges

Setting up a network can be tricky. Adding SASE can result in duplication, cause inefficiencies and make troubleshooting difficult. SASE is a new technology, and some conveniences are still in the early stages of development. Businesses have found limited capabilities in areas such as automatic configuration, network monitoring and device troubleshooting. These solutions often require setting up business networks. Data types have different levels of sensitivity and require different levels of security. Thus, companies need to understand the importance of their data and apply conditional access accordingly.

Meanwhile, the implementation of SASE may require the reorganisation of technology teams. In some cases, network and security personnel work independently and need to be combined. In all cases, the technician must be trained in the new technology. There is nothing new in SASE since it is the integration of existing technologies, not the introduction of new ones. If SASE providers could truly integr­a­te existing technology into a single global service with cost sharing across all customers, that would be great.

SASE suppliers are highly trusted. By bundling several functions together, SASE vendors assume that IT professionals are willing to give up the degree of freedom provided by multiple contracts. Going forward, if SASE is done right, one provider will cater to the network and security needs, wherein trust and reputation will be the key selling points.

Other issues

Choosing products

If IT teams are isolated, then the deployment includes at least two products – one or more for networking and at least one for security. Network providers may require an SDWAN service, as well as a cloud service for CDN coverage, DDoS protection and WAN optimisation. Some of today’s SDWAN vendors provide many of these features. If IT teams are isolated and remain isolated, but agree to manage a shared infrastructure, a SASE implementation can consolidate local services into a single product. Cisco, Palo Alto and For­ti­net are examples of vendors that are combining their established security with SDWAN and cloud acquisition to create a complete provisioning roadmap.

Choosing network-as-a-service

In addition, some executives are choosing to completely avoid the complexity of ma­na­ging their global network and are looking for a new class of vendors that provide end-to-end services. This strategy can be thought of as NaaS. In this model, the com­pany interacts with the vendor’s customer portal to develop policies.

Locations might need on-premise security

Sometimes one SASE solution is not en­ough to meet all the requirements of a company. For example, high demands on branch offices require applications and data to be stored locally as local security is re­quir­ed to separate OT and IT at the branch. In this case, a hybrid build to balance local versus cloud and network security in specific scenarios is the best solution.

No single platform is superior

Different companies have different needs. The universal platform takes advantage of a single policy engine that unifies network and security policies. They have some functional limitations.

In sum

Net, net, SASE is emerging as a new network option for securing remote connections. The new standard can help companies securely access their growing pool of remote workers. It has rough edges and may not be suitable for businesses that rely on VPNs or need comprehensive troub­le­shooting. Despite these limitations, SASE implementation is expected to grow in the coming years and is likely to become a po­pu­lar way of providing secure network access to remote workers. To check if SASE is right for their business, companies can click on “Schedule a Demo” on the Lightyear homepage to chat with one of its telecom experts.