6 Ways SASE Benefits IT Organizations
In this article
When secure access service edge (SASE) hit the scene at the end of 2019, it quickly became one of the hottest technology trends in enterprise IT. And for good reason: the architecture is designed to end the longstanding tradeoff between performance and security. SASE is the full architecture, which blending network as a service (WAN edge) with security as a service (SSE) into a full solution.
Delivered as a cloud service, SASE is considered an operating expense (OpEx). While this is a change, it's important for organizations to start the SASE journey now to provide a seamless and secure hybrid work experience.
IT leaders are becoming more familiar with the technology outcomes of SASE. However, to drive adoption, they must be able to communicate the positive impact SASE can have on IT organizations.
With SASE being a cloud-based infrastructure, you can implement and deliver security services such as threat prevention, web filtering, sandboxing, DNS security, credential theft prevention, data loss prevention and next-generation firewall policies.
A zero trust approach to the cloud removes trust assumptions when users, devices and applications connect. A SASE solution will provide complete session protection, regardless of whether a user is on or off the corporate network.
How long does it take for your organization to field a new application or service? Is the process bogged down by required changes on discrete networks and security appliances across your data centers, campuses and branch offices?
For many IT organizations, changes must be executed during limited maintenance windows. Should something go wrong, the change must be scrubbed, a postmortem must be performed and a second attempt must be scheduled. Even if the process runs smoothly, coordinating the change or rollout across multiple groups within IT can be complicated and time-consuming.
With SASE, network and security appliances are no longer discrete and dispersed across multiple locations. The historically independent functions run as a service in the cloud, giving your organization the ability to execute change quickly, no matter the size of your business.
This adds efficiencies to the change process. Necessary modifications take minutes to set up and push to your organization. The risk of being isolated from your network, especially with security changes, is minimized since SASE runs in the cloud and changes can be reverted just as quickly as they were made. Additionally, full logging and visibility can quickly let your teams know if something goes wrong so they can make appropriate adjustments and salvage the maintenance window without wasting hours isolating faults.
These features allow IT operations to provide a better experience for their internal customers within the business.
The majority of our customers' IT departments are organized by technology domain, such as WAN, data center, campus, security and cloud. These silos seldom interact except to respond to a request from another silo. IT leaders know this needs to evolve, and SASE can be a catalyst for cross-domain collaboration.
Operationalizing SASE requires traditionally siloed teams to come together as the solution spans technology domains. By unifying teams, you can create a collective sense of ownership. Start by identifying all the groups affected by SASE. This can be as simple as asking, "Who is responsible for firewalls, intrusion prevention, branch office connectivity and remote user access?" These individuals will be your directors, managers and architects responsible for delivering services using these tools.
SASE will replace traditional hardware appliances that groups tend to form around, but SASE is not a threat to job security at all. The reality is that SASE will elevate IT's work. Instead of caring for and feeding a device or set of devices, these groups will be collaborating on delivering business outcomes.
The TIC initiative has evolved from simply reducing external network connections to enforcing security capabilities outside the traditional perimeters of U.S. government agencies. SASE can make it easier for agencies to achieve goals outlined in TIC 3.0 due to its ability to apply security policies to cloud, mobile and software as a service (SaaS) technologies.
Any SASE solution will initially cost more than what your organization owns and operates today. When an "apples to apples" financial comparison is made between a SASE solution and what you currently operate, the break-even point for replacement might be far off. That will undoubtedly raise concerns about the total cost of ownership. However, this type of analysis ignores the cost-benefit of removing multiple hardware devices from operation as their lifecycles end.
There are other ways that SASE can decrease existing IT costs, such as reducing the size of large internet connections at your data centers. SASE aims to secure internet access as close to the source as possible. This means you do not need to aggregate thousands of users to a centralized point of presence. By getting traffic destined to the internet out of your data centers, you can right-size circuit bandwidth and realize cost savings with your providers.
Instead of buying and managing multiple point products, using a single platform will dramatically reduce your costs and IT resources. Realized cost savings are very much in the same vein as those with SD-WAN and hinge on moving from a CAPEX to an OPEX model. If your organization is willing to embrace this change, SASE makes financial sense as an IT investment.
As SASE matures, more non-technical stakeholders will ask IT leadership if SASE solutions make sense for their business. By articulating how SASE can speed service delivery, improve operational efficiencies and yield long-term cost savings, IT leaders will be well-positioned to begin their organization's move to SASE.
It will be a continuing conversation within organizations and one that's well worth having.