By: Nav Chander, Head of Service Provider SD-WAN/SASE Product Marketing
When shopping at the grocery store before hosting a party, we often select different brands for beverages, be it soda, juice, or sparkling water, to offer a full complement of drink brands we think guests will value. We rarely select a single brand for all these items because we want the best quality and traits for each of those categories that match the anticipated preferences of the attending guests. Similarly, when it comes to technology, why would we not want the best choice for networking and security technology platforms when it comes to SASE?
SASE, or the Secure Access Services Edge framework, is the term Gartner created to explain the convergence of WAN and network security functions into a single, cloud-delivered model. This model serves as a core component of the enterprise digital transformation initiatives.
However, a robust SD-WAN is critical to creating an effective SASE framework. To get there, enterprises and managed service providers (MSPs) must evaluate and assess the networking and security technology components of the given digital transformation initiative, and then decide if a multi-vendor or single vendor SASE technology solution is best. A successful security approach featuring Zero Trust cannot have weak points or the entire system becomes vulnerable.
For most enterprises, SD-WAN technologies have emerged as the preferred choice for evolving legacy WANs, converting to a network connectivity architecture that is focused on supporting a cloud-first environment. This is in response to the growing trend of business applications now hosted in the cloud rather than the traditional on-premise data center. To facilitate this transformation, advanced SD-WAN solutions like Aruba EdgeConnect SD-WAN edge platform can reduce networking complexity, improve application performance, and enable more efficient connectivity between users and applications residing in the cloud. Aruba EdgeConnect can be deployed by organizations either as DIY (do it yourself) or as part of an SD-WAN service from a managed service provider.
The promise of SASE is to make it easier to deliver a converged or bundled managed networking AND security service. As I wrote previously, service providers will (if those organizations have not already) revamp existing security and networking paradigms into one cohesive organizational structure. Ultimately, this will facilitate the delivery of an integrated managed-networking-plus-security-services framework to enterprise customers. This represents the true value SASE delivers.
Ultimately, the goal of SASE is to deliver a better end-user quality of experience and security for cloud-hosted applications. This can be achieved by integrating a SASE architecture on top of existing transport services, creating a managed networking and security practice that can support a given customers’ requirements. They can then accelerate the time-to-market with differentiated or novel services – the transport that provides connectivity to the SASE framework. Through this process, service providers can add value to the end-to-end service.
An emerging split in SASE adoption
Meanwhile, SASE deployments are still in the early stage of the adoption lifecycle, and as this market matures, a clear split will emerge in the approach to SASE deployment. Small- and medium-size enterprises are more likely to adopt the all-in-one managed SASE offerings, where simplicity and convenience take precedence versus more advanced, potentially more complex capabilities.
Conversely, large regional or global enterprises will remain unwilling to compromise on security, reliability, or the quality of user experience. A one-size-fits-all approach falls short. Instead, they will adopt a dual-vendor approach, pairing a best-of-breed SD-WAN technology supporting multi-cloud on-ramp access and advanced WAN-facing capabilities, with a fully-fledged, best-of-breed cloud-delivered security partner delivering secure web gateway (SWG), cloud access security broker (CASB) and zero trust network access (ZTNA) services.
SASE Deployment Options: check mark equals managed; DIY equals do-it-yourself.
Organizations can consume SASE services across a mix of deployment options, as shown above within five deployment examples. These highlight how service providers potentially can offer either managed SD-WAN or managed cloud security services and also support enterprises who implement DIY SD-WAN or cloud security solutions.
That desire for flexibility and best-of-breed solutions is reflected in a recent Ponemon survey, where 71 percent of enterprise respondents would select a best-of-breed vendor when deploying both SD-WAN and cloud-delivered security for a SASE architecture.
Source: Ponemon Institute. The State of SD-WAN, SASE and Zero Trust Security Architectures. April 2021
Options for each stage of the SASE journey
MSPs may also consider providing multiple managed options to enterprises, depending on the present stage of the respective SASE journey. Key questions that enterprises will need to ask and determine include: Does the service provider offer the best-of-breed SD-WAN and best-of-breed cloud security, and will integration between the chosen technology vendors work? How easy is it to integrate SD-WAN and cloud security solutions?
Aruba EdgeConnect is a best-of-breed SD-WAN platform that has been integrated and proven with the leading cloud security vendors, including Zscaler, Netskope, Check Point, iBoss, and Palo Alto Networks Prisma Access. This enables service providers to configure, deploy, and offer a SASE service, providing its customers the flexibility of cloud-delivered security options without compromising on best-of-breed technologies. It also enables service providers to offer a solution for the SASE hybrid scenarios (e.g., see rows three and four in the table above) and potentially offer an existing DIY enterprise a migration to a fully managed SASE service.
Looking forward, service providers should carefully consider the benefits of leveraging the integration of a best-of-breed SD-WAN platform together with best-of-breed cloud security. After all, many organizations are just beginning the SASE journey. Now is the time for MSPs to play an integral role in the evolution of SASE at these organizations, as they have for decades within the IT networking paradigm.
By taking this best-of-breed approach for SASE, MSPs can help organizations mitigate the risk of depending on a single technology vendor to supply all the components of a managed SASE service, while enabling the MSPs themselves to continue serving as trusted advisors to clients.