The Skinny on SASE

If technologies falling under SASE are nothing new, then why the hype? John Parker, Prescriptive's Network and Security Practice Manager, simplifies SASE and makes clear the real benefit.

Feb 8, 2023 by John Parker

IT decision makers have spent years funneling money into solutions to protect ourselves and our data within the confines of the office walls from cyber dangers posed from the outside. We implemented endpoint protection, firewalls, and even VPNs for use when venturing outside of the office. But now that a huge portion of the workforce has gone hybrid—we're working from Starbucks, from home, or from the road as often as not—the challenges related to cybersecurity have multiplied, while controlling and protecting our assets has only become more critical.

SASE to the rescue?

Believe it or not, technologies falling under the umbrella of SASE, or “Secure Access Service Edge”, aren’t exactly new. So why is SASE (pronounced SASS-ee) positioned as the industry’s newest and best hope for fending off cyber attackers?

The big difference between SASE and our legacy approach to cyber protection, and what so many technology vendors fail to emphasize, in fact, is that SASE consolidates the complexities of cybersecurity management into a “single pane of glass”. Having one screen to monitor, detect, and control cyber activity leads to SASE’s primary benefit: Improved real-time visibility and management of what's going on in the corporate environment, both on the network and off.

Before the advent of SASE, our answer to establishing a consolidated cybersecurity management tool was to aggregate logs from different security tools in a centralized logging platform (think SIEM) for analysis and incident detection. But that's not really managing security because logs are most useful for showing us things that have already happened.

SASE facilitates more control on the front end, more capability to stop things before they happen, all from one place. Individual point solutions can be great for what they are each designed to do, but tying these technologies together is where real success and protection comes from under the SASE umbrella.

Resistance to Implementation

The value proposition of SASE is easy enough to communicate. So why are some organizations slow to get on board? From my experience, arguments to postpone SASE fall into two camps:

1) Eggs in One Basket Syndrome

Probably the number one challenge to selling and implementing SASE—in the enterprise, at least—is an organization’s aversion to investing in infrastructure comprised of a single vendor’s technology stack. While SMB and middle market organizations are accustomed to buying holistically into a technology vendor’s platform, larger organizations are more likely to combine products from different technology vendors, subscribing to a best of breed approach. Such a philosophy doesn’t jive with the SASE universe, where tight integration of an assembly of different technologies is more dependent on a common vendor.

What can help persuade a more cautious decision maker is that SASE doesn’t have to be an all-in effort right out of the gate. While it is important to do the legwork up front to identify the solution that fits best into a given environment, decision makers can, even with SASE, take it slow, implementing the “parts” of a total solution independently, over time. I’ve seen clients buy into, for example, a CASB (Cloud Access Security Broker) component of a larger SASE solution, only to wait until the following quarter to roll out the VPN functionality, followed by SD-WAN, and so on. You can take a stair-stepped approach as one means of validating the overall effectiveness of a single vendor solution.

The truth is, there are a lot of big names behind SASE: Palo Alto, Cisco, Fortinet, and many more. All of these are names that most organizations are familiar with. When they see that these vendors have a SASE offering—and having already bought pieces of these solutions before they wers brought under the SASE umbrella—it makes moving forward with SASE a lot easier.

2) Better to Fade Out than Burn Away

Because SASE implies a sort of all-inclusiveness related to cybersecurity technologies, it’s not hard to imagine that its implementation could be a real train wreck. IT leaders suffering from the scars of a VPN rollout may be a little sensitive to the suggestion that they should replace all of their point solutions with a newer, all-encompassing SASE solution. Even when things go smoothly from a technical perspective, users—from the bottom rungs of the organization all the way up through the C-Suite—can leave an IT shop reeling from the backlash of change. Better to suffer quietly now and forever more than to go up in flames.

The big difference between SASE and our legacy approach to cyber protection is that SASE consolidates the complexities of cybersecurity management into a “single pane of glass”.

Admittedly, SASE gives organizations a level of control over assets and activity that just hasn’t been possible until now. And users gonna hate. Nobody likes when freedoms are eliminated. But from an IT perspective, with the sea of security threats we’re facing, we don’t have a choice but to protect users all the time to avoid compromising company assets. Organizations and their users are struggling with adapting to this new reality.

The approach some teams take when implementing SASE—or any security product, for that matter—attempts to keep user complaints to a minimum. They’ll activate a given technology—URL filtering, for example—but they’ll configure it to allow just about anything through, sometimes in the name of “collecting data for analysis”. This may very well keep users happy, but it does little to strengthen the security posture of the organization. Nothing wrong with happy users, I would argue, but maybe a better way to do would be to pilot these new tools with small groups first. Start by blocking everything and then work backwards, opening up access as specific use cases reveal real needs to address. As the kinks are worked out, other users can be included for more widespread protection. By allowing only what we know users need and implicitly denying everything else, we avoid the pitfalls of protection that starts with allowing everything and then blocking things we know they don’t need.

Get SASE With Me

SASE is here to stay, and it’s only a matter of time before it’s ubiquitous. Given the risks of cyber vulnerability I think we’ll see adoption continue to speed up for the foreseeable future. Please feel free to reach out to me if you have questions about it or would like to talk about how Prescriptive could help you evaluate and/or implement a SASE solution.

Looking for Expert Advice?

We're happy to help!

Contact Us