By: Jaime Chanaga
Modern networks have evolved to the point where traditional security solutions are increasingly inadequate. Today, networks are perimeterless, multi-edge, and constantly changing. This evolution is driven by digital acceleration and work-from-anywhere (WFA) strategies, which became business-critical and ubiquitous during the global pandemic.
While traditional network security solutions focusing on the perimeter aren’t equipped for true remote worker support, Secure Access Service Edge (SASE) enables secure access for remote workers to the applications and data they need. Today, SASE encompasses networking solutions, including SD-WAN, WAN optimization, routing, and content delivery, as well as cloud-delivered security services such as Firewall as a Service (FWaaS), Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Zero-trust Network Access (ZTNA).
Yet, the solutions needed to deploy and manage these combined technologies can be complex, costly, and resource intensive. As a result, most organizations consider SASE a future goal as they weigh the challenges of getting technologies from different vendors to work cohesively. Bypassing these concerns is possible by adopting a single-vendor SASE solution designed to converge networking and security in a more manageable and cost-effective way.
Taking the single-vendor path
Single-vendor SASE offers simplified deployment and consistently applies security policies across the entire networking environment. Delivering networking and security capabilities in a unified way provides networking and security convergence that drives operational efficiency and limits vendor and product proliferation.
It’s an attractive proposition that is gaining traction. Gartner predicts that by 2025 a third of new SASE deployments will be built around a single-vendor SASE solution, up from 10 per cent in 2022.
Implementing single-vendor SASE can be daunting, as simultaneously replacing all point products could strain IT teams, disrupt users and business processes, and expose the network to threats. But despite the complexities, building a single-vendor SASE solution doesn’t need to be a burden. Following best practices can help guide the selection of a SASE solution provider and ensure the implementation reflects your organization’s unique environment and business needs:
1. Map your business needs: In the last few years, networks have evolved so quickly that IT teams sometimes don’t understand the complete network environment and how different systems and devices might interoperate. Investing in mapping the organizational needs, current technical solutions, and the capability of the organization’s IT and security teams is a necessary first step for any SASE implementation.
2. Follow tech renewal schedules: Migrating to any SASE single-vendor solution is a journey. Organizations should consider aligning changes to regular license renewal schedules to get the most out of existing contracts and establish a clear implementation timeline. The steps and timelines for a SASE single-vendor solution will depend on the organization’s environment, budget and capabilities, so take the time to ensure that new solutions are implemented at the right time.
It’s also possible to weave SASE into ongoing IT projects. Consider top-of-mind issues and ongoing projects as they happen to ensure alignment with the SASE vision. Including the single-vendor SASE viewpoint when considering current projects will ensure better integration with existing and planned SASE solutions.
3. Test and learn: Review the process and take notes at each stage in the single-vendor SASE implementation. Assess and identify improvement areas, whether communication, rollout, or user experience. By understanding the challenges and successes, you can ensure the next migration runs smoothly — and the organization can get closer to reaping the benefits of SASE: consistent security, seamless user experience, and greater operational efficiency.
Selecting the right vendor
When determining vendors, organizations should look for SASE solutions flexible enough to integrate with current security solutions and services, including API integrations with a broad range of partners. The solution must also incorporate on-premises solutions in data centers to ensure a unified security strategy.
Organizations should prioritize solutions that provide a unified agent to streamline deployments and a single management console for increased visibility across the extended network. It should include strong user access controls, like ZTNA and enterprise-grade security, to better manage remote workers.
For example, Fortinet’s FortiSASE is a comprehensive SASE solution that extends the convergence of networking and security. FortiSASE seamlessly combines cloud-delivered networking (SD-WAN) and cloud-delivered security comprised of SWG, universal ZTNA, CASB, and FaaS. For operational efficiency and improved visibility, it leverages Fortinet’s FortiOS operating system and provides a FortiClient agent that uses artificial intelligence and machine learning to increase operational efficiency.
Look to the future
While single-vendor SASE offers a compelling value proposition for businesses of all sizes, SASE will continue to evolve. At Fortinet, we are focused on the convergence of networking and security and looking to the future for an even more comprehensive solution.
We call this Universal SASE and envision an enhanced solution that goes beyond networking and security to include coverage for Internet of Things (IoT), operational technology (OT), and on-premise ZTNA and SD-WAN private access.
Until then, single-vendor SASE continues to address many of the pain points organizations face with a seamless experience for employees, whether working from headquarters, a branch office, or their home office. Selecting the right vendor and solution will be a unique process for each organization, but making the right choice for your business needs will accelerate digital transformation and enhance security outcomes.
Jaime Chanaga is Field CISO for Canada, Latin America, and the Caribbean at Fortinet.