SASE Vendors: Choosing a SASE Provider
With the release of βThe Future of Network Security Is in the Cloudβ in 2019 Gartner provided the SASE model, and description of where the WAN connectivity and security market is headed. They also pointed out the fact that the SASE market is only beginning to take shape, and that many vendors arenβt yet capable of delivering the fullΒ benefits of SASE.
BecauseΒ SASEΒ has become such a hot buzzword, plenty of vendors have slapped the term SASE onto their current offerings without truly providing the upside of a SASE platform. As a result, enterprises are now faced with the challenge of sorting through the hype to identify which vendors can truly meet the requirements of the modern digital business.
Here, weβll take a pragmatic look at how enterprises can choose a SASE vendor that delivers true substance, not just hype.
Understanding the SASE model
Before an enterprise begins to compare SASE providers, itβs important to have a clear understanding of what SASE is. To that end, Gartner provides a vendor-neutral reference in their description of the SASE model.
In βThe Future of Network Security Is in the Cloudβ, Gartner describesΒ SASE as an identity-centric architectureΒ that converges and inverts traditional datacenter-focused architectures. In other words, SASE converges network and security functionality in a model where user and resource identities, not physical data centers, are what determine access decisions.
The idea driving the shift is simple: with cloud and mobile drastically changing network architectures, the traditional datacenter-focused model simply isnβt the right method to apply to modern use cases within digital businesses.
How to evaluate SASE vendors
The promise of SASE is that it will deliver converged network and security service on a global scale and reduce cost and complexity while increasing agility, visibility, and performance. However, to make sure your enterprise benefits from the potential of SASE, itβs important to ask the right questions and understand the key criteria by which to conduct a SASE vendor comparison.
While any given enterprise may value these criteria differently, there should be table stakes for any WAN architecture that aims to gain the benefits of truly converged network and security infrastructure at scale.
Criteria #1: Are networking and security as a service integrated?
SASE converges networking and security into a single cloud-native platform. If a SASE provider is unable to provide a network fabric that includes both enterprise-grade networking (e.g. SD-WAN, WAN acceleration) and security services (e.g. FWaaS, IPS, and SWG), theyβre not yet a complete SASE solution.
Criteria #2: Is the platform cloud-native?
SASE vendors must take a cloud-native approach to deliver the full benefits of the model. The identity-centric approach SASE demands must be able to account for all network edges, including on-premises, mobile, and in the cloud. Point solutions, such asΒ SD-WANΒ appliances, alone cannot meet this requirement, but a converged cloud-native software stack certainly can.
Criteria #3: Will you have optimal network performance on a global scale?
While a global network backbone isnβt a requirement for SASE, optimum experience anywhere in the world is. While the public Internet alone is certainly global, geographical distance and fundamental problems with Internet routing, make it too unreliable and latency-prone for global and international use cases. MPLS on the other hand is reliable but lacks the agility and cost-effectiveness to be ideal for many enterprises. As a result, the most effective way to meet this requirement is to look for SASE vendors that provide aΒ global SLA-backed private backbone.
Criteria #4: Does the SASE provider enable ZTNA?
Zero Trust Network Access (ZTNA)Β is an integral part of SASE. ZTNA provides the granular identity-driven and contextually aware approach to network security that legacy βcastle and moatβ approaches could not. With those legacy solutions, once a user was past the βmoatβ (e.g. a VPN or firewall appliance) network access was mostly unrestricted. Further, this legacy approach is difficult to extend to cloud and mobile edge endpoints. With ZTNA, enterprises can configure application-specific access based on user identities for cloud, mobile, and on-premises users and resources.
A SASE vendor that doesnβt provide ZTNA canβt meet the fundamental SASE requirement of an identity-centric infrastructure.
Strengthen your knowledge ofΒ ZTNA and SASEΒ with Cato Networks today.
Criteria #5: Does the SASE provider reduce network complexity and cost?
Features such as ZTNA, FWaaS, SD-WAN, and WAN acceleration will help ensure SASE vendors improve network performance and security posture, but thatβs only half the story. SASE should also drive down cost and complexity. Cost savings stem from a reduction in capex and opex due to less appliances to source, provision, monitor, patch, and replace thanks to a cloud-native multitenant architecture. Complexity also goes down for many of the same reasons. However, just eliminating the need for a patchwork of appliances isnβt enough.
SASE platforms should also offer a robust, intuitive, and easy-to-use management interface that abstracts away unnecessary complexity and allows IT to focus more on core business functions and less on network maintenance.
How Cato delivers on the promise of SASE
In addition to being labeled a sample vendor in theΒ SASE category in the most recent Gartner Hype Cycle for Enterprise Networking, Cato is also the worldβs first SASE platform. Purpose-built for digital businesses, Cato provides a truly converged cloud-native network and security fabric as well as a global private backbone that offers a 99.999% uptime to enable enterprises to benefit from the promise of SASE today.
For a deep-dive on the SASE model, read ourΒ eBook βThe Network for the Digital Business Starts with the Secure Access Service Edge (SASE)β. Alternatively, you can apply to become aΒ certified SASE Expert.
If youβd like to try Catoβs SASE platform for yourself,Β contact usΒ today orΒ schedule a demo.
