Choosing a SASE Vendor

May 19, 2020

With the release of “The Future of Network Security Is in the Cloud” Gartner provided the SASE model, and description of where the WAN connectivity and security market is headed. They also pointed out the fact that the SASE market is only beginning to take shape, and that many vendors aren’t yet capable of delivering the full benefits of SASE.

Because SASE has become such a hot buzzword, plenty of vendors have slapped the term SASE onto their current offerings without truly providing the upside of a SASE platform. As a result, enterprises are now faced with the challenge of sorting through the hype to identify which vendors can truly meet the requirements of the modern digital business.

Here, we’ll take a pragmatic look at how enterprises can choose a SASE vendor that delivers true substance, not just hype.

Understanding the SASE model

Before an enterprise begins to compare SASE providers, it’s important to have a clear understanding of what SASE is. To that end, Gartner provides a vendor-neutral reference in their description of the SASE model.

In “The Future of Network Security Is in the Cloud”, Gartner describes SASE as an identity-centric architecture that converges and inverts traditional datacenter-focused architectures. In other words, SASE converges network and security functionality in a model where user and resource identities, not physical data centers, are what determine access decisions.

The idea driving the shift is simple: with cloud and mobile drastically changing network architectures, the traditional datacenter-focused model simply isn’t the right method to apply to modern use cases within digital businesses.

How to evaluate SASE vendors

The promise of SASE is that it will deliver converged network and security service on a global scale and reduce cost and complexity while increasing agility, visibility, and performance. However, to make sure your enterprise benefits from the potential of SASE, it’s important to ask the right questions and understand the key criteria by which to evaluate SASE providers.

While any given enterprise may value these criteria differently, there should be table stakes for any WAN architecture that aims to gain the benefits of truly converged network and security infrastructure at scale.

Criteria #1: Are networking and security as a service integrated?

SASE converges networking and security into a single cloud-native platform. If a SASE provider is unable to provide a network fabric that includes both enterprise-grade networking (e.g. SD-WAN, WAN acceleration) and security services (e.g. FWaaS, IPS, and SWG), they’re not yet a complete SASE solution.

Criteria #2: Is the platform cloud-native?

SASE vendors must take a cloud-native approach to deliver the full benefits of the model. The identity-centric approach SASE demands must be able to account for all network edges, including on-premises, mobile, and in the cloud. Point solutions, such as SD-WAN appliances, alone cannot meet this requirement, but a converged cloud-native software stack certainly can.

Criteria #3: Will you have optimal network performance on a global scale?

While a global network backbone isn’t a requirement for SASE, optimum experience anywhere in the world is. While the public Internet alone is certainly global, geographical distance and fundamental problems with Internet routing, make it too unreliable and latency-prone for global and international use cases. MPLS on the other hand is reliable but lacks the agility and cost-effectiveness to be ideal for many enterprises. As a result, the most effective way to meet this requirement is to look for SASE vendors that provide a global SLA-backed private backbone.

Criteria #4: Does the SASE provider enable ZTNA?

Zero Trust Network Access (ZTNA) is an integral part of SASE. ZTNA provides the granular identity-driven and contextually aware approach to network security that legacy “castle and moat” approaches could not. With those legacy solutions, once a user was past the “moat” (e.g. a VPN or firewall appliance) network access was mostly unrestricted. Further, this legacy approach is difficult to extend to cloud and mobile edge endpoints. With ZTNA, enterprises can configure application-specific access based on user identities for cloud, mobile, and on-premises users and resources.

A SASE vendor that doesn’t provide ZTNA can’t meet the fundamental SASE requirement of an identity-centric infrastructure.

Criteria #5: Does the SASE provider reduce network complexity and cost?

Features such as ZTNA, FWaaS, SD-WAN, and WAN acceleration will help ensure SASE vendors improve network performance and security posture, but that’s only half the story. SASE should also drive down cost and complexity. Cost savings stem from a reduction in capex and opex due to less appliances to source, provision, monitor, patch, and replace thanks to a cloud-native multitenant architecture. Complexity also goes down for many of the same reasons. However, just eliminating the need for a patchwork of appliances isn’t enough.

SASE platforms should also offer a robust, intuitive, and easy-to-use management interface that abstracts away unnecessary complexity and allows IT to focus more on core business functions and less on network maintenance.

How Cato delivers on the promise of SASE

In addition to being labeled a sample vendor in the SASE category in the most recent Gartner Hype Cycle for Enterprise Networking, Cato is also the world’s first SASE platform. Purpose-built for digital businesses, Cato provides a truly converged cloud-native network and security fabric as well as a global private backbone that offers a 99.999% uptime to enable enterprises to benefit from the promise of SASE today.

For a deep-dive on the SASE model, read our eBook “The Network for the Digital Business Starts with the Secure Access Service Edge (SASE)”. If you’d like to try Cato’s SASE platform for yourself, contact us today or schedule a demo.