Migrating your organization's networking and security functions to a secure access service edge (SASE) framework offers cloud-based scalability, flexibility and cost savings that would be hard to match with a traditional perimeter- and data-center-based implementation. SASE extends protection to remote workers in any location and using any platform, making it an ideal solution for today's geographically dispersed companies.Yet implementing SASE begins with a lot of investigation and planning. There are vendors that offer all-inclusive SASE solutions, but most organizations will be repurposing at least some of their existing technologies to deploy their SASE framework."Only in very rare instances can a single [SASE] vendor truly deliver a full suite of products to an industry-leading standard," wrote Joel Windels, former chief marketing officer at NetMotion software, in a 2021 blog post. "The more likely outcome is that businesses are managing several solutions from several vendors (just as they were for traditional network security stacks)."Here's how to make sure your IT is ready for SASE.Other, more familiar components may be added on, or may be bundled with the five core parts:
See what you have, assess your needs and determine what to buy
The first step is to inventory and assess your existing networking tools, security tools and hardware. What do you have that would work well in a SASE environment? What would need to be replaced? Can any of your software or tools be redeployed from an on-premises setup to the cloud?Consult your IT, networking and security teams for their input, as they know the subjects best and will be working together more closely if your organization moves to SASE."SASE adoption is not installing another technology," wrote Darwin Hernandez, product marketing manager for Lumen, in a 2022 blog post. "It requires dedicated coordination between networking and security teams, a solid understanding of the business's current state, and considerable expertise."What you need for true SASE implementation
More specifically, you need to see which of the core SASE components are already attainable with your existing technology, and which you will need to build or acquire. The core five components of SASE are:- A software-defined wide-area network (SD-WAN). This uses the public internet, private networks or even cellular networks to create an overlay that securely links your organization's main office, branches, data centers, work-from-home users and users' mobile devices.
- A cloud-based secure web gateway (SWG). Monitors, inspects and logs each user's web traffic and blocks malware and intrusions, no matter where the user happens to be.
- A cloud-access security broker (CASB). Essential security software for all cloud deployments, as it monitors and regulates communications between your organization's users and your cloud instances and applications.
- A firewall-as-a-service (FWaaS). Creates a cloud-based firewall that governs user network traffic according to your organization's rules and policies.
- Zero-trust network access (ZTNA). A cloud-based framework that makes sure all users and devices are continuously verified and all access requests are individually considered, no matter their location.
- A cloud-based data-loss-prevention (DLP) system. May be part of the FWaaS.
- Domain-name-system-layer (DNS-layer) security. Blocks malicious or unwanted servers and may be part of the SWG or FWaaS.
- Cloud-based endpoint detection and response (EDR) software. You probably already have this, or at least antivirus software, in place — see if it can be migrated to the cloud.
- A cloud-based intrusion-prevention or intrusion-detection system (IPS/IDS). Likewise, see if your existing IPS/IDS can be repurposed for the cloud.
