SASE: Building a Migration StrategyGartner Report Prompts Discussion of Keys to Success
In 2019, Gartner coined the phrase Secure Access Service Edge, or SASE, to refer to a network architecture that delivers software-defined wide-area networking and security as a cloud service directly to the source of connection rather than the enterprise data center.
In an update, Gartner recently issued a new strategic road map for SASE adoption that emphasizes the need for a detailed migration plan (see: Gartner Offers Insights on Migrating to SASE).
"While the vendors are touting SASE as the end-all solution, the key to success would depend upon how well we define the SASE operating model, particularly when there are so many vendors coming up with SASE-based solutions."
By 2024, Gartner predicts, at least 40% of enterprises worldwide will have explicit strategies for adopting SASE, up from 10% in 2020.
Many CISOs tell me the biggest roadblock to implementing SASE is demonstrating the value. And that requires carefully defining the SASE operating model and how it supports, for example, a remote workforce.
“I am excited about the possibilities that SASE brings, as clearly articulated in the report, and I am sure it will be disruptive enough to get enterprises to transition to the digital bandwagon and reap benefits faster,” Agnidipta Sarkar, group CISO of Biocon, a large biopharmaceutical company based in Bengaluru, tells me.
He says the SASE model will help address data visibility and control issues as enterprises move to the cloud. "However, CISOs need to bring in changes in operational procedures to take advantage of the centralized control and enforcement mechanisms that come with the implementation of SASE," he says.
Nat Smith, senior research director at Gartner, tells me: "One of the biggest drivers has been the acceleration [to remote work] from the pandemic and boards of directors asking CISOs, 'What are you going to do differently now?'"
Rajpreet Kaur, senior principal analyst at Gartner, says SASE helps in binding the user's identity to the data context, the location, and the types of devices used to access the data to improve authentication.
Many CISOs and security teams now believe that SASE will help them use existing resources efficiently to address the remote access environment and enhance operational efficiency.
Rishi Rajpal, vice president of global security at Concentrix, tells me that the "work from home" shift has accelerated the adoption of SASE, which is being used to replace VPNs. SASE is being expanded to include antivirus and patch management at the end-user machines, he says.
One of the world's top 10 banks, which used VPN for fast internet access, now uses SASE to go direct-to-net with improved user experience, safely bypassing the VPN, notes Neil Thacker, CISO of Netskope.
Road Map for SASE
Gartner published its report introducing the SASE concept, The Future of Network Security Is in the Cloud, in August 2019.
After the COVID-19 pandemic led to a worldwide shift to a largely remote workforce, interest in SASE grew, prompting Gartner to release its update, 2021 Strategic Roadmap for SASE Convergence, in April.
The latest report says that to adopt SASE, CISOs need a migration strategy that contains the following components:
- Develop an enterprise strategy and timeline for SASE convergence and adoption;
- Conduct an inventory of network security and network technology contracts, platforms and capabilities for SASE convergence and identify requirements for local POPs;
- Measure success toward moving away from a model of excessive implicit trust to a SASE-delivered "zero trust" security posture.
CISOs: Keys to SASE Success
Gartner's analysts say that "work from anywhere" and cloud-based computing have accelerated cloud-delivered SASE offerings to enable anywhere, anytime secure access from any device.
Security and risk management leaders should build a migration plan from the legacy perimeter and hardware-based offerings to a SASE model.
One hindrance to SASE adoption, some security experts tell me, is that organizations lack visibility into sensitive data and awareness of threats. Too many enterprises have separate security and networking teams that don't share information and lack an all-encompassing security strategy, they say.
"While the vendors are touting SASE as the end-all solution, the key to success would depend upon how well we define the SASE operating model, particularly when there are so many vendors coming up with SASE-based solutions," says Bengaluru-based Sridhar Sidhu, senior vice president and head of the information security services group at Wells Fargo.
Yask Sharma, CISO of Indian Oil Corp., says that as data centers move to the cloud, companies need to use SASE to enhance security while controlling costs.
Along with Gartner, some practitioners believe that moving to a SASE model could, indeed, help cut operational costs over the long term and close security gaps, making it easier to secure assets in the cloud. And those factors are clearly fueling the movement to SASE.