10 Common SASE Misconceptions
In the first two posts in our SASE series, we defined what SASE is along with the specific challenges it was designed to address and examined some of the most prevalent use cases that SASE is best equipped to help solve. As a relatively new framework, there remains a good deal of confusion around what SASE does and what it wasn’t designed to do. In this post, we’ll take a look at some of the top common misconceptions about SASE and aim to set the record straight.
1. SASE is a product.
One of the most common misconceptions about SASE is that it’s a commercially available product or platform that can be sourced from a major technology vendor. While many vendors are jumping on the SASE bandwagon, it’s important to remember SASE isn’t itself a product. Rather, SASE is an architectural framework that when fully realized, provides a cloud-delivered networking and security infrastructure that enables organizations to efficiently and securely connect users to the applications they rely on to be productive. To this point, any vendor that claims that theirs is the only solution you need to achieve SASE should be treated with considerable skepticism.
2. SASE is expensive to implement and time-consuming to manage.
To meet the challenges of the modern distributed enterprise, IT organizations have had to cobble together a collection of network and security point solutions and quickly stitch them together to ensure application performance and keep their users and data secure. As a high-level strategic initiative, a comprehensive SASE solution will indeed require an upfront investment, both in terms of capital and resources. However, as with any long-term strategic investment, the benefits that can be realized are well worth the costs as a successful SASE implementation will not only yield short-term benefits, but most critically, will also provide a scalable foundation to support future growth.
3. The SASE architecture is just another name for edge computing.
While ‘edge’ is the last word in the SASE acronym, the edge represents only a facet of what SASE enables and shouldn’t be conflated with edge computing. That said, the SASE framework is edge native and as such, offers low-latency connectivity and improved security for users, devices, and services. The ability to deliver applications closer to where users are via localized points of presence (PoPs) with the proper security controls in place means security doesn’t have to come at the expense of performance. SASE leverages edge computing to address the bandwidth and latency issues caused by the in-and-out traffic of proxy connections to SaaS programs via the corporate data center.
4. SASE and Zero Trust are essentially the same thing.
It’s easy to see why so many people conflate SASE and Zero Trust as one in the same, given that the principle of ‘never trust, always verify’ is endemic to both. SASE builds upon the key principles of Zero Trust and applies them across all the other services within the context of a SASE framework. By identifying users, devices, and applications – regardless of where they might be connecting from – the process of creating and enforcing policies is vastly simplified. A SASE implementation absent Zero Trust not only leaves the network vulnerable to attack, but also makes it far more difficult to contain a potential compromise from spreading. SASE and Zero Trust are not mutually exclusive, and while you can pursue either of these initiatives on their own, they are far stronger when they’re working in concert with one another.
5. My organization isn’t large enough to benefit from SASE.
Another common misconception regarding SASE is that it’s something only the largest enterprise organizations stand to benefit from. While it’s true that large organizations with distributed workforces perhaps have the most to gain, the benefits of SASE can be realized by any organization that has a distributed workforce or operates a number of branch offices. And because SASE is delivered via the cloud and can be priced at a per-user level, the barrier for entry is low enough for even small and mid-sized enterprises to pursue.
6. SASE is just the next generation of SD-WAN.
Software-defined wide-area networks (SD-WAN) apply a centralized control function to intelligently and securely direct traffic across the WAN and has been embraced by the distributed enterprise due to its ability to centralize configuration rules, provide greater flexibility in terms of connectivity options, and deliver an improved user experience for branch and remote offices. While SD-WAN offers many advantages, it also introduces some challenges, including new security risks, reliability and performance issues, and increased complexity resulting from the need for multiple network overlays. SASE takes the SD-WAN model a step further by creating a unified framework for SD-WAN and security services to connect to, providing a single point of view and a simplified management approach to protect the network.
7. SASE is just putting point solutions in the cloud.
The proliferation of networking and security point solutions has hampered IT’s ability to deliver on its charter of applying technology to help the business be more agile and bring new innovations to market. Moreover, many of these point solutions are incompatible with today’s cloud-centric and mobile-first digital business. SASE is more than just migrating these varied point solutions to the cloud. Instead, it can help alleviate this complexity by removing multiple point solutions in favor of a single, cloud-based solution and by converging the functions of network and security point solutions into a unified, global cloud-native service.
8. Our organization has too much legacy infrastructure to make SASE a worthwhile initiative.
Modernizing legacy systems remains one of the most difficult challenges that IT leaders face today. In addition to aging servers and software, most large enterprises maintain a dizzying array of software infrastructure stacks that are now hosted across different clouds as well as within their corporate data centers. As a result, IT teams are limited in what they can see, and this lack of visibility provides threat actors with a diverse source of vectors to launch their attacks. While this complexity can seem daunting, it shouldn’t be a barrier to begin capitalizing on SASE solutions. Instead, the complexity of these legacy infrastructures should actually be a motivating factor to pursue a SASE solution, SASE’s ability to simplify the IT operating environment by migrating application management to a unified cloud-based environment and reducing IT operational overhead can actually free up resources to modernize critical IT systems.
9. We rely too heavily on MPLS for SASE to be an effective approach.
Multiprotocol label switching (MPLS) networks have become the predominant WAN architecture due to the ease in which they could create simplified network connections between branch and remote offices and central headquarters. The design worked well because most network traffic was being routed between client desktops on-site and applications hosted on-premise. However, as workers began logging in from anywhere and adoption of cloud-based applications became the norm, MPLS has become a performance bottleneck. By contrast, enterprises can migrate from MPLS to leverage SASE solutions that maintain the same simplified connectivity, while also eliminating the need to backhaul all traffic to the corporate data center and instead route traffic to a SASE provider’s PoP.
10. SASE will just add another layer of management complexity that just makes troubleshooting more difficult.
One of the primary SASE benefits is that cost and complexity do not grow at the same rate as the network, even as additional point solutions are added to the mix. Managing different appliance types across multiple locations within an enterprise network requires significantly more IT labor than it does at a single location. However, with SASE, management complexity doesn’t grow in lockstep with the network, because a single cloud-based management application can provide control across the entire service portfolio. In addition, by consolidating and unifying these controls, IT doesn’t need to worry about time-intensive tasks like patching or hardware replacements.
Now that we’ve cleared up some of the most common misconceptions around SASE, in our next post we’ll look at some of the questions IT decision makers should ask of vendors as they get started on their SASE journey.
This blog is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. ©2021 Lumen Technologies. All Rights Reserved.