6 Key Considerations for SASE Deployments

In our last post, we addressed some of the most important questions you should ask a SASE provider when evaluating a potential solution. Once you’ve settled on a provider, you’ll need to start thinking about the implementation itself. Most SASE projects are large, complex initiatives with many moving parts that will involve a series of staged deployments and milestones. And while no two implementations will be the same as every customer will have their own unique technical and business requirements, there are some commonalities shared between successful SASE deployments. What follows are some of the key considerations that should be part of your SASE implementation journey.

1. Assess critical capabilities and take inventory

It bears repeating that SASE doesn’t present a single standardized set of tools but rather a framework for securely connecting users, endpoint systems, and devices to applications and services, wherever they might be located. As such, every organization will need to assess which specific capabilities and resources they’ll need to achieve a modern, converged network and security architecture.

As noted in our first post, the SASE framework incorporates a broad set of diverse capabilities, but the list is by no means comprehensive nor will it necessarily map to all of your specific business requirements. For instance, the priorities for a healthcare organization with HIPAA compliance concerns will likely be very different than that of a manufacturing firm in terms of data privacy. This is also a good time to take stock of your environment in general so you can get a complete view of your assets in order to assess which on-premises hardware should begin to be phased out in favor of cloud-based SASE capabilities.

2. Conduct a gap analysis

A gap analysis is a useful exercise to compare your current state to your desired future state. By identifying the gaps in your current network and security environment, you can begin to gauge the relative maturity of your technology stack and define which resources should be prioritized ahead of a SASE implementation. During this stage you might for instance consider which security capabilities should move to the cloud or whether some might remain on-premises to better understand where your network and security teams will most need support from a SASE provider.

This analysis can also help systematically identify potential vulnerabilities and design flaws early in the process as well as establish a baseline for planning future re-design or expansion efforts. And because SASE cuts across both the network and security functions, it’s also important to consider the human resource gaps as the skill sets and personalities between these two groups can be very different, so you’ll want to make sure that you have the right cross-functional competencies in place to ensure alignment.

3. Develop a staged roadmap with milestones

Every journey begins with a single step. But before you take that first step, you’ll need a well-defined roadmap to keep all of the various stakeholders rowing in the same direction. However, understand that because a full SASE deployment can be a complex and protracted undertaking with a great deal of uncertainty, it might not be feasible to build out a detailed project plan at the outset, so it often makes more sense to start by simply defining the key stages and milestones and backfilling as the project progresses.

In terms of kicking off your SASE implementation, Zero Trust Network Access (ZTNA) is an obvious starting point as it allows for application-level access versus full network access, which represents a better approach for securing a distributed workforce and can have an immediate impact on reducing security risks and known vulnerabilities. Other key stages in the SASE roadmap should include upgrading your existing wide-area network to a modern SD-WAN as well as an updated policy enforcement engine via the adoption of a secure web gateway (SWG) as well as a cloud access security broker (CASB).

4. Evaluate your vendors and begin to consolidate

Because no single vendor can meet the entire spectrum of SASE functionality, it’s important to carefully evaluate vendors with a broad set of capabilities who also have a well-established ecosystem of partners. Some vendors might specialize in security, while others may specialize in networking capabilities. To help you in your vendor selection process, be sure to check out our last blog post: 12 Questions You Should Ask a SASE Provider.

In addition to selecting the right vendor for your SASE project, you’ll also want to take a hard look at the various solutions that are being utilized in your environment. The average enterprise may have a considerable number of separate point solutions within their security environment. How many of those separate point solutions have overlapping capabilities? Are you using all of the capabilities and features? Does your organization even have the resources required to manage all of those solutions?

By consolidating the number of vendors and solutions, you can not only reduce your operating costs, but you can also realize efficiency gains by reducing the complexity that comes with managing all these systems. And with fewer vendors to manage, you’ll be able to troubleshoot issues faster and assert greater control across your environment.

5. Establish KPIs and operational metrics

As the age-old management mantra goes, ‘if you can’t measure it, you can’t manage it.” For a multi-year journey like SASE, you’ll want to spend time upfront determining the type of metrics that can and should be measured – both from the perspective of your ongoing operations as well as the services being delivered.

While key performance indicators (KPIs) for a broad technology initiative like SASE can sometimes be challenging to define and to some extent will overlap with existing network and security metrics, it’s important to establish some SASE-specific KPIs to help drive consensus among all of your core stakeholders. Having a clearly defined set of metrics will also help secure executive buy-in, which will be critical to the initiative’s long-term success. Some KPI’s to consider might include:

• Capex v. Opex
• Mean time to detect (MTTD) and mean time to respond (MTTR)
• Network latency
• Packet loss
• Help desk response time/QoS

6. Operationalize your SASE deployment

Even though SASE is a service-based model, several skills, tools, resources, and services are required to effectively support and manage it over time. You’ll need to consider a number of different factors in terms of building a consistent and repeatable operational SASE practice such as, do you need to adjust your change process? How capable is your staff at troubleshooting cloud technologies? Do you understand where your visibility and access ends and where you need to leverage the solution provider?

The operations and help desk staff will also need to understand the ongoing monitoring of the entire SASE solution set from both a networking and a security perspective. This gives them the ability to troubleshoot user calls that may fall into either side and resolve issues faster. As you operationalize different aspects of SASE, you should know that your business requirements around SASE will likely continue to evolve — as will the SASE landscape itself. Be diligent in tracking these changes and work to continuously assess whether it makes sense to adjust your strategy to improve outcomes.

In the final post in this series, we’ll break down how the Lumen Platform directly aligns with the SASE framework, enabling us to design and deliver solutions that meet the needs of today’s distributed enterprises.

This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. This document represents Lumen’s products and offerings as of the date of issue. Services not available everywhere. Business customers only. Lumen may change or cancel products and services or substitute similar products and services at its sole discretion without notice. ©2021 Lumen Technologies. All Rights Reserved.