The means of delivering the “access” in a SASE framework, meanwhile, typically SD-WAN, often makes sense for office locations, as well as branch and satellite offices, but delivering it to home tends to be cost prohibited outside of certain job functions and executive levels. And if an SD-WAN solution already is in place, an architecture composed of an SSE security suite that’s tightly integrated with a separate vendor’s SD-WAN, argued Gartner analyst Charlie Winckless, could perform as well, if not better, than a singlevendor SASE approach. In many market segments, Winckless told SDxCentral, particularly large businesses, there is a preference toward standalone-security functionality, while proponents of SSE also argue that security stacks offered by companies specializing solely in SSE tend to be a step ahead of the security functions offered by SD-WAN providers that have developed a SASE framework. ‘A’ for All Proponents of a unified SASE approach, on the other hand, would argue that any step toward uncoupling networking and security is a step in the wrong direction and defeats the core premise of an integrated, application-centric approach offering end to-end visibility and control. While SSE offers some conveniences for enterprises, “it only reinforces the current status quo of a fragmented security market and doesn’t address new attack surfaces in the rapidly changing security landscape,” said Renuka Nadkarni, chief product officer at Aryaka. SSE underestimates the complexity of traffic aggregation from multiple sources such as branch offices, remote and mobile users, said Nadkarni. “The biggest challenge and complexity here is the rapidly changing WAN/5G accessibility for guaranteed application (and network) performance and availability.” It took years to come to a unified SASE architecture that brings together context from both the networking and security stacks, argued Cato Networks co-founder Gur Shatz. Segmenting a SASE architecture that’s divided up between the respective teams (networking or security) runs the risks of missing out on the shared context enabled by a singular approach, Shatz told SDxCentral, while adding confusion to the mix, as it can be unclear which team is responsible for what. “Whenever you have two things making a decision independently, you have a security hole,” Shatz continued. “SSE is a convenience for box vendors using a network-centric approach to move the finite capabilities of their box into the edge/cloud,” said Nadkarni. “It is not the modern application-first centric thinking, and hence it’s dead on arrival.” The need to lockdown workforces when the lockdowns greatly expanded the attack surface certainly made SSE highly attractive for the better part of the last two years. And while the SSE market may have matured faster and in a more consolidated fashion, the ability to have complete control and visibility, as well as performance and reliability, out to the edge of networks will be a competitive advantage, if not a strategic necessity, in the long term. That could require an infrastructure in which networking and the security stack share context across a single control plane, thus minimizing “gaps” between the two. So rather than being a “replacement” or “alternative” to SASE, as it is sometime positioned, SSE is more a step toward the ultimate goal of a SASE architecture. J NETWORKS What SASE initiatives are currently in place? Overall strategy and goals 35% Phasing out VPNs 32% Consolidation of SWG, CASB, ZTNA 29% Phasing out dedicated security appliances 26% Measurement of user experience and SLA enforcement 25% Cross-functional teams created 23% Source: Aryaka 2022 Global State of the WAN ! Source: Aryaka 2022 Global State of the WAN How will you approach SASE technology selection? Source: MIT Sloan Management Review 23% Access to same benefits as oce workers 22% Reimbursing costs for maintaning a home oce 20% Remote brainstorming and workshops 18% Social events for remote workers 17% Reimbursing costs of space in coworking sites Bad Bot Reported User Agent Types, 2016-2020 Source: Imper va (Percent saying it’s critical) 0% 5% 0% 5% 0% 2016 2017 2018 2019 2020 75.9% 83.2% 78.1% 79.4% 68.0% 16.1% 10.4% 13.9% 12.9% 28.1% 8.0% 6.4% 8.0% 7.7% 3.9% Chrome, Firefox, Internet Expl rer, Safari Mobile User Agents Other User Agents 44% 19% 19% 18% Separate vendor for networking and security Single vendor for networking and security Consumer via an MSP or Telco Unclear; still determining how SASE will fit into our environment 44 REMOTE WORK SOLUTIONS rwsmagazine.com
RkJQdWJsaXNoZXIy NTg4Njc=