A guide to SASE implementation 

Sean Campbell, Director Canadian Channels, Fortinet

Thanks to remote workforces across the globe, today’s networks have no perimeter and are constantly evolving and expanding beyond traditional edges. Unfortunately, most security solutions were designed with a perimeter in mind, making them incompatible with modern business priorities. As organizations move toward the cloud and cloud-based applications to better deliver work-from-anywhere (WFA) and remote access strategies, VPN-only solutions impinge on their ability to provide secure access at the speed and scale of business.

The pressures of digitization have many businesses looking to Secure Access Service Edge (SASE) to extend networking and security capabilities. As a cloud architecture model that combines network and security-as-a-service into a single cloud service, SASE is composed of Security Service Edge (SSE) and SD-WAN and incorporates firewall as a service (FWaaS), secure web gateway (SWG), zero-trust network access (ZTNA), and threat detection functions.

CISOs are drawn to SASE for its flexibility, simplicity, scalability, and low-latency performance. It offers channel partners a significant opportunity to help their customers navigate implementation challenges so they can take advantage of SASE for its ability to modernize security across the distributed network.

Growing popularity 

SASE’s popularity is derived from its ability to provide robust cyber threat protection and secure access anytime, anywhere. Since the global pandemic, hybrid work models have become the norm, making it an attractive proposition for many organizations. The main attraction is SASE’s ability to enable secure, high-performance access regardless of where a user, device, or application is located. It can also allow for the flexibility to address access for different users and use cases.

While SASE offers a converged networking and security solution that is appealing to customers, implementation challenges do exist. Too often, organizations look to implement point products from multiple vendors to achieve SASE functionality. These approaches often fail because they introduce new complexities, reduce visibility and bog down IT teams caught deploying updates in multiple locations.

Line up the right approach 

For SASE to work optimally, components must work as a single system. When each component seamlessly integrates within the larger corporate security framework, siloes are removed, performance remains high, and security teams have a greater ability to monitor, detect and act on any intrusion.

Taking advantage of SASE requires understanding the cloud-based security services and networking elements at play. Given most operational architectures will include cloud and on-premises, channel partners should ensure their SASE solution can integrate into hybrid environments – including LANWAN5G, and cloud edges. They should also be looking for the highest level of integration, preferably with a vendor that offers one central dashboard that can manage various solutions, including SASE, Secure SD-WAN and ZTNA.

Unify to simplify 

Unified management offers organizations a simple management console for their entire SASE solution, including networking and security components. While many vendors claim they can provide this seamless view, not everyone can back that claim. Some solutions require customers to work with separate management tools, whether the result of an acquisition or existing products. Essentially, customers end up with a single company selling two solutions that work in silos. Truly benefiting from a unified management approach should see an organization’s IT and security teams work from a single location to deploy policies, manage traffic, log incidents and ensure security outcomes.

This is the approach favoured by FortiSASE, Fortinet’s single-vendor SASE approach. It delivers a comprehensive SASE solution that facilitates the convergence of networking and security all the while seamlessly uniting SD-WAN, secure web gateway, universal zero trust network access, cloud access security broker, and Firewall-as-a-Service, all under the FortiOS operating system. Using the FortiClient single client, the network operations center (NOC) and security operations center (SOC) teams are unified. Alerts are collated across on-premises and remote users and the troubleshooting process is simplified while integrated AI helps minimize detection and remediation time.

Opportunity abounds 

Integrated SASE solutions that feature a mature cybersecurity platform with true unified management do exist and offer partners a competitive advantage. By converging networking and security functions and removing complexities created by numerous vendors and devices, SASE customers can benefit from greater operational efficiency, improved security outcomes and faster connectivity. The benefits to a single-vendor approach are so clear-cut Gartner predicted that by 2025, a third of new SASE deployments will be a single-vendor offering – up from just 10 per cent. This represents a significant opportunity for channel partners, but seizing the moment requires the right vendor to help customers realize the true potential of SASE for their business.

Sean Campbell is Director of Canadian Channels at Fortinet