SASE—which stands for secure access service edge—is a relatively new framework that converges wide-area networking with security into one cloud-based service stack. SASE uses software-defined wide area network (SD-WAN) technology to directly connect branch offices and remote users to the cloud and software-as-a-service (SaaS) resources without backhauling traffic through the primary firewall.
SD-WAN traffic can bypass a firewall because SASE enables the application of enterprise security policies, traffic filtering, and other controls to that remote traffic. By using cloud-based security features like firewall-as-a-service (FWaaS), cloud access security brokers (CASBs), and zero trust network access (ZTNA).
SASE provides numerous benefits to businesses to simplify, optimize, and secure their network edge, including:
- SASE reduces network latency for both enterprise and remote traffic. SASE separates remote, cloud-destined traffic from the rest of your SD-WAN traffic, so a branch office user doesn’t need to go through an HQ firewall just to access a web service like Office 365. SASE increases the security of the network edge by allowing you to implement the same enterprise security policies and controls to all remote traffic.
- SASE simplifies and optimizes network administration by consolidating SD-WAN management and edge security controls into one unified platform.
A successful SASE implementation requires a lot of planning, as well as a comprehensive understanding of your existing infrastructure, requirements, and pain points.
SASE implementation: A step-by-step guide for businesses
Each SASE implementation is unique to the business it serves. However, there are six basic steps that most successful SASE deployments follow:
Step 1: Define SASE goals and requirements
During the planning phase of the SASE implementation, the first step is defining the project’s business goals. Identify SASE use cases: What problems need a solution, and what benefits does your organization hope to gain? These use cases will inform how to conduct the following steps—once the goals are clear, developing plans for reaching them is what follows.
For example, you may want to use SASE to secure and optimize SD-WAN traffic. In this case, you already have SD-WAN technology, so the primary goal is to add SASE’s cloud-based network security stack to protect that traffic.
The following steps determine whether the existing SD-WAN architecture can support SASE and ensure preferred SASE vendors integrate with your existing infrastructure. Once you know why SASE is essential, decide what technologies, processes, and training to implement to reach those goals.
Step 2: Assess the environment and identify gaps
Next is to conduct a thorough assessment of your existing network infrastructure and resources to identify any gaps in the ability to achieve your SASE goals. Use the following questions as a checklist:
- Do the critical staff members have the knowledge and skills to implement and manage a SASE deployment?
- Do you need an access on-ramp to the SASE service provider (e.g., an SD-WAN backbone)?
- Can any existing infrastructure be used with SASE implementation, or do you need to purchase new hardware for your edge?
Review technical documentation and network diagrams, interview key staff about their requirements and training, and examine the security and network configurations to assemble a complete picture of your current environment. Choosing this before defining SASE requirements is vital because a thorough understanding of existing infrastructure can make it much easier to identify pain points and business goals.
With a clear picture of where you are now and what you hope to achieve with SASE in the future, you can start choosing SASE vendors and solutions.
Step 3: Choose SASE vendors and solutions
There aren’t any fully mature, single-solution SASE providers yet. Some vendors provide access via SD-WAN and related technologies, while others offer security service edge via cloud-based network security features. If you have an existing SD-WAN backbone that provides all networking functionality, then a single vendor for a cloud-based security stack is only needed. Otherwise, combine a security service edge solution with an SD-WAN solution to complete SASE implementation.
SD-WAN and cloud security solutions need to work well together. Security service edge providers often partner with SD-WAN vendors to create fully integrated solutions managed from one unified platform. For example, ZPE Systems partners with Palo Alto Networks to provide an SD-WAN on-ramp to the Prisma Access security service edge solution. Enterprises should prioritize integration when evaluating potential vendors.
Step 4: Stage and test SASE deployment
The exact steps to configure services will vary depending on the provider, environment, and requirements.
We recommend creating a staging and testing environment separate from the production environment, so you can perform thorough integration and user acceptance testing before going live with SASE deployment. Test how cloud security stack integrates with an SD-WAN solution, as well as other applications and tools like security information and event management (SIEM), role-based access control (RBAC), and security orchestration, automation, and response (SOAR).
Additionally, perform user acceptance testing with real users and workloads to accurately picture how these changes will affect the people using your systems every day. This will help identify bugs and issues, determine what kind of user training is needed at the cutover time, and optimize the overall user experience to make the transition to SASE easier for your organization as a whole.
Step 5: Cutover, troubleshoot, and support
Even the most meticulously planned deployments can go awry, so companies should have support staff ready to handle any user complaints and technical staff on hand to troubleshoot any configuration or deployment errors. After cutover, your support staff also needs to provide training and documentation for the user base to ensure they know how their daily processes will change and what to do if they encounter any problems.
Step 6: Continuously optimize SASE implementation
Once your SASE implementation is live, you should constantly monitor it and look for ways to improve and optimize. Infrastructures will evolve, as will the technology offered by SASE vendors. As adding new cloud infrastructure, SaaS platforms, branch offices, and other edge computing requirements, you should evaluate the SASE technology to see if additional functionality is needed or desired.
You should plan and implement a SASE deployment that addresses a unique environment, requirements, and business goals by practicing these six steps.
Discover more on how to simplify SASE implementation
A successful SASE implementation requires in-depth planning and preparation, robust testing, comprehensive training and support, and continuous monitoring and optimization. You can make this process easier by investing in SASE solutions that integrate and consolidate management tasks behind one pane of glass.
For example, you can use Nodegrid’s innovative SD-WAN and remote branch management solutions as your on-ramp to secure service edge technologies. We partner with trusted SASE providers to deliver an integrated platform that consolidates and simplifies your SASE management and optimization.