Michael O'Brien, regional vice president, Strategic Routes to Market, sat down with his colleague Nirav Shah, vice president of Products and Solutions at Fortinet, to discuss the keen interest and increasing adoption of the cybersecurity framework called secure access service edge (SASE).
In the Q&A below, they discuss SASE’s potential value for managed security services providers (MSSPs).
MO: For those of us who aren’t fully up-to-speed on SASE, would you please define it?
NS: Sure. SASE brings together security services from the cloud and connectivity from the networking side (SD-WAN) and converges them. SASE helps customers simplify their operations and reduce the complexity that exists in the network today. It’s SASE’s consolidation and convergence abilities that really get the attention of cybersecurity and IT experts worldwide.
We need to peel the SASE onion to better appreciate its effectiveness and current popularity. There are multiple technologies within SASE. The security services come from the cloud side of the solution and they contain three main elements. One is the secure web gateway (SGW), which is a proxy. Number two is ZTNA, which is all about continuous verification. And three is CASB (cloud access security broker), which secures SaaS applications.
The networking side of SASE is made up of the software-defined wide-area networking (SD-WAN) technology that features the next-generation firewall (NGFW) that supports user experience, bi-directional access to the web, and unified management.
Michael O’Brien: Do you agree with the notion that any organization’s SASE conversation is a natural progression of its SD-WAN journey?
Nirav Shah: Yes, because SD-WAN architecture simplifies wide-area networks between sites and applications and can reside anywhere using any connectivity type (i.e. broadband, LTE/5G, MPLS). The SD-WAN architecture is application-driven and provides access to applications that is faster, more reliable, and more secure.
SD-WAN is a foundational element within a SASE solution. Many MSSPs have collaborated with their partners and customers to support SD-WAN deployments and because of this experience, they are naturally prepared to assist their clients as they advance in their secure networking journeys.
MO: What do you think are the main reasons for the market’s interest in deploying a SASE solution?
NV: I think there are three main drivers of SASE adoption today. The first one is the convergence of networking and security. We have seen a shift from MPLS to broadband internet, which requires consistent user experience without sacrificing security. The convergence approach is bringing security and networking together at the edge and organizations are in conversations about how to offer the benefits of convergence to their remote users. This leads to the introduction of zero-trust network access (ZTNA), which is a major component of SASE that continuously verifies all users and devices.
The second driver is the shift from the on-premises proxy. Over the past decade, the secure gateway (SGW) market has grown, but as more and more software-as-a-service (SaaS) applications move into the cloud, the value add that SGW solutions provide is minimized from an on-premises viewpoint. So the concept of moving the on-premises proxy into the cloud is looking very attractive for the ability to bring complete visibility into SaaS applications and helping protect against exploitation.
The third driver is the growth of the ever-changing hybrid workforce. Work-from-anywhere (WFA) users are demanding more flexibility, better user experiences, and a higher level of security. These three SASE drivers can be where MSSPs start conversations with prospects. With its growth in popularity, it’s becoming much easier for MSSPs to help prospects understand what SASE is, what its components are, and how it can benefit them.
MO: Thanks. So, what’s the next level in the evolution of SASE?
NV: The next level of SASE’s evolution is the Universal SASE solution that features the benefits that come with single-vendor SASE. You can create a Universal SASE solution by bringing together separate technologies from different vendors — but we are seeing consolidation in the market. Many organizations are going with one vendor for the security services side of SASE and one vendor for the networking side. This approach is often referred to as a “dual vendor SASE” approach.
However, many organizations are telling us they want a single-vendor SASE solution that has all of its security and networking technologies to be controlled and unified under the umbrella of just one vendor’s management console.
I think more and more vendors are going to try to provide the single-vendor approach — but this is going to be challenging for many. The dual-vendor SASE providers are typically cybersecurity companies that don’t have an SD-WAN solution, so they must partner with an existing SD-WAN company. You can guess that these partnerships aren’t easy or smooth mergers and require a significant amount of time and effort to integrate all their SASE components.
MO: What advice would you give MSSPs who want to take advantage of SASE solutions now and bring them to their customers?
NS: It’s pretty simple. MSSPs should connect with single-vendor SASE providers. They are leading the way and providing the solutions that the market demands. It really comes down to the benefits that come with working with a vendor who has done the integration work. You can have a high level of assurance that the connection between SD-WAN to SASE has been well thought out and fully integrated. This gives an MSSP a different perspective on choosing what SASE solution to use. They must consider the cycles that it takes to manage and how it results in the overall costs of maintaining the solution.
Also, there’s a real need for a simple on-demand licensing approach that allows an organization to procure services in a much easier fashion and at the same time gives them the flexibility to turn it on and use different form factors of the solution. The promise of SASE can only be fully realized if there’s also a simplification of how it is procured and how much it costs.
Vendors with on-demand offers or point-based systems or utility-oriented types of pricing models can go a really long way in helping an MSSP quickly ramp up a solution like this without having to be a financial institution between the transactions.
Another key benefit for MSSPs deploying a Universal SASE solution is that it becomes the platform by which they can supply a security profile to their customers. Where other SASE solutions deal with security profiles on an application level, Universal SASE handles them on a platform level, which makes management across a wide range of applications easily and quickly done via an implementation of ZTNA as part of a SASE strategy.
To summarize Nirav’s advice: SASE adoption opens up many benefits to MSSPs. As they continue to assist their customers in their secure networking journeys, MSSPs should partner with a vendor that offers Universal SASE — an approach that streamlines and scales SASE frameworks.
Author Michael O'Brien is regional vice president, Strategic Routes to Market, Fortinet. Read more Fortinet blogs and news here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.