How MSSPs Should Evaluate SASE Solutions to Complement Their Services


Recently, I sat down with Fortinet vice president of Products and Solutions Nirav Shah to discuss the growing importance of secure access service edge (SASE) for managed security services providers (MSSPs).  

Below we continue our conversation, where we cover how MSSPs should evaluate SASE solutions to complement their services strategy. I asked the questions and Nirav answered, offering insights and guidance for MSSPs as they embark on their SASE journeys.

Michael O’Brien (MO): Before we dive in deep, let’s take a step back and provide a recap on the value of SASE. Can you provide a quick overview on what SASE is? What are the key drivers for its adoption?
Nirav Shah (NS):
Sure. SASE is a cloud-hosted architecture that combines security service edge (SSE) and SD-WAN. SASE permits organizations to have secure access no matter where their users, workloads, devices, or applications are located. There are three key drivers to SASE adoption: 1) the convergence of networking and security 2) the shift from the on-premises proxy since applications are moving to cloud; and 3) the growth of the work-from-anywhere (WFA) hybrid workforce.

MO: What about vendor consolidation? Wouldn’t you say that’s also a key driver for SASE?
Yes, good point.Many CSOs and CIOs are looking at SASE in terms of how they can use it to consolidate vendors, streamline operations, and reduce expenses. The key benefits that come from consolidating are cost savings and simplicity. At Fortinet, we’re hearing from our MSSPs who say a very high number of enterprises are planning to consolidate their platforms. This is in line with a Gartner survey from 2022 that said 75% of organizations are consolidating their number of security vendors.

MO: Why are organizations consolidating at this unprecedented rate? Is it just for the cost savings and simplicity?
It’s more than that. Our global enterprise customers are seeing challenges not only with the detection of zero-day threats, but with the highly distributed threat environments that many of them are facing. For example, zero-day threats might be detected in one department, facility, application, or country, but the intelligence around that threat, how they detected it, and the remediation of that threat is not being shared within the organization quickly or sometimes at all.

MSSPs are seeing that the speed of attacks are happening so fast that unless they're using a common platform that can be expanded to the physical world to include edge devices, switches, firewalls, and applications, they don't believe that they can react quickly enough. Moreover, they don't believe that they can give their customers an advantage against the increasing scale of these threats.

In short, the global threat landscape is constantly growing and evolving to be more sophisticated. Threats can proliferate more quickly than ever before, so the only way for companies to react fast enough to address these threats is by using one unified, integrated platform that can then be expanded and extended. This is where SASE comes in by enabling a unified set of security profiles across users, applications, and devices.

MO: How should an MSSP go about selecting a SASE vendor that fits their needs?
A lot of SASE vendors are now supplying a set of services, and some of these services are crossing over into the services an MSSP provides. This puts the onus on an MSSP to make sure that they're selecting a platform that is complementary to their services strategy and what they're trying to offer their customers.

For example, if an MSSP is adding SASE for the very first time and signing up their first customers, they need to decide if they want the customer to see the value they are providing or see the value from the vendor that they’re representing. That's a strategic decision that every MSSP has to make. They have to decide for themselves if they’re looking to represent value from technology supplied by others or if are they trying to surround their customer with a set of comprehensive services of which SASE is one.

I think this is why a lot of MSSPs often start their journey in one direction, but once they understand what they're offering and how customers perceive it, they will often turn to other vendors for alternative strategies for delivering some of those services.

To make sure an MSSP is selecting a SASE platform that is complementary to its services strategy and what they're trying to offer its customers, it should prioritize a vendor that is capable of providing a single-vendor SASE platform.

MO: You mentioned single-vendor SASE. Can you discuss why an MSSP should work with a vendor that offers a single-vendor SASE solution?
Unlike other SASE solutions, a single-vendor SASE solution has all of its security and networking technologies supplied by just one vendor. This means all the SASE components are controlled and unified with one management console, providing a common set of security policies, independent of the device, application, or user.

Getting SASE from multiple vendors is like buying a car with parts from different manufacturers. If you have an engine from one, a dashboard from a second vendor, a body from a third, and wheels from yet another manufacturer, you might have a vehicle that you can drive, but there are going to be a lot of issues because the parts weren’t designed from scratch to work together.

When a SASE solution uses disparate policies, these policies are not talking to each other and are not seamlessly integrated. For example, let’s take a customer who has deployed DLP from vendor A and CASB from vendor B. How would they tie in the data protection polices? Each vendor has unique support capability with regards to data protection features. This means you don't have a common data protection policy across all your different use cases. A single-vendor SASE solutions allows you to have a uniform policy for a user going to any destination. You can have a common data protection policy for all applications, which is where single-vendor SASE solutions excel.

MO: What does an MSSP need to know about implementing SASE?
NS: Organizations that have never implemented SASE before may be intimidated by the process. MSSPs can help organizations see the value of SASE, especially if they are working within a remote or hybrid organization that has employees working across many different locations and devices, but they may not have the resources to implement it themselves.

Working with a single-vendor SASE provider can alleviate the burden of MSSPs making the shift to a new platform. Building off the foundation of SD-WAN — which many MSSPs already have in place — SASE serves as a natural extension. In some cases, an MSSP can work with their existing SD-WAN provider to transition into SASE and SSE. In other cases, it may make sense to work with a new vendor, depending on the MSSP’s needs.

Furthermore MSSPs should favor those vendors which have invested in supporting the introduction and delivery of SASE with a dedicated support organization focused on offer development. All too often vendors roll out new products and solutions depending solely on the standard technical training to be sufficient. Time to revenue and customer satisfaction can be greatly enhanced with the use of a vendors offer development resources.

MO: How do you see the SASE market evolving in the future?
The Unified SASE market is expected to grow nearly 20% annually to $36 billion by 2027. As we’ve said, SASE is valuable as it can help reduce costs and help consolidate solution and vendor sprawl without sacrificing security while also enhancing business impact. Remote, on-premises, and hybrid users are all protected by a unified set of security profiles, regardless of location. All of that is taken into account with a SASE platform. I think these drivers will become even more important to partners, and we’ll continue to see SASE adoption rise from organizations of all types.

MO: In a nutshell, what is your advice for MSSPs?
SASE adoption opens up a world of benefits to MSSPs. Fortinet recommends that MSSPs partner with a vendor that offers a solution like our Unified SASE, which has an approach that streamlines and scales SASE frameworks.

Author Michael O'Brien is regional vice president, Strategic Routes to Market, Fortinet. Read more Fortinet blogs and news here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.