In the tumultuous realm of network and security architectures, the emergence of Secure Access Service Edge (SASE) has sparked heated debates, promising a radical transformation in how organizations grapple with the complexities of managing and securing their networks. SASE advocates tout it as a game-changer, unifying networking and security solutions under one umbrella to streamline operations, boost efficiency, and fortify network security. However, as with any paradigm shift, the devil is in the details.
There are a few different approaches within the SASE framework, each with their own pros and cons. Here we will focus on explaining the difference between Multi-Vendor SASE, Single-Vendor SASE, and Unified SASE.
Multi-vendor SASE
Multi-Vendor SASE was the most logical and closest to achieving the SASE definition as the concept emerged in late 2019. The most typical scenario being a service provider bringing multiple vendors into a solution, giving the customer a choice to pick their favorite networking or security vendor. However, it introduced integration and interoperability challenges, especially because of the technical know-how needed for the service providers to understand the intricacies of different vendors. Because of this, MEF 3.0 SASE service standard and Zero Trust framework was developed by a group managed security and service providers, to make it easier to bring SASE services for the enterprise.
Single-vendor SASE
Single-Vendor SASE, a term created by Gartner, focuses on sourcing a set of network and network security components from one vendor. Going with a single-vendor SASE approach can provide a streamlined solution for deployments with single support. The Single-Vendor SASE model's perceived benefits include increased ease and efficiency, as well as time and cost savings. However, some of these solutions are cobbled together via acquisitions and as integrated (read disparate) as multi-vendor SASE. Additionally, a vendor may have excellent security capabilities, but their SD-WAN – if offered by the vendor - may not be the most reliable and vice versa. Going with one vendor for everything will often require an enterprise to get clear upfront on what’s most important for them and where they’re willing to sacrifice for the sake of simplicity.
Unified SASE
Unified SASE offers the integration of all critical networking and security capabilities into a single platform, providing increased flexibility and control over networking and security functions. Oftentimes, this tightly integrated approach leads to significant cost savings. Unified SASE combines various components, including SD-WAN, Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), and Firewall as-a-Service (FWaaS) into a single, unified service, thus reducing the complexity and potential for conflicts between different systems. But the ‘all or none’ approach can be severely restrictive for most organizations that may have investment in existing multiple network and security vendors.
Though many assume that a Unified SASE architecture must be comprised of networking and security functions from a single vendor, the truth is that it can be achieved with multiple vendors as well, with the key emphasis being on seamless integration and simplified management.
When to choose what
Choosing a SASE approach should be based on an organization's specific needs and operational dynamics. There is no one-size-fits-all approach.
Unified SASE is most appropriate for businesses that require a high degree of customization to meet their specific needs and for those operating within complex, dynamic network environments. It provides tighter integration, the ability to leverage best-of-breed solutions, and can adapt to changing business needs quickly.
Single-Vendor SASE is ideally suited for organizations that prioritize simplicity in integration and management and is particularly beneficial for those with less complex network security requirements. Though it is simpler to manage, it does limit some of the options that you can get with Unified SASE or Multi-Vendor SASE approaches.
Multi-Vendor SASE is best for organizations that have existing investments in security and networking solutions from different vendors and enjoy the benefits of a best-of-breed approach. Transitioning from a multi-vendor approach to a single vendor solution can force an enterprise to rip and replace their existing infrastructure, which is often very costly. A multi-vendor approach also allows for a gradual transition to Unified SASE by integrating existing tools with new SASE components.
Managed or self service?
Regardless of the approach they take, every organization will need to determine if they’d like to manage their own SASE, outsource it completely, or have it co-managed with dedicated internal and external resources. In some cases, an enterprise will possess the resources and expertise to handle everything in-house. However, given how quickly this space is evolving, many enterprises do prefer to work with an outside vendor to manage it in some capacity. Offloading some or all the responsibility allows internal employees to focus more heavily on growing their businesses, which is one of the major benefits of working with a managed service.
SASE is a journey
As the network security landscape continues to develop, it is important to understand that the choice between these different SASE approaches is not black and white. Furthermore, SASE is not a one-time event, it is an ongoing journey comprised of a variety of components.
Organizations must investigate their own unique requirements and strategic objectives to determine the SASE journey that’s right for them. Whether it's the flexibility and tight integration offered by Unified SASE, the simplicity and streamlined management of Single-Vendor SASE, or the best-of-breed approach offered by Multi-Vendor SASE, recognizing these approaches as part of a spectrum of solutions is key to making informed decisions that best align with an organization’s specific needs in network security.
Once they’re clear about how they’d like to proceed, they should start with the network – or SD-WAN solution – that best fits their needs. Then they’ll want to add firewall-as-a-service (FWaaS), secure web gateway (SWG), observability, cloud access security broker (CASB), data loss prevention (DLP), and zero trust network access (ZTNA), one-by-one. Each step provides a major benefit to businesses, and when combined, the result is increased network performance; bolstered security for devices, data, networks, and infrastructure; improved scalability, and overall cost reduction. Going through the transformation process one step at a time enables businesses to maximize their existing assets, continue business without interruption, and get to an optimal state faster than starting from scratch.
