SASE and the Peanut Butter Cup – A Fable
By: Derek Granath, VP of product marketing at Silver Peak
When asked “what is your favourite candy bar?” my response was simple: a peanut butter cup. Somehow, the combination of chocolate and peanut butter in the right proportion perfectly hits the mark.
While the ubiquitous Reese’s peanut butter cup in its bright orange wrapper always catches my eye at the supermarket checkout, the very best peanut butter cup I have ever tasted is my sister’s.
It is because she selects and uses only the highest quality ingredients. Not chocolate chips from a bag, but chocolate from a boutique brand, and not supermarket peanut butter from a jar, but freshly ground peanut butter from the local health food store.
Gartner defines the secure access service edge or “SASE” as a thin WAN edge supporting the required wide area network functions at the branch such as SD-WAN, a stateful zone-based firewall, segmentation, routing and WAN optimization, integrated with comprehensive cloud-delivered security services including FWaaS, SGW, CASB, ZTNA, IDS/IPS, A/V and more, all managed centrally from the cloud. However, like the peanut butter cup – or peanut butter bar – an enterprise should not have to make a trade-off between their wide area network or security, nor should they settle for “good enough”. To realize the transformational promise of a SASE architecture, an SD-WAN solution with basic functionality simply will not deliver. Nor will good enough security. Enterprises should not settle for anything less than the best of both worlds.
Why Best-of-Breed WAN?
The job of the WAN is to connect users to applications and data as efficiently as possible and with the highest levels of performance and availability. A simple example: If a call centre employee can process 11 transactions per hour instead of 10 due to improved response time, that translates directly to a 10 percent increase in productivity and potential incremental revenue and profitability for the business.
An advanced SD-WAN platform that can granularly apply the appropriate quality of service and security policies based on business requirements can improve application response time, performance and availability, and yield tangible business outcomes. When making the SD-WAN platform decision to implement SASE, it is important to evaluate all of the performance and security capabilities of the unified solution and ensure they translate into business value; it is incredibly important to discern the differences in the business value delivered via a basic SD-WAN solution in contrast to an advanced WAN edge platform.
The combination of the following seven capabilities describe the attributes of an advanced SD-WAN platform that will fully deliver on the promises of a SASE architecture.
- First-packet application identification to enable granular traffic steering
- Automated, daily application definition and TCP/IP address table updates
- Automated orchestration with cloud-delivered security services
- Automatic failover to a secondary cloud enforcement point if the primary is unreachable
- Automatic reconfiguration should a closer enforcement point become available
- Enable enterprises to implement a SASE architecture at their own pace
- Freedom of choice to avoid vendor lock-in, enabling the adoption of new security innovations as they become available in the future
Why Best-of-Breed Cloud Security?
The threat landscape is changing every second. A recent article published by WebARX cited a McAfee statistic reporting that hackers create 300,000 new pieces of malware daily (data from 2018). The same article cited that according to Forbes, 30,000 websites are hacked every day. In Singapore, cybercrime continues to be on the rise with a 51 percent increase in cases reported in 2019, up from the year before according to the Cyber Security Agency of Singapore. New threats and new threat vectors surface daily. That means that enterprises must be vigilant and having the freedom of choice to integrate best-of-breed security today and in the future is of paramount importance.
When evaluating the security decision for SASE, it is also important to retain the flexibility and agility to adopt any security innovations that may be required to quickly mitigate exposure to new threats and new types of threats as they emerge.
Why Freedom-of Choice?
Some vendors market and offer an “all-in-one” SASE solution promising seamless integration, simplicity and the benefit of having a “one-throat-to-choke” business model. While this may sound enticing on the surface, it routinely results in vendor lock-in and compromise. It means either compromising the advanced networking functionality described above to fully optimize your SASE architecture. Or it means potentially exposing the enterprise to new threats that require rapid intervention. An open, advanced SD-WAN platform also enables enterprises to transform their security model and adopt SASE at their own pace, the best of both worlds.
But Make it Easy
Clearly, an open advanced SD-WAN edge platform that integrates seamlessly with best-of-breed cloud-delivered security vendors provide the flexibility to always deliver the highest levels of cloud application performance to users while mitigating risk to the enterprise. These integrations can automate the configuration of secure primary and secondary connections between branch locations and cloud-security enforcement points of presence and configuration of end-to-end security policies from a centralized management console.
The Moral of the Story
Like the peanut butter cup so readily available in the bright orange wrapper, sometimes good enough is good enough. However, when it comes to your enterprise network and security, you should never be forced to compromise or settle for good enough. Adopting best-of-breed networking and best-of-breed cloud-delivered security for your SASE implementation will deliver the highest end user quality of experience and the highest level of enterprise risk mitigation without compromise.