Think of SASE as a Framework – Not a Checklist

Hero Image - SASE as a Framework

According to a recent study, 94% of IT leaders have accelerated the adoption of SASE solutions to make digital services and hybrid work sustainable for the long term. Given the appetite for these solutions and their ability to converge networking and security, it’s crucial to understand SASE within a broader context. In fact, some IT professionals find it far more helpful to stop focusing on what SASE is exactly and take a step back, thinking of it as a framework or approach instead of a checklist for success.

To unpack this, let’s start with Gartner’s definition of SASE:

Gartner coined the acronym secure access service edge (SASE), describing it as offerings combining SD-WAN capabilities with network security functions. This grouping of solutions combines five components into one platform:

  1. SD-WAN
  2. Firewall as a Service
  3. Cloud Access Security Broker (CASB)
  4. Secure Web Gateway
  5. Zero Trust Network Access

While this concrete list helps make SASE more tangible and easy to understand, the problem is it creates the perception that simply assembling these ingredients is a formula for success. But taking a formulaic approach overlooks what SASE is trying to accomplish, how it should guide your IT strategy, and how it should work within your specific environment.

Why a Checklist Approach to SASE Can be Problematic

Adhering to a strict definition of SASE can sometimes result in frustration and even the creation of new IT problems. Taking the five components as hard-and-fast rules may cause unforeseen issues with application performance, security, or both. That’s because critical considerations get missed with a prescriptive approach.

For example, SASE is a forward-leaning solution emphasizing cloud-based technologies and approaches, but solutions shouldn’t dictate design. IT leaders should still ask questions like:

  • Does this mean every component MUST be in the cloud?
  • Are there cases when it makes sense for some SASE parts and pieces to remain on-premise? If so, when and with which components?
  • Does my solution allow for design and deployment flexibility?

Given that most IT infrastructures are hybrid environments, with data both in the cloud and on-premise, you may want to design your solution to match.

We find IT leaders often face SASE challenges regarding next-generation firewalls and the related components of Zero Trust Network Access and Secure Web Gateway. Cloud firewalls, like SWG and ZTNA, are all right there in the SASE recipe, and indeed they are very agile and easy to manage. However, firewalls don’t have to be in the cloud to gain the ease of centralized management, and there are still instances when cloud firewalls may hurt application performance.

Our advice: IT decision-makers should enforce security policy wherever it needs enforcement, without degrading application performance – whether on-premise, in a data center, in the cloud, or even on the endpoint. Digging into these nuanced judgment calls can make the difference between success and a flop.

Using SASE as a Framework

First, understand what problem SASE solves, validate that you share this challenge, and then tailor your solution to get there. Too often, IT teams get caught in the minutiae of the various technology definitions and capabilities instead of keeping their eye on the end game.

Think of it this way: At its core, SASE can improve security and optimize application performance.

How to best accomplish these goals will vary widely, as each company is unique with its own IT architecture, risks, security gaps, internal expertise, and existing technologies already in place. While one business may need all five components, another may need only one or two. In fact, it’s not all that different from network solution design. For instance, each site’s transport needs may vary based on individual requirements. MPLS, Internet, wireless, etc., can all be part of the overall network solution, just as SD-WAN, FWaaS, and SWG can be part of a SASE solution individually or collectively.

Still, other companies may need more than SASE – it’s not always considered a comprehensive solution. For instance, managed detection and response may be a critical add-on, as many need the help of a 24/7 team of security analysts. Meanwhile, others argue that machine learning and SASE should work together for more substantial innovation.

Another thing to note: Because many security capabilities overlap, SASE can be a confusing landscape to navigate. For instance, next-generation firewalls include SWG and ZTNA principles that may satisfy the security goals of many organizations.

Ultimately, companies and their IT leaders should focus on their desired SASE outcomes, improving security for clouds, users, and endpoints and optimizing application performance for all users at all locations. Let your unique use cases dictate your technology needs, not the other way around. Pick the network and security components you need to accomplish your goals.

To learn more about Comcast Business global secure networking solutions, including solutions that meet the key tenets of the SASE model, please visit:

Map your approach to a SASE framework.

Locked Content

Click on the button below to get access

Unlock Now

Or sign in to access all content on Comcast Business Community

Learn how Comcast Business can help
keep you ready for what's next.