SASE and the risk of over-rationalising

Chief information security officers (CISOs) are being encouraged to build a Secure Access Service Edge (SASE) migration plan to create a robust Zero Trust architecture, while also consolidating the security vendor suite. Yet, while the concept of single vendor SASE solutions may appear to meet goals for rationalising security costs and complexity, it creates untenable risks for any organisation operating in a high assurance industry. Here, Paul German, CEO, Certes Networks, explains why a best of breed SASE framework from a single Managed Service Provider is key to de-risking SASE for high assurance companies.

Trusted framework

Secure Access Service Edge (SASE) is the future, according to market research analysts including Gartner, which predicts that by 2025 at least 60% of enterprises will have explicit strategies and timelines for SASE adoption encompassing user, branch and edge access, up from 10% in 2020. Encompassing multiple security capabilities into a single deliverable, SASE deployments include Software Defined Wide Area Network (SD–WAN) connectivity, Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA), Firewall-as-a-Service and Secure Web Gateway.

But while vendors are beginning to flood to the market with branded ‘SASE solutions’, there is a degree of confusion about SASE that is adding significant operational risk, especially to organisations in highly regulated industries, where data sensitivity combined with the threat landscape demands a far more robust approach.

One of the touted benefits of the SASE framework is the opportunity to address the challenges created by a patchwork of vendors and policies deployed incrementally, often over many years, in response to evolving security threats. The result has often led to complexity for both users and administrators, with different product lifecycles creating both confusion and potential weakness within the security posture. SASE is viewed as a pragmatic security model that provides an opportunity to rationalise and consolidate vendors to reduce complexity and potentially cut costs.

High assurance risk

For smaller organisations and those in un- or lightly regulated industries, single vendor SASE is a viable option. It provides a clear security framework and, with a single contract and single console, an organisation has a complete view of its security posture in one place, most likely for the very first time. For those organisations operating in regulated industries, including government, finance, critical national infrastructure and healthcare, however, single vendor SASE creates an unacceptable risk and one that no CISO should countenance.

A key point is that no vendor can offer best of breed technology across the entire SASE solution, which means organisations will by default compromise the quality of technology in one or more areas. Far more concerning, though, is the risk created by the single source of all security components: one of the many benefits of SASE is its delivery as a cloud orchestrated service, but if there is any vulnerability within the single SASE product set, it will affect every part of the framework, every part of the infrastructure.

In contrast, a SASE framework built upon individual, best of breed suppliers for each part of the solution increases the end to end quality of the SASE deployment. Furthermore, the inevitable overlap between supplier solutions also further reduces risk by adding redundancy if one firewall is compromised, for example, another part of the SASE solution will likely include functions that provide some degree of protection to safeguard the enterprise. Critically, by implementing a solution based on multiple vendors, an organisation avoids the risk associated with a single code, minimising the chance of a vulnerability affecting the entire security stack. 

Paul German

SASE without compromise

SASE is becoming an increasingly important security model for businesses of all sizes, in all industries. But there never has been a security silver bullet. While a single vendor approach creates too much risk for high assurance businesses, the concept of SASE as a framework with all of the key components built in is absolutely the right approach. The goal is to find a solution that integrates best of breed security components from multiple vendors to de-risk the security posture, while also delivering the benefits of a single managed solution, including consolidated security dashboard, from one organisation.

The author is Paul German, CEO, Certes Networks.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow.


SiTime expands addressable market with its new precision timing solution for autonomous vehicles

Posted on: September 30, 2022

Santa Clara, United States. 27 September, 2022 – SiTime Corporation, a provider in precision timing, introduced a new automotive oscillator family, based on SiTime’s advanced MEMS technology. The new differential oscillators are 10x more resilient and ensure reliable operation of ADAS across extreme road conditions and temperatures. The launch of the new automotive oscillator, AEC-Q100 SiT9396/7,

Read more

Semtech’s LoRa devices featured in Kiwi Technology gas metering solution

Posted on: September 30, 2022

Camarillo, United States. 29 September, 2022 – Semtech Corporation, a global supplier of high performance analog and mixed-signal semiconductors and advanced algorithms, announced that Kiwi Technology, an advanced internet of things (IoT) turn-key solutions and data analytics provider, is using Semtech’s LoRa devices for its new third party class B network control unit (NCU) that connects gas meters

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more
IoT Newsletter

Join the IoT Now online community for FREE, to receive: Exclusive offers for entry to all the IoT events that matter, round the world

Free access to a huge selection of the latest IoT analyst reports and industry whitepapers

The latest IoT news, as it breaks, to your inbox