Research Note: SASE Purchasing Decisions
A Comprehensive Assessment
SASE purchasing decisions typically begin with a comprehensive assessment of existing network and security infrastructure, identifying areas where consolidation can drive both cost savings and operational efficiency. The journey usually starts with securing quick wins through cloud-native security services (often beginning with remote access and cloud security) while developing a parallel strategy for modernizing network infrastructure. Organizations then face critical decisions around single versus multi-vendor approaches, balancing the simplicity of unified solutions against best-of-breed capabilities, with most enterprises initially pursuing a hybrid approach that aligns with their technical debt retirement strategy. The procurement process requires careful orchestration across traditionally siloed networking and security teams, often necessitating new governance models and shared KPIs to ensure alignment. Finally, successful SASE implementations demand a well-structured consumption model that balances CAPEX reduction through cloud services against the need for predictable operational costs, typically resulting in a 24-36 month transformation roadmap with clearly defined business outcomes at each milestone.
Network Foundation
SD-WAN selection forms the critical first layer, including carrier services and connectivity options. WAN optimization capabilities must be evaluated for application performance requirements. Transit and backbone services selection impacts global reach and performance. Edge infrastructure decisions including hardware vs. cloud-native approach need consideration. Network monitoring and management tools must align with operational capabilities.
Security Core Components
Cloud access security broker (CASB) selection for cloud application security and visibility comes first. Zero Trust Network Access (ZTNA) replaces traditional VPN infrastructure. Secure Web Gateway (SWG) provides web filtering and threat protection. Next-Generation Firewall as a Service (FWaaS) delivers cloud-based network security. Data Loss Prevention (DLP) protects sensitive information across all channels.
Advanced Security Services
Remote Browser Isolation (RBI) for secure web access from any device. Web Application Firewall (WAF) protects web-facing applications. DNS security services filter malicious domains and content. Email security integration protects against phishing and malware. Advanced threat protection including sandboxing and malware analysis.
Identity and Access
Identity and access management (IAM) platform selection is crucial for zero trust. Multi-factor authentication (MFA) implementation across all services. Single sign-on (SSO) capabilities for seamless user experience. Privileged access management (PAM) for administrative controls. Device posture assessment and endpoint security integration.
Management and Operations
Security orchestration and automation (SOAR) platform selection. Security information and event management (SIEM) integration. Network and security policy management tools. Analytics and reporting capabilities for compliance and optimization. Incident response and remediation workflow tools.
Additional information:
SD-WAN: SD-WAN technology purchases may include edge devices, orchestration and management platforms, transport services, and application optimization tools. These components work together to create a flexible, resilient, and optimized network fabric that can intelligently route traffic across multiple connectivity options. SD-WAN solutions often incorporate security features such as encryption, segmentation, and policy enforcement to protect data and applications traversing the network.
ROI: SD-WAN investments can deliver significant return on investment by reducing MPLS costs, improving network agility and scalability, and enhancing application performance and user experience. By leveraging cost-effective broadband and wireless connections, organizations can realize substantial savings on network transport expenses. SD-WAN's centralized management and automation capabilities also streamline operations, freeing up IT resources to focus on more strategic initiatives.
Cloud Security: Cloud security technology purchases may encompass CASB, ZTNA, SWG, FWaaS, and RBI solutions. These components provide a comprehensive security framework for protecting cloud applications, data, and user access. They enable organizations to enforce granular access controls, detect and mitigate threats, and maintain visibility and compliance across multiple cloud environments.
ROI: Investing in cloud security technologies can help organizations reduce the risk of costly data breaches, regulatory fines, and reputational damage. By preventing unauthorized access, data loss, and advanced threats, these solutions contribute to the overall security posture and resilience of the organization. Cloud security investments also enable organizations to confidently adopt cloud services and pursue digital transformation initiatives, unlocking new opportunities for growth and innovation.
Network Security: Network security technology purchases may include NGFW, IPS/IDS, DDoS protection, VPN, and DNS security solutions. These components form the foundation of an organization's network defense strategy, protecting against a wide range of threats such as malware, intrusions, unauthorized access, and service disruptions. They provide advanced threat prevention, detection, and response capabilities to safeguard critical assets and maintain network availability and performance.
ROI: Network security investments are essential for preventing costly downtime, data breaches, and productivity losses. By identifying and blocking threats in real-time, these solutions minimize the impact of security incidents on business operations. Robust network security also enables organizations to meet regulatory compliance requirements, avoiding potential fines and legal liabilities.
Management and Operations: Management and operations technology purchases may involve SIEM/SOAR, policy management, analytics and reporting, and orchestration and automation tools. These solutions provide a centralized platform for monitoring, analyzing, and responding to security events across the entire SASE framework. They enable organizations to define and enforce consistent policies, automate repetitive tasks, and derive actionable insights from vast amounts of security data.
ROI: Investments in management and operations technologies can significantly improve security team efficiency and effectiveness. By automating manual processes, reducing alert fatigue, and enabling rapid incident response, these solutions help organizations optimize their security resources and mitigate risks more proactively. Centralized management and real-time visibility also facilitate compliance reporting and auditing, saving time and effort.
Identity and Access: Identity and access technology purchases may include IAM, SSO, MFA, PAM, and user behavior analytics solutions. These components are critical for managing user identities, enforcing strong authentication, and controlling access to resources across the SASE framework. They ensure that only authorized users can access sensitive data and applications, while providing a seamless and secure user experience.
ROI: Investing in identity and access technologies can significantly reduce the risk of unauthorized access, data breaches, and insider threats. By implementing strong authentication and granular access controls, organizations can prevent costly security incidents and protect their valuable assets. These solutions also streamline user provisioning and access management processes, reducing IT workload and improving productivity.