This is part one of an article based on research conducted by S&P Global Market Intelligence, in which we reveal current best practices for deploying SASE

A change is occurring in how organisations secure their network perimeters, users, applications and data. Secure access service edge (SASE) is starting to disrupt traditional approaches to networking and security, and is giving IT professionals an opportunity to fundamentally reimagine how they design their network and security architectures.

Previously, enterprise network architecture was based on discrete silos of network and security controls, with remote access provided via virtual private networks (VPNs). These approaches are being rapidly replaced by SASE and zero-trust network access (ZTNA) architectures.

Source: Shutterstock

Getting SASE right can be a complex proposition that presents significant challenges. While major elements that make up SASE have been around in some form for at least 10 years, it is still an evolving technology.

A case study in SASE Success: India Insurance Company

As part of the research commissioned by Verizon Business to help companies cut through the noise to get a true picture of obstacles and opportunities in implementing SASE, S&P Global Market Intelligence conducted 10 in-depth interviews with decision makers and those purchasing SASE technology.

One successful SASE implementation case study was shared in an interview with a VP at one of the largest insurance companies in India, which we will refer to as “IIC” (India insurance company).

“The primary driver [for SASE] was the pandemic. Before, we had a traditional bricks-and-mortar office infrastructure. When the pandemic hit, everything was being provisioned by the company. There was no way to use ‘bring your own devices (BYOD) – only company-owned, hardened machines could be used […] which took 10-15 days to provision,” he said.

Suddenly, many users, particularly contractors, did not meet security requirements because controls were not designed for off-site workers. In response, IIC implemented a SASE project focused initially on data access, followed by applications.

“Now, we can fully support BYOD, which was the hardest problem to solve. We were forced to go with an agentless approach, through an outside portal […] new employees and contractors are now productive from day one instead of waiting for their machine to arrive,” said the respondent, an Executive Vice President and Head of Business Systems and Infrastructure at the IIC, which currently employs over 10,000 people..

The company could immediately improve the user experience, meet remote worker security and compliance requirements, and improve productivity by supporting BYOD, which enabled employees and contractors to begin work immediately.

What is driving SASE adoption?

Some compelling factors driving SASE adoption are the size and maturity of organisations. For more mature, technically sophisticated enterprises, SASE implementations are motivated more by business and digital transformation needs than technical requirements.

Common business drivers include improved business agility, cost reduction, support for hybrid work (office-based and remote workers), improved end-user experience, reduced threat impact and risk, improved compliance and competitive pressure.

Source: Shutterstock

Larger organisations, especially those with over 10,000 employees, tend to suffer from technical debt and incompatible legacy systems that slow down deployments. Conversely, smaller organisations tend to adopt solutions faster and can often source the entire SASE stack from a single vendor.

Common technical drivers include network, security, IT modernisation and simplification, and simplified management of rapidly growing networks.

Key considerations for implementing SASE

Research participants indicated a variety of deployment approaches. None indicated embarking on a “big bang” implementation: some organisations rolled SASE out to high-risk users and apps first, while others chose lower-risk users and applications.

For example, some organisations with high short term risk exposures, such as the potential for breaches or failing compliance audits, chose to solve the issue for those groups first. Others, less concerned about short-term risk, took a more conservative approach like deploying to staff already using modern cloud apps.

“It was all about basic access first to support the remote workforce. Subsequently, it was about business-critical targets and high-risk estates, with quick wins peppered in between,” said one respondent, a Regional Information Security Manager for a large Australian IT services company.

“Any users who can migrate without losing any access to unsupported apps naturally will do so. This provides a faster, better user experience that rewards the user to move to SASE. They were excited to move away from VPN and use [it] as a […] fall-back plan,” said another, a Regional CISO at a large Singapore engineering firm.

Overall SASE projects vary in duration (from initial sign-off to production) from 6-12 months to over three years. Nearly half (45%) of all respondents indicated durations of 12 months or less; another 45% fell in the 13 to 36 month range; and the remaining 10% indicated more than three years to complete a SASE implementation.

In Asia Pacific, only one-third of participants indicated that SASE was deployed as part of a digital transformation initiative, as compared with three-quarters of their counterparts in Europe.

End matters

In the next part of this article, we’ll be looking more deeply into the study’s results, and getting the thoughts of Rob Le Busque, Regional Vice President at Verizon, APAC. In the meantime, head to this page to learn from the experiences of enterprises who have already migrated to SASE, detailed in the report produced in collaboration with S&P Global Market Intelligence.

Continue your exploration of SASE adoption with Part 2 of this feature, which will cover in-depth study results and insights from Rob Le Busque. Check back in the coming weeks for the next instalment and in the meantime, you can explore the research and business impact briefs for comprehensive insights at the following links: Research | Business Impact Briefs.