July 11, 2024

Overcoming the 6 biggest challenges of SASE deployment

Richard Kirby
Richard Kirby
Product Development Manager

There’s a growing consensus that legacy security and network architectures are ill-equipped to keep up with the dynamic nature of modern distributed IT systems and users. This is why Secure Access Service Edge, or SASE, has emerged as the go-to solution for converging network and security capabilities, and securing dispersed and hybrid work environments.

However, implementing SASE architectures is often too complex for internal teams to tackle alone.

In this study, commissioned by Cisco, ESG Research identified six key challenges organisations face – or expect to face – when implementing SASE. Let’s take a look ESG’s key findings (ranked in order of importance) and see how consuming SASE as a managed service through an MSP like Data#3 can smooth the journey.

Challenge 1: Getting cross-functional agreement on a SASE strategy

How MSPs help: MSPs provide transparent communication, tailored solutions, and consensus-building across business units when devising and implementing a SASE strategy.

Before moving forward with SASE adoption, all stakeholders need to understand how the chosen strategy and its underlying decisions impact different facets of the business. Given that SASE often requires a tailored approach considering the organisation’s unique environment and challenges, rather than a one-size-fits-all solution, having proven expertise to shape the solution is an invaluable first step in this process. In our role as an MSP, Data#3 can outline how SASE implementation and management will address the organisation’s concerns and meet its objectives – ultimately providing transparency and assurance around strategy and alignment.

Entrusting the responsibility to a specialised team further alleviates any uncertainties about the technical capabilities needed to see the deployment through to completion.

Challenge 2: Migrating existing security policies

How MSPs help: Migrating existing security policies to a SASE framework calls for strategic vendor selection, comprehensive managed services, and a clear understanding of the broader security implications inherent in cloud-centric architectures.

Deploying SASE involves transitioning from static on-premises security controls to a unified cloud environment. This shift requires existing policies to be refined, and new ones to be developed in alignment with the SASE framework. Given the risks associated with migrating policies and the potential breadth of impact, it’s not surprising that organisations lack the confidence or internal expertise to execute effectively.

Adding to the dilemma is the fact that the effectiveness of policy migration largely depends on the chosen vendor. For example, Palo Alto Networks offers familiar firewall-centric approaches, while other vendors such as Cisco and Zscaler take a different approach that diverges from traditional firewall policies. So, in most cases, simply transplanting traditional firewall policies into the cloud will not work.

An MSP that understands the nuanced complexities of SASE and vendor offerings will deliver a far more holistic solution that goes beyond policy management. For example, at Data#3, we offer a differentiated approach by not only migrating and managing policies, but also providing incident management services, including incident detection, notification, and remediation assistance. Or if an organisation lacks the resources or expertise to establish a Security Operations Center (SOC), partnering with an MSP like Data#3 can serve as a valuable stepping-stone towards achieving SOC capabilities.

The takeaway here is that making use of the skills, knowledge, and experience of MSPs like Data#3 is the key to deploying tier 1 security solutions more effectively.

Challenge 3: Aligning with a zero-trust initiative

How MSPs help: MSPs guide organisations towards the adoption of zero-trust security, addressing the complexities of implementation and ongoing management while aligning policies with evolving threats and compliance requirements.

Boards, cyber insurance providers, and governments are all crying out for the adoption of zero-trust – and for good reason. But zero-trust is often misunderstood as a product rather than an architecture. In reality, zero-trust looks different for each organisation and should be adopted as a policy-based access approach, not a single vendor solution.

Implementing zero-trust security is hard. Doing it well is even harder. However, SASE as a managed service completes an important piece of the zero-trust puzzle. MSPs can help establish and oversee policies, guiding organisations towards the realisation of true zero-trust (remember, zero-trust is an ongoing journey rather than a one-time solution) with ongoing management and maintenance wrapped up in the service.

Challenge 4: Correlation of security and network data to avoid gaps and provide a single unified view

How MSPs help: MSPs deploy leading SASE solutions and back them up with continuous monitoring and rapid incident response, protecting against security threats around the clock.

Correlating security and network data, with the expertise needed to interpret various tools and datasets, enables the accurate assessment of risk and fosters a safer digital environment. However, navigating this terrain without seasoned experts increases risk. The multitude of disparate tools and data sources creates complexity, hindering the attainment of a comprehensive view and concealing vulnerabilities and potential security events.

Data#3 helps you adopt streamlined solutions that transcend traditional siloes and avoid these gaps. With right-fit SASE solutions in place, we can assess users’ activities and determine if they are venturing into potentially dangerous territories. Or we can offer management solutions that trigger incident reports for more proactive intervention. We also provide expert oversight and incident response capabilities, even during non-business hours. This proactive approach contrasts with other MSPs that may only notify of issues without providing an immediate expert response.

Challenge 5: Understanding when all cloud-based is the best choice

How MSPs help: MSPs can help you recognise and realise the benefits of consolidation, standardisation, and continuous updates offered by solutions like SASE.

With SASE, the control plane for users shifts to the cloud, consolidating potentially numerous firewalls and other perimeter security platforms into a single cloud-based interface. This is particularly helpful when it comes to simplifying policy management and ensuring consistency across the network. Instead of configuring multiple policies for each firewall, organisations can maintain a single policy that applies universally. Standardising policies like this is a big plus for compliance efforts, particularly when it comes to audits.

Consider also the “evergreen” nature of cloud-based solutions. They eliminate the need for manual patching, ensuring consistent access to the latest security features and updates. This uplifts security and reduces maintenance and operational costs while avoiding unplanned downtime through patching gone wrong.

Taking a DIY approach to replicating policies across multiple sites is not easy; we’ve seen many customers stumble when attempting it on their own. Relying on the expertise of MSPs to help you achieve an all-cloud-based solution will ensure a far more efficient implementation, seamless policy replication, and ongoing support for your cybersecurity infrastructure.

Challenge 6: Getting cross-functional agreement on SASE vendors

How MSPs help: MSPs support organisations to focus on the benefits of SASE without being bogged down by vendor selection choices.

While there is a relatively limited selection of traditional firewall solutions, the abundance of SASE solution options available in the market makes it hard to get cross-functional agreement. With several high-profile vendors gathering attention, and new vendor acquisitions seemingly every other week, you will want help selecting the right ones for your organisation.

Working with an MSP like Data#3 alleviates much of this decision-making burden. MSPs possess expertise across a wide range of solutions and are well-versed in simplifying the vendor selection and implementation process. They know the capabilities, functionality, and integrations you will need, and which solutions will deliver on your SASE strategy – all while taking into account your existing investments.

Get your SASE strategies right with Data#3

When it comes to Cisco solutions, Data#3’s capabilities are unmatched in Australia. We also appreciate that less tangible aspects like culture and approach are as important as technical expertise. Our customers trust us to deliver, and we prioritise earning and maintaining that trust – which is why we were awarded Cisco’s APJC Customer Experience Partner of the Year.

Get in touch with our team to explore the agility, security and cost benefits of Cisco’s SD-WAN and SASE technologies – supported by Data#3’s highly honed managed services.