Can anyone share best practices/tips for implementing SASE with one vendor?
Sort By:
Oldest
Director of Enablement4 months ago
Absolutely - but when you say ‘one vendor’, this can be interpreted many ways. Let’s quickly explore from hardest, to easiest. 1) Multi-product (or sometimes ‘unified’) SASE: this is where a vendor has multiple legacy pieces of software, and they have decided to push them together and call it SASE. This can sometimes happen through 3rd party integrations, or the software stack has been built through acquisitions.
2) True single-vendor SASE: this is where the vendor has a converged stack, with a consistent context across their entire backbone. This happens when the vendor has built everything themselves, and do not rely on old code bases (e.g the vendor originated as a SaaS SASE company, instead of previously selling on-prem firewalls).
Now as for best practices, this can be a very time consuming conversation; so here’s my quick suggestions:
- start with the user, before moving to an SD-WAN deployment. Use a single SDP client to test connectivity, validate policies and ensure that created security rules do not impact application performance. Don’t forget to include the wide gamut of ZTNA capabilities while you’re at it!
- Once happy, move to deploying your sites, as this can be a lot easier once you’ve tested your users!
A true SASE company barely differentiates between a site and a laptop, as the E in SASE stands for edge. It’s not a remote worker, it’s a branch office of 1 that poses a security risk to your network. So policies and configurations have to be consistent to follow your workforce without impeding their productivity.
If you want to talk specifics about best practise or tips, feel free to reach out to me (either here or other social channels) and I’ll happily discuss further
Today,
More user traffic is heading to cloud services than data centers, work is happening off the network, workloads are running more on cloud services than data centers
More SaaS applications, data is housed on cloud, Perimeter of network and security is shifting from enterprise to anywhere over the internet and cloud, Hence appropriate solution is required to move from hub and spoke network to wherever users.
There are vendors like Fortnet ForteSASE, ZScaler, Paloalto Prisma SASE, CATOSASE.
It is recommended to stick to vendor, go step by step enabling the capabilities as the phenomena of implementation of SASE is evolving and changing fast, it is impractical to have it implmented 1st time right.