Getting Your House in Order before commencing your SASE selection process.

Selecting a SASE solution can be a daunting task for any customer as  there are three separate, but intertwined areas to consider for  selection:

1. SASE Technology.
2. A Managed Services partner of the SASE Technology vendor to configure, deploy and manage that technology
3. Network connectivity provider as implementing SASE will often be driven  by significantly reducing network connectivity costs through replacing  an MPLS network with Internet links.

The key factors to consider  in making these three selections are the subject of a separate article –  but, before getting to that point, a customer should “get its own house  in order” by reviewing, consolidating, updating, etc. the following.  This information will be important to share with any or all of the  suppliers of the three SASE areas described above.

Collect Data

Collect data  on your network usage across all sites – critical for determining  network bandwidth sizing (key SASE cost driver) and internet link  requirements. Think carefully on whether you want a High  Availability solution at any, or all sites, and clearly define what that  means for you (e.g dual Internet links on different platforms and/or  dual SD-WAN appliances)

What are the critical traffic flows the SASE solution must continue to support?

• E.g. IT Support remote access to users
• Remote Users to branches/DCs/SaaS/Internet
• Branch Users to branches/DCs/SaaS/Internet

The Cloud

Think carefully about your journey to cloud – will all your  apps/workloads move to the cloud or will some stay on-premise in your DC  or your Head Office or even at some branches? This will have a  significant impact on the design of the SASE solution and its subsequent  cost. Don’t forget to consider whether internet pacing company  web sites, payment systems, etc. are staying on-premise or moving to  the cloud. Such platforms are accessed by the public or business  partners directly via the Internet, outside a SASE solution. Your MSP  will need to know this to plan for it and implement some form of traffic  inspection as part of its SASE design.

BYOD

Clarify your BYOD  policy – will remote users be able to access company resources, via the  SASE cloud security layer, with their own devices or will the policy say  that only company end point devices can be used?

Security Policies

Do a  complete, holistic review of all your security policies. Implementing  SASE means all other security products can be replaced with the SASE  cloud layer which enables consistent policy enforcement across all  users/devices; something not possible when you have deployed multiple  security point solutions from different vendors.

Such policies include, but are not limited to:

• Mobile Device Management (MDM) Policy – SASE, by definition does not include end point security but the SASE technology must seamlessly work with your end point security product as SASE will require an agent to be loaded onto your end point devicee
• BYOD Policy
• Acceptable Use Policy
• Remote Access Policy
• Network Security Policy
• Application Access & Authorisation Policy
• Identity Management | Authentication Policy

Your office has changed, and so should your network security. With flexible Secure Access Service Edge (SASE) solutions, full visibility and control are back in your hands.

Learn more about Superloop’s SASE solution with Palo Alto Networks.

Read Also:

• On-premises Firewalls or SASE Cloud Security – what Customers need to consider
• Enhancing Cybersecurity: Addressing Vulnerabilities and Embracing Cloud Security