Getting a business grip on security frameworks

Trying to explain secure access service edge (SASE pronounced ‘sassy’) and zero trust can be exasperating when you’re making the case for business leaders to invest in new products and infrastructure. The onus is on IT leaders to focus top executives on the business benefits these technology concepts entail and how they will advance the cause of enterprise security.

Both SASE and zero trust are fast-evolving security concepts, creating somewhat of a moving target. Vendors and service providers are eager to frame those concepts within the frameworks of their own offerings; that can create confusion, though.

“Currently, the single greatest hurdle the market is facing is a high degree of hype and confusion,” IDC analysts explained in 2021. “In its current state, SASE must be explained over and over again and customer expectations must be managed.”

Evolving quickly

The analyst insights underscore that the role and definition of SASE and zero trust is evolving at a faster pace than traditional legacy solutions for networks and security. “The SASE concept has placed tremendous pressure on vendors to combine networking and network security into a single as-a-service offering,” IDC points out.

According to Gartner, which coined the term, SASE combines network security with WAN capabilities, and can encompass multiple components such as SD-WAN, secure web gateways, cloud access security broker functions, firewall as a service, and zero trust network access (ZTNA) in a cloud-native delivery model.

While there are a growing number of available ZTNA offerings, “There is no silver bullet product or service, nor even a coherent, integrated suite of products or services, that delivers ‘zero trust in a box,’” according to Nemertes CTO John Burke writes.

ZTNA fits within a broader zero trust architecture (ZTA) that involves protecting assets, workflows, and services. An emerging class of zero trust application access (ZTAA) offerings further complicates attempts to explain the differences in business terms.

Transformative explanations

When it comes to networking and security, though, confusing acronyms are nothing new. But what has changed is the speed and nature of the delivery. The SASE model embodies flexibility and integration, and is delivered as-a-service, all of which should appeal to CEOs, CFOs, and other business decision-makers.

Other key points to keep the discussion focused on key business benefits, include:

• SASE represents a transformative approach that “will ultimately enable better security outcomes and business value.” — IDC 

• A single policy platform at the heart of zero trust architecture “would minimize the number of integrations the enterprise would have to create and maintain, or the amount of redundant work the enterprise would have to perform…” — Nemertes

• “SASE combines networking and security into a scalable cloud service that fits with the remote and hybrid work models companies use today. Potential benefits include easier network and security management, flexibility to scale up or down as business needs require, and lower costs.” – Network World

• “94% of respondents say their adoption of SASE solutions has accelerated due to the need to make digital services and/or remote/hybrid work sustainable for the long term.” — CIO 2022 SASE Market Trends Study

As you evaluate SASE and zero-trust offerings, making sure solutions and services providers are first making the business case for your organization is the best way to simplify decision-making process. Learn more about evolving security frameworks in the on-demand webinar from Comcast Business: “Beyond the Buzzwords – Networks and Security Converge”