Details

Published on 21 September 2023

(Credit: Zoonar GmbH / Alamy Stock Photo)

SASE offers streamlined provisioning and enhanced security when adding remote offices, WFH sites, and mobile workers to enterprise networks.

Stated simply, secure access service edge, also known as SASE, is a cloud architecture that combines network and cloud-native security technologies and delivers them as a single cloud service.

As a result, SASE enables enterprises to use a single management console to bring together their network and security tools. This recasts network expansion by providing a simple security and networking tool that's independent of where employees and resources are located.

With the number of remote workers increasing and more organizations using cloud services to run applications, SASE offers a fast, affordable, and scalable SaaS product that covers both networking and security functions.

Network Expansion to Date and Going Forward

“Irrespective of SASE, there’s been a general trend to make network deployments easier over the past decade,” explained Mauricio Sanchez, Senior. Director, Enterprise Security & Networking Research at Dell’Oro Group, a network infrastructure market research and analysis firm. "The classic case is dropping shipping a box somewhere (a router, a Wi-Fi AP, etc.) and having it automatically provision its network policy by itself once it gets plugged in."

Fast forward to what’s happening with SASE, that ease-of-deployment and auto-provisioning is extending to the security and endpoint side. “On the security side, the user/SASE security policy is now starting to be attached to the network provisioning workflows, which gets us one step closer to secure networks out of the box,” said Sanchez.

"On the endpoint side, it's a conversation about how to get endpoints (laptops, iPads, phones) secure connectivity." As a result, SASE solutions are now extending to help provision that secure connectivity a lot faster and better than before.

What SASE Solutions Include

SASE requires little to no hardware and uses cloud technology to bring together (SD-WAN) with network security functions. They include Firewall-as-a-Service (FWaaS), Software-as-a-Service (SaaS), Secure web gateways, Cloud access security brokers, and Zero Trust Network Access.

Beyond Provisioning to Zero Trust Network Access (ZTNA)

Enterprises beset with adding a growing number of remotes and WFH locations still need to face ZTNA. Any SASE solution worth its beans is going to be able to show how it helps improve zero-trust in the organization. “When lighting those new remote sites or users, it’s vital to leverage zero trust philosophy and make sure those remote sites/users only get the access they need and no more,” explained Sanchez. Otherwise, he added, it’s as good as leaving the back door open.

Why the growth in enterprise networks?

SASE has taken center stage in network planning as enterprises face a two-headed challenge or provide secure access to far-flung locations (many of which are gaining broadband access per the Broadband Equity, Access and Deployment program (BEAD) while simultaneously supporting employees working from home. IT security staff can also use SASE to cover mobile connections and the attached devices.

BEAD: BEAD provides $42.45 billion to expand high-speed internet access by funding planning, infrastructure deployment, and adoption programs in all 50 states. With the funding amounts per state recently announced (each received $100 million), the focus has shifted to the actual deployment of broadband services to unserved and underserved areas in a bid to finally close the Digital Divide.

WFH: Security is of paramount importance when supporting WFH as workers had not planned that their home would be their office and often know little about broadband access networking and security challenges. While some large U.S. employers are trying to get WFHomers back in the corporate office, working from home full time will continue forward.

Mobile Workforce: Beyond federal and state-funded broadband rollout efforts already underway, the rapid emergence of 5G networks has network and business planners looking to better secure connections to fast-growing mobile workforces, be they in sales, support, field service, etc.

SASE to the Rescue for Network Expansion

Having scrutinized the SASE market for years, Sanchez has found items network planners should look for in bringing on a solution:

• Agent deployment: “Good SASE solutions have a mechanism to deploy/install agents via an email invitation.”
• Agentless: “For transient users that don’t want to download an agent, there are SASE solutions that support agentless modes (through the web browser isolation).” It’s a bit like taking Zoom or Teams calls within a web browser, he added.
• Hardware on-prem: Though not cheap, there are still some vendors that offer equipment for the home. These little hardware boxes set up a secure extension of the corporate LAN in the home environment.

The Final Word on SASE for Secure Network Expansion

It's easy to be wowed by vendors that have long lists of "nerd" knobs and overlook operational fit, warned Sanchez. "There's no point in buying a SASE solution that has 300 different features if none of those are going make deployment and day-to-day operations successful."

Related articles:

• What to Consider When Choosing a SASE Vendor
• Top 10 Things to Look for in a SASE Architecture
• SASE Implementation: Five Steps to Take Before You Go Live

Details

Published on 21 September 2023

(Credit: NicoElNino / Alamy Stock Photo)

SD-WAN gives enterprises a wide array of services to build and enhance their networks to meet today’s ever-changing business needs.

SD-WAN has won over businesses worldwide largely because it enables IT managers to control and manage their network more easily than had been previously possible by past approaches that required them to manage underlying hardware for WAN networks.

SD-WAN enables you to deliver benefits, including higher performance and lower latency. These benefits of SD-WAN result in a heightened user experience.

What is SD-WAN? A Quick Introduction

A software-defined wide-area network (SD-WAN) is a virtual WAN architecture that allows enterprises to leverage any assortment of transport services to securely link uses to desired applications. The list of transport services includes broadband Internet, Multiprotocol Label Switching, and Long-Term Evolution (wireless).

The increasingly popular and flexible SD-WAN architecture provides a network overlay and decouples network software services from hardware-provided WAN links. SD-WAN gives you a wide array of cost-effective and versatile services with which to build and enhance your enterprise network to meet today’s ever-changing business needs.

The Benefits of SD-WAN

The rising need to connect branch offices more easily and effectively and those working from far-flung home bases has IT teams embracing an SD-WAN architecture. The benefits of SD-WAN are many and varied. They include – but are not limited to – central management of network operations with visibility, a simplified WAN infrastructure, increased security via a smooth transition to SASE, heightened business agility, and reduced WAN costs.

1. Enhanced connectivity and reliability

SD-WAN helps to improve network connectivity by allowing different devices on a network to share files and data. SD-WAN can improve employee productivity and connectivity by eliminating the need for traditional network links between locations. By managing traffic centrally, SD-WAN can prevent network congestion, thus improving overall network performance.

SD-WAN can help improve connectivity by routing data through multiple servers rather than the traditional network infrastructure. That improves performance and reliability.

2. Increased bandwidth and efficiency

By deploying SD-WAN, you can optimize network performance while providing more reliable and secure access to applications, data, and cloud services. SD-WAN will select between available transport options, selecting the optimal transport for a given application.

With SD-WAN, businesses can scale bandwidth up or down with little notice. You can also distribute bandwidth to accommodate flash conditions or new applications. In an important distinction, the SD-WAN – not a service provider – controls bandwidth allocation. That helps businesses ensure that lifeblood applications receive the required bandwidth when needed.

3. Easier network management

SD-WAN reduces network complexity by centralizing network management and control in a single platform. The resulting benefits are simplified operations and a reduction in network maintenance costs.

Lower administration costs and greater control together provide a level of network visibility unavailable with traditional network approaches.

Network management becomes easier as an SD-WAN solution enables automatic workload balancing and WAN congestion management for best performance and low routing costs.

4. Improved cybersecurity and protection

Because the SD-WAN architecture routes traffic over multiple links and provides better bandwidth utilization, it ensures that data is securely transmitted between different locations.

SD-WAN also offers your business secure traffic segmentation and provides an additional layer of security to ensure that unauthorized parties do not access data. That helps to protect organizations against data breaches and other cybersecurity challenges.

When SD-WAN is understood as a conceptual delivery model for services, it can then underpin many best practices for security. It’s not a matter of SD-WAN versusSASE but the knowledge that SD-WAN delivers the foundational building blocks of SASE. The network is still one of the best places for many security controls. The WAN edge creates an efficient and effective policy enforcement point and one that also provides the means for better observing and controlling zone boundaries and related security requirements. With ZTNA (Zero Trust Network Access), the coin firmly lands on the "default deny" posture, being the most advantageous and robust compared to the less secure "default permit."

5. Ability to adapt to changes in demand

With SD-WAN, businesses can scale bandwidth up or down with little notice. You can also redistribute bandwidth to accommodate flash conditions or new applications. In an important distinction, the SD-WAN – not a service provider – controls bandwidth allocation. That helps your business ensure that lifeblood applications receive the required bandwidth when needed.

6. Increased flexibility

An SD-WAN provides increased flexibility since it can use multiple transport options. A tremendous amount of flexibility is realized by configuring remote sites forMPLS, broadband, cellular, and more. That makes connecting branch locations lighter lifting, regardless of their physical location or carrier restrictions.

An SD-WAN solution enables automatic workload balancing and WAN congestion management for best performance and low routing costs.

7. Reduced costs

SD-WAN helps you reduce costs, in part from savings from switching to less expensive IP circuits, which can easily be right-sized. Add in SD-WANs reduced deployment costs, reduced IT management expenses, and lighter use of IT management, savings build.

For example, an SD-WAN handles connections and encryption, which saves on the costs of the firewalls needed for VPN links. The SD-WAN intelligently automatically builds the required tunnels between an organization’s locations.

The network administrator sets the routing policies for the operation. With the introduction of this technology, it is possible to optimize internal processes related to information management and enterprise network management, significantly improving application and employee productivity.

8. Improved application and network performance

When you consider that networks support applications that use varying levels of services, SD-WAN becomes a natural solution as it provides flexible pathways per application. The resulting benefit of SD-WAN is that it prevents performance-intensive applications from clogging networks and hurting low-latency applications. With SD-WAN, data flow becomes reliable, and networks no longer experience vulnerabilities due to dropped data packets or blocked or lost data.

Perhaps the most important advantage of your use of SD-WAN is enhancing the cloud application performance. That is because the solution identifies the easiest or the best route. Connecting over the Internet using an SD-WAN system provides the shortest route to the application, which boosts performance.

9. Improved user experience

To keep businesses competitive and their remote workers productive, SD-WAN lets you deliver a superior user experience. Stated simply, this means that application access and use must be seamless and secure. SD-WAN is the most effective strategy for remote users to connect with applications and workloads running on cloud providers. SD-WAN helps you achieve this goal by providing a simplified, automated, operationally efficient, and secure cloud on-ramp.

But your success with SD-WAN depends on selecting a secure solution designed for your business today and in the future. An advanced SD-WAN offering for evolving companies is capable of centrally connecting, unifying, automating, and orchestrating access, connectivity, and security across disparate environments.

10. Increased uptime

SD-WAN offers more flexibility and the ability to overcome the high bandwidth costs of MPLS services by integrating internet transport options, including fiber, wireless, and cable, into the WAN. This results in the formation of a virtual overlay across all selected transport offerings.

With features like load balancing and measuring the quality of each link, SD-WAN provides the high uptime businesses demand by using a mix of internet connections. Because an SD-WAN uses multiple connections, an organization’s entire network will not go down if one link goes down. Your SD-WAN won’t use that connection until it’s back up. That boosts network uptime.

How to Choose the Right SD-WAN Solution for Your Business

To realize the many benefits of an SD-WAN for your business, it is paramount that you select a provider that meets the evolving needs of your enterprise. No one size fits all. Different organizations have differing needs and priorities. Below are helpful tips designed to help you find the optimal match.

Step 1: Look for solutions that support your goals and needs.

While it may sound vague, you should look for solutions that meet your specific goals and needs. An SD-WAN that works well for businesses in the auto industry may not be the best fit for companies in the agriculture industry, as each have specific (and varying) needs.

In fact, SD-WAN solutions also vary by the size of your company’s network, data traffic, and type of core applications. It is best to focus on the specific needs of your company and align those with current and future business goals.

Step 2: Check user reviews and testimonials

Checking user reviews and testimonials can help you zero in on the SD-WAN that fits best. Vendors publicize customer case studies and even use cases.

To get a more balanced and candid take on a vendor's SD-WAN offering(s), attending the vendor’s annual users’ group (or annual customer event) could pay big dividends as vendors typically share their product roadmap and detail enhancements they are considering based on requests from actual customers. Product sunsetting is often discussed.

Step 3: Verify compatibility with existing equipment.

As with most any technology purchase of value, have your IT team verify the compatibility of the service with the equipment you are currently using. Most companies cannot afford the disruption and cost of equipment rip and replace. Prospective vendors should be able to provide supporting documentation and more. Consult a solutions engineer from your short list of potential suppliers.

Step 4: Evaluate the solution's user interface and ease of use.

Often, the most technically advanced solutions are built for the most tech-savvy end-users and to perform the most advanced capabilities. That is fine, but it is crucial to your business success and SD-WAN selection that the package features a simple user interface and provides general ease of use for all workers.

The time required to get employees up to speed on a new tech system should be minimal. Time is truly money. And a challenging user interface – or difficulty using an SD-WAN can slow your advance.

Step 5: Assess customer service offerings.

When attempting to ascertain the level of customer service a vendor offers with its SD-WAN offering, it is tough to know if the customer is king or just simply another in a lengthy list of businesses using their product.

In a world of constant outages, disruptions, cyberattacks, and other painful anomalies, it is essential to get details on your prospects’ backup plans, mean time to repair, if they or their channels provide customer service, and who is your single point of contact in the event of problems. Finally, does the vendor have a service organization, or does it farm this function out?

Details

Published on 14 August 2023

(Credit: Juan Roballo / Alamy Stock Photo)

A Dell’Oro Group forecast report finds great and growing interest in single-vendor SASE over multi-vendor solutions.

Single-vendor SASE solutions are expected to grow twice as fast as multi-vendor approaches, according to a recent forecast report by Dell’Oro Group, a global infrastructure research firm.

The report results signify that more enterprises are opting for one company – as opposed to many - to deliver and support advanced security systems. Dell'Oro names 11 vendors capable of delivering single-vendor SASE solutions.

Secure Access Service Edge (SASE) is an enterprise networking technology category introduced by Gartner in 2019. It converges the functions of network and security solutions into a unified, global cloud-native service. SASE allows an architectural transformation of enterprise networking and security. That, in turn, lets IT provide an agile and adaptable service to its users. It combines WAN edge services with Secure Service Edge tools and services to securely connect remote users and sites to data, cloud services, and the enterprise.

“Since we started tracking the SASE market in 2019, multi-vendor solutions have represented most of the market compared to single-vendor. However, in 2023 we anticipate that single-vendor SASE will become most of the market,” said Mauricio Sanchez, Senior Director, Enterprise Security and Networking at Dell’Oro Group. "As single-vendor SASE solution maturity increases, so has the comfort of purchasing it all from a single vendor. The pressure to go after best-of-breed from multiple vendors is slowly diminishing," added Sanchez.

Benefits of a single vendor SASE solution

There are multiple benefits to the single-vendor approach. They include:

No finger-pointing between vendors: When problems arise, single-vendor SASE eliminates the possibility of the painful and time-consuming finger-pointing that sometimes occurs between vendors in multi-vendor SASE.

Improved IT team productivity and effectiveness: SASE requires five major components spanning networking and security to work together, and in single-vendor SASE, they are all provided by the same vendor as a tightly integrated and validated technology stack.

Clearer SLAs (service level agreements): Regarding uptime or performance, SLAs associated with single-vendor SASE are not muddled by the complexities of dealing with multi-vendor SLAs in multi-vendor SASE.

(Hopefully) better pricing: One would expect to get better pricing from a single vendor than (best-of-breed) multi-vendor. However, this may not always be the case.

Disadvantages of a multi-vendor SASE solution

Enterprises often find problems when dealing with multiple vendors in any part of the market or with any technology. The same is true for SASE. Some of the common disadvantages include:

• Risk of vendor finger-pointing when things go south.
• Reduced IT effectiveness because of having to manage components across multiple vendors.
• Cloudier SLAs because they are dealing with two vendors.
• Likely higher cost

Perhaps more interesting is why enterprises go multi-vendor, Sanchez said. “There is an argument for best-of-breed. Some enterprises may find that they can only address their security and networking requirements using multiple vendors.”

Right here, right now. The 11 single-vendor SASE providers

The Dell’Oro forecast report identifies 11 vendors that can deliver complete SASE systems. They include:

• Aruba Networks
• Aryaka
• Cato Networks
• Check Point Software
• Cisco
• Forcepoint
• Fortinet
• Juniper Networks
• Palo Alto Networks
• Versa Networks
• VMware

The SASE market forecast

Single-vendor SASE cumulative market is projected to reach $34 B between 2022 and 2027, according to the Dell’Oro forecast report, while multi-vendor SASE solutions will continue to occupy a significant part of the market, with an expected enterprise spend of $29 B between 2022 and 2027. The combined SASE market is anticipated to grow at a five-year compound annual growth rate (CAGR) of over 30 percent between 2022 and 2027.

The report's many projections should help IT leaders with the SASE selection process, which can be challenging. Knowing the basics of the security solution, combined with market intelligence, should help teams ask the right questions in discussions with potential vendor suitors.

Over the years, the Dell’Oro Group, like others, segmented its coverage of the SASE solutions market by technology (SSE versus SD-WAN) and implementation (unified versus disaggregated). It further segments SSE across Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Zero-Trust Network Access (ZTNA), and Firewall-as-a-Service (FWaaS) technologies.

A final word on SASE implementation

Since it is a security architecture made up of six distinct elements, enterprises looking to start implementing SASE might choose a single-vendor system for speedier results. "In the vast preponderance of cases, dealing with a single vendor is going to see a faster pilot, purchase, and deployment cycle,” added Sanchez.

Related articles:

• SASE Implementation: Five Steps to Take Before You Go Live
• Enabling SD-WAN and SASE – An Ideal Edge Computing Use Case
• Prepare to Converge: Aligning the Priorities of Networking and Security

Details

Published on 14 August 2023

(Credit: Tetra Images / Alamy Stock Photo)

Still used to cut costs, Gray routing of SMS messages opens enterprises to security, legal, and brand damage risks.

Companies using so-called gray routing to save money with application-to-person (A2P) messaging for enterprise SMS risk crippling security attacks, unhappy customers, and a tarnished brand.

A2P messaging is a type of SMS messaging whereby texts are sent from a software application run by an enterprise to consumer devices.

What is gray routing?

SMS gray routing is when text messages are sent through a legal channel initially but, at some point, travel through illegal channels before reaching their destination. By sidestepping SMS laws and fees, gray routing reduces the cost of sending messages, according to JT Global. The name comes from the combination of white routing (legal SMS) and black routing (illegal SMS).

Using gray routes is akin to opening Pandora’s box of problems. The enterprise impact of grey route usage varies, including financial losses, quality and reliability issues, security risks, compliance breaches, loss of visibility, and customer dissatisfaction (leading to further revenue loss).

SMS gray routing accounted for 65% of all A2P traffic in 2016, according to Comviva, a Tech Mahindra company. That figure was expected to drop to 29% in 2020.

Since around 98% of all text messages are opened by the receiver, A2P messaging is a cost-effective way for businesses to increase engagement with consumers. Popular forms of A2P messages include marketing campaigns, promotional codes, appointment reminders, account pin codes, bank alerts, and shipping notifications. Many major industries have adopted A2P technology, such as retail, banking, telecom, healthcare, and travel.

The cellular networks identified a large volume of traffic going to their individual subscribers but hardly any traffic coming back. Moreover, there was a huge number of bounces in these SMSes resulting in massive revenue loss. At that time, the amount of spam messaging was also extremely high. These SMSes thus started to be coined as grey route SMS.

Gray routing risks aplenty for enterprise IT

The enterprise impact of grey route usage varies, including financial losses, quality and reliability issues, security risks, compliance breaches, loss of visibility, customer dissatisfaction (leading to further revenue loss), and more.

By bypassing official carrier networks, enterprises lose control and visibility over their communication traffic. It becomes impossible to monitor and manage the flow of messaging data, which can impact troubleshooting, capacity planning, and overall network optimization.

Cutting costs comes at a price

With gray routes, mobile network operators are not compensated for the use of their transport facilities, hence saving enterprises lots of money. However, cutting costs often comes at a price.

“Since grey routes bypass traditional carrier networks, service providers cannot bill for the traffic, resulting in revenue loss for legitimate telecom operators,” explained Dirk Wetzel, Head of Commercial Operation A2P Messaging at Syniverse, a global service provider. “This loss has a cascading effect on the ecosystem, leading to increased service costs for legitimate enterprises and their customers.”

But it can get far worse for enterprises using gray routes to deliver business SMS traffic, he cautions. “Gray routes are also usually unmonitored and unregulated, leading to potential issues with delivery quality, reliability, and security. Messaging traffic transmitted through grey routes may experience degraded message delivery failures. Such issues can adversely affect business communications, customer experience, and employee productivity.”

Carriers experience revenue leakage

Since grey routes bypass traditional carrier networks, service providers cannot bill for the traffic, resulting in revenue loss for legitimate telecom operators. This loss has a cascading effect on the ecosystem, leading to increased service costs for legitimate enterprises and customers.

Grey routes are also usually unmonitored, and since these routes are operated by unverified and untrusted entities, there is an increased likelihood of fraudulent activities, identity spoofing, and interception of sensitive information, Wetzel added. This compromises the confidentiality, integrity, and availability of communications, potentially leading to data breaches or unauthorized access to company systems.

Worst Case Scenarios

Enterprises found to be utilizing grey routes may face legal consequences, including fines and reputational damage due to violations of regulatory requirements and licensing. Gray route use can also lead to issues with delivery quality, reliability, and security. Messaging traffic transmitted through gray routes may experience message delivery failures. Such issues can adversely affect business communications, customer experience, and employee productivity.

How can enterprises stop and sidestep the woes of gray routes?

Gray route use for A2P messaging is not new and has continued for several years. The good news is that there are solutions for this menacing problem for enterprises and carriers. IT managers are urged to take a hard look at SMS firewalls to regain control of SMS messes.

SMS firewalls were developed to protect mobile networks against SMS’s vulnerable security flaws, according to ReportLinker. They offer protection and control over all messages on the network and safeguard mobile networks against all SMS-based messaging assaults. Every Message is forwarded through the security system, where it is evaluated and categorized. It takes action to block threats and grey routes.

The research firm maintains that the fast-growing global market for SMS firewalls which it estimates to balloon to 4.1 billion in 2028, can allay security concerns, including solving gray route problems.

• Defending mobile networks from all SMS-based messaging attacks
• Offering complete security and protection over all messaging networks
• Accurately identifying and blocking spam, and
• Ensuring all received message traffic is monitored to prevent SMS fraud.

The final word on gray routing Cutting expenses has always been a high priority for enterprises. But at what cost? Opening Pandora’s box of risks by using gray routes results in damage that likely exceeds any possible savings. And mobile network operators lose through revenue leakages.

Related articles:

• Employees: The Next Security Frontier?
• Threat Hunting: From Passive to Active Information Security
• Internal Network Security Mistakes to Avoid

Details

Published on 25 July 2023

(Credit: Anna Watson / Alamy Stock Photo)

It is ISPs vs. local government with providers waiting for broadband permit approvals that can add costs and delays for enterprise network expansion.

The Broadband Equity and Access Deployment (BEAD) funding has been announced for all states. But the actual delivery of high-speed Internet access to all under the historic spending effort is facing a huge challenge in permitting that could slow rollouts to a crawl.

That is why telecom leaders are pressing Congress harder than ever to pass legislation that would remove regulatory hurdles at the local level and both streamline and lower the expense of broadband deployment.

A permitting bill arises but has fans and foes

The House Energy and Commerce Committee has passed a bill, the American Broadband Deployment Act of 2023, led by Republican representatives, which would put a 60-day time limit on local review procedures for broadband undertakings. It also says permitting applications would be approved after that deadline if the project has not been denied by the city or town.

Mayors from across the nation oppose the bill claiming it preempts their authority over the deployment of telecommunication infrastructure on local public property.

And although there’s opposition, a tsunami of permit requests for the nation’s largest ever broadband deployment ($42.5 billion in BEAD funding) will still hit those that review and process requests. Are the reviewers and processors properly staffed and prepared to ride the wave, or will it wash them away?

In related news, many parties are still waiting for a ruling from the Federal Communications Commission (FCC) on pole attachments which presents a pressing problem for the deployment of aerial fiber. It is an issue pitting ISPs against pole owners.

A patchwork of current permitting rules

After almost two years on the issue, those in the know are beginning to wonder if Congress equals progress, concerned that a patchwork of current rules for permitting will delay the time when the rubber of carrier contractors and construction crews finally hits the road to begin the BEAD project rollout.

In an expert opinion piece published in late June,Clearfield CEO and Minnesota Hall of Fame member Cheri Beranek summed up the permitting challenge. “Permits serve a purpose, but unchecked, they will become a barrier to closing the digital divide,” Beranek wrote. “Many of these permitting processes have gone unchecked for decades, but it has never been more urgent to unravel these complex permitting webs we have woven. We have gotten a record-setting federal investment to ensure everyone can access high-speed broadband. We should do everything in our power not to waste it.” Her company is advancing fiber deployment solutions to meet evolving needs.

Others with skin in the game are not saying whether they are for or against the HR bill, perhaps waiting for something better. That includes the Fiber Broadband Association (FBA), an industry trade group representing those interested in fiber first and foremost for providing broadband internet for all with BEAD. A representative for the FBA declined to comment on the bill.

Permitting process challenges are not a new problem, but a career opportunity

The BEAD-funded broadband rollout, like many service deployments includingwireless, fiber to the home (FTTH), 5G, and even device-based IoT offerings, face state and local permitting rules for trenching for fiber, attaching fiber to telephone poles, and building antennas for microwave towers. Localities continue to hope they can manage disruption to everyday operations of their cities and towns by taking time to review permit requests and associated expenses.

Perhaps no infrastructure provider knows that better than Crown Castle, which rents space on its 40,000 cell towers across the nation to service providers to help launch services such as 5G. Its network includes fiber optics, and the nearly 30-year-old corporation continues to be a destination for network operations staff, fiber splicers, and of course, permit process specialists.

In a featured posting, Crown Castle described the duties of the Permitting Specialist. Job duties include "the preparation and submittal of various entitlement applications, permits, and agreements to allow installation of communications facilities on Crown Castle poles, towers, fiber, and other infrastructure." The position requires knowledge of municipal processes, codes, and ordinances, as well as frequent interface with local governments and jurisdictions.

How we can fix the permitting process

Given the unprecedented amount of BEAD money allocated to finally deliver broadband internet to un- and underserved areas, it is time to bring sides together today to find a permitting process that can handle an anticipated sustained spike in the volume of requests for access.

A collaborative effort that includes localities and ISPs would go a long way toward that goal. Add in other common stakeholders, such as state and federal government agencies that are frequently part of the process, and overcoming a formidable challenge to broadband can be overcome.

Related articles:

• Enterprise Broadband Expansion: Follow the Money
• What to Expect When You’re Expecting Broadband – Part 2
• What to Expect When You’re Expecting Rural Broadband

Details

Published on 25 July 2023

(Source: ArtemisDiana / Alamy Stock Photo)

SASE technology can be quite complex. There are a wide range of SASE vendors available. Find out what to consider when choosing the best SASE vendors.

Simply stated, Secure Access Service Edge (SASE) is a cloud architecture model that combines network and cloud-based security framework to provide secure access to network services from anywhere. A plethora of offerings are now available from SASE vendors.

Those offerings cover a wide range of technologies and service models. And the SASE vendors include many familiar companies who, in the past, have provided SD-WAN, networking security, and endpoint security solutions. Here is our guide to help you sort through those offerings and pick a SASE vendor that is right for your enterprise needs.

What’s accelerating SASE demand?

Demand for a cybersecurity architecture rose in part because of the explosion of office workers who shifted to work from home or hybrid plans as we move through the COVID years. Combine that shift with the $1.2 trillion Infrastructure Investment and Jobs Act of 2021, which committed $45 billion to provide broadband to all (sites), and you have a broadening sea of devices to support and applications to access. Climbing broadband access speeds are helping feed the fire.

Supporting work-from-home and work-from-anywhere approaches and new sites supercharges the need to provide secure remote access to data and applications. Add in the use of SaaS offerings, cloud services, and IoT devices, and SASE becomes an alluring solution, so researching the best SASE companies is critical.

Why knowing the right SASE features is important

One of the challenges those new to SASE technology often encounter is that solutions can be quite complex as they are made up of many discrete elements. One way to better understand what SASE is and what it does is to look at those elements.

The elements within most offerings and assembled solutions fit into two categories. There are WAN Edge Services and Security Service Edge (SSE) elements. Functionally, there are five main pillars of SASE. They are SD-WAN, firewall-as-a-service (FWaaS), secure web gateway (SWG), cloud access security broker (CASB), and zero trust network access (ZTNA).

Many SASE vendors don't yet have the full stack of features, and some partner with other companies to fill the gaps. There are traditional internet and WAN service providers who are now bundling endpoint security offerings with their WAN connectivity services. Another class of vendors is the remote access companies, like those that provide VPNs, edge routers, and more. Some are partnering with endpoint security vendors and WAN service providers to deliver SASE services. And finally, there are the traditional access security vendors. These are companies that offer firewalls, zero-trust access, and other offerings. Again, some of these vendors are now partnering with others to round out their offerings into a full SASE service.

Top features to consider when choosing a SASE vendor?

The fast-growing list of SASE solution providers offers a wide variety of choices. Note that some on the list are familiar network security vendors who partner with SD-WAN providers to offer a SASE solution, while others are SD-WAN providers that bundle cloud-based security services into a SASE offering. You will find a mix of software vendors, networking hardware makers, service providers (telcos), as well as firms with roots in firewall offerings. Some have been evaluated as single-vendor SASE providers by the likes of Gartner Group, while others are part of a multi-vendor solution.

Here are some criteria to evaluate these SASE companies.

Network and security architecture

When evaluating which SASE solution best meets your organization’s specific networking and security needs, you need to ensure that flexibility is high on the list.

Organizations should look for a truly flexible SASE implementation that is integrated, one which will deliver a cloud-native infrastructure and offer cloud instances regardless of if the deployment is on public or hybrid clouds or on-premises, to any location and application type. Seek out a flexible SASE architecture that reduces the burden on your IT teams by simplifying the complexity of cloud or on-premises deployment while also delivering quality experiences to your end users.

Support

Whether you’re shopping for a single- or multi-vendor-SASE solution for your organization, you must make service and support a top priority. What you believe to be the best crafted SASE offering can successfully reduce risk and confidently accelerate your business in the cloud yet fall when it comes to support. Ask for customer references, service level agreements (SLA), and details on the provider's support organization, and ask for information on reactions to specific problem scenarios.

Should you select a multi-vendor SASE solution, engage the contributing companies to determine the strengths and weaknesses of their interrelation. Is it strong and smooth, or does it sound as if it's not much more than a generic vendor partnership program? Cross-training and certification of staff should be attainable and of high value to your organization.

Another consideration when opting for a multi-vendor solution is the role of SASE standards. For help here, look to the work of industry groups like MEF. A recent Network Computing article noted the issues enterprises face in this arena and how MEF is trying to address those issues. In that article, the author noted:

“…a fragmented vendor ecosystem and lack of common terminology leave enterprises challenged to compare SASE feature sets and solutions. The resulting confusion can lead to incomplete service offerings that don’t meet needs and expectations.”

To simplify and speed up the evaluation, implementation, and management of SASE services, MEF published the industry's first standard for SASE, which defines common terminology, attributes of the service, and a service framework, along with a Zero Trust framework. With these frameworks, enterprises can make choices based on industry-standard definitions allowing for easier evaluation and faster decision-making and implementation.

Application security

The practice of defending core business applications and crucial data at the network perimeter is dated and increasingly complicated to manage. That's especially the case with the advent of work-from-home and hybrid approaches, where IT groups must support a myriad of devices, greater mobility, and higher-speed internet connections.

As a result, standard hardware-based security equipment used by network administrators is no longer sufficient to protect remote network access to applications. SASE provides unified policy management based on user identity, enabling your company to deploy security services no matter where its users or corporate resources are located.

Data protection solutions

Another benefit of a robust SASE implementation is the ability for IT to safeguard growing volumes of applications, systems, and data by setting an array of policies for their access.

Some of the capabilities and protections to look for in a SASE implementation include the following:

• Secure web gateway, which protects users from web-based threats while applying and enforcing corporate acceptable use policies.
• Cloud-access Security Broker (CASB), which is an on-premises or cloud-based security policy enforcement point between cloud service users and providers.
• Encryption, which encodes data so that it remains hidden from or inaccessible to unauthorized users.
• Firewall, which keeps out unauthorized traffic and only lets in communications that are deemed safe, using a set of security rules.
• Virtual Private Network (VPN), which brings privacy to communications over a public or untrusted data network.

Many SASE vendors support all these capabilities. Some do not.

Zero trust network access

Heralded by many as the next era of network access, Zero Trust Network Access (ZTNA) now offers organizations key new features, such as the ability to maintain least-privileged access and operate with the “allow-and-ignore” model.

ZTNA 2.0 provides secure connections to deliver better security outcomes for businesses with hybrid workforces, overcoming the limitations of ZTNA 1.0 solutions. Request vendors compare the versions.

Ask potential SASE solution providers if they support ZTNA 2.0 and how it addresses the limitations of version 1.0 with least-privileged access, continuous trust verification, and security inspection, plus protection for all apps and data.

Network deployment

There are options for your organization when it comes to network deployment of SASE, which currently include single vendor approaches, multi-vendor packages, the DIY option, and a managed services provider (MSP) alternative. The desired result is a deployment that converges networking and security functions into a single, unified platform that can be managed using a single pane of glass if needed.

Enterprise business and technology leaders should consider using a customer-centric approach that uses fewer vendors and simplifies operations, cuts complexity, and results in lower costs. However, since organizations have differing requirements, they need to address them with their SASE approach.

Application coverage

SASE combines networking and security functions in the cloud to deliver secure access to applications anywhere users work. Organizations should check to ensure that adopting ZTNA by verifying the identity of users and the health of their devices provides secure access to applications and application suites on a per-session basis, whether they are basic packages or enterprise-wide lifeblood systems.

Also, make your business more agile by leveraging the cloud to remove complexity from your infrastructure and provide immediate scalability. With open APIs in both networking and security, it's easy to choose what works best by integrating easily into preferred products or a broad and open single-vendor ecosystem.

Network optimization

Network optimization is a far-reaching and much-sought feature of SASE solutions. Pressing vendors for detailed use cases should shed light on how its attained. Though results will clearly vary by implementation, SASE should lighten Its load since it does not require deploying MPLS circuitry or special network infrastructure. It is pitched as being able to use broadband networks and leverage investments in current private network links.

SASE solutions are supposed to integrate with backbone networks and popular edge services, including content delivery networks (CDN), Cloud Access Security Broker (CASB), VPNs, and edge networks.

Reduced complexity is a top priority with SASE. You can simplify your IT infrastructure by minimizing the number of security products your IT team has to manage, update, and maintain, consolidating your security stack into a cloud-based network security service model.

Security compliance

The overarching goal here with a SASE solution is to configure security to detect and stop threats while maintaining compliance. What’s needed is contextual visibility into what is happening in a SASE session or connection.

To that end, organizations need insight into all cloud entities and knowledge of how the relationships among them affect their security posture. Once you know what you have, where it is, and how secure it is, you can enforce customizable governance policies that keep your cloud compliant with internal and external standards.

Threat prevention

Organizations evaluating SASE companies should be certain to seek threat protection in vendor solutions, given the soaring number and sophistication of unauthorized attempts on their data and other resources.

Probe vendors to determine if their SASE packages provide integrated full content inspection, as your firm will benefit from more security and visibility into your network. Systems need to identify false positives attempts.

Ask SASE vendors what tools their systems offer to help your security staff resolve alerts – and quicker. A recent report claimed security teams take an average of 6 days to resolve alerts.

SSL connection and DNS

SSL is best described as a standard technology for securing an internet connection by encrypting data sent between a website and a browser. Specifically, the SASE solution's Secure Web Gateway (SWG) inspects the web activity of end-users and applies a consistent set of security policies to enforce safe browsing habits at the endpoint. A robust gateway's features include deep SSL inspections, DLP, URL filtering, and DNS filtering.

SASE vendor selection key takeaways

The shift to SASE is already underway, as most SASE vendors supporting the cybersecurity architecture have already posted use cases on their websites explaining how household name organizations have embraced it to improve the way they do business without fear of security breaches we read about weekly.

A complete SASE implementation can simultaneously enable IT leaders to embrace fundamental changes in the way companies support workers, a precious asset that needs to be safely turned loose to maximize productivity and power corporate business advances.

As SASE evolves, stay smart and stay current with crucial coverage, advice, tips, and primers about SASE vendor offerings and standards from industry experts.