close
close
Your Network of Tomorrow
Your Network of Tomorrow
Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.
          Experience Netskope
          Get Hands-on With the Netskope Platform
          Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            Netskope debuts as a Leader in the Gartner® Magic Quadrant™ for Single-Vendor SASE
              Securing Generative AI for Dummies
              Securing Generative AI for Dummies
              Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
                Modern data loss prevention (DLP) for Dummies eBook
                Modern Data Loss Prevention (DLP) for Dummies
                Get tips and tricks for transitioning to a cloud-delivered DLP.
                  Modern SD-WAN for SASE Dummies Book
                  Modern SD-WAN for SASE Dummies
                  Stop playing catch up with your networking architecture
                    Understanding where the risk lies
                    Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                        The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                        The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                        Netskope One Private Access is the only solution that allows you to retire your VPN for good.
                          Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                          Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                            Netskope GovCloud
                            Netskope achieves FedRAMP High Authorization
                            Choose Netskope GovCloud to accelerate your agency’s transformation.
                              Let's Do Great Things Together
                              Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.
                                Netskope solutions
                                Netskope Cloud Exchange
                                Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.
                                  Netskope Technical Support
                                  Netskope Technical Support
                                  Our qualified support engineers are located worldwide and have diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ensuring timely and quality technical assistance
                                    Netskope video
                                    Netskope Training
                                    Netskope training will help you become a cloud security expert. We are here to help you secure your digital transformation journey and make the most of your cloud, web, and private applications.

                                      Can Your Vendor Deliver on the SASE Cloud Promise? Be Sure to Look Under the Hood

                                      Jul 17 2024

                                      This blog is part of the ongoing “I&O Perspectives” series, which features insights from industry experts about the impact of current threats, networking, and other cybersecurity trends.

                                      We recently had the privilege of hosting two distinguished experts in the security and networking industry to discuss the essentials of building a SASE cloud, featuring Joe Skorupa, former Gartner Distinguished VP Analyst, and Joe DePalo, Chief Platform Officer at Netskope, on the  latest episode of the ‘Architecture Matters’ series, titled ”Can Your Vendor Deliver on the SASE Cloud Promise?

                                      In essence, the promise of secure access service edge (SASE) to the enterprise is to revolutionize the way organizations manage and secure access to applications and networks by offering a comprehensive, cloud-native solution that integrates networking and security services. In other words, SASE delivers a secure, scalable, and efficient framework that simplifies network and security management, enhances performance, supports modern work environments, and reduces costs. This enables enterprises to focus on their core business objectives while ensuring their network infrastructure is resilient, agile, and protected against evolving threats.

                                      There are many vendors offering a complete SASE solution in the market, but not all SASE clouds are created equal. SASE cloud refers to the underlying infrastructure used to host and power a SASE platform, which is critical to ensure that all traffic is securely inspected without negatively impacting the user experience. Furthermore, the quality, performance, and comprehensiveness of existing SASE solutions can differ greatly. It’s essential to assess each vendor’s infrastructure, security features, global reach, scalability, and service reliability to ensure they align with your organization’s requirements. 

                                      When choosing a SASE provider, it is crucial to thoroughly assess the key aspects of their infrastructure and network. Many vendors often fail to deliver the performance and reliability required to fulfill the SASE cloud promise, resulting in poor transaction performance that adversely affects end-user experience and overall productivity.

                                      In Joe Skorupas’s view, “When it’s done right, a SASE cloud delivers highly available, reliable connectivity and secure access to applications regardless of the user’s location or the location of the applications.”

                                      Hyperscalers are heavily optimized for their business 

                                      The carriers and cloud providers have no motivation to solve the performance vs. security trade-off dilemma that all enterprises face with today’s internet because they know it’s too expensive and difficult for them to build their own interconnected environment

                                      In the webinar, Joe Skorupa drills down to the essence of the issue regarding SASE clouds, noting,  “When evaluating a SASE vendor, you need to match the network problem to the right architecture to solve that problem. When evaluating a vendor’s offering, it’s important to understand: what was the architecture designed to do? In the case of SASE cloud, there are two choices: public cloud network (the internet or a hyperscaler’s network) or a dedicated private cloud.”

                                      In a previous blog, Joe DePalo discussed why a dedicated private cloud was the right choice for Netskope, but it’s no secret that the underlying infrastructure that businesses around the world use to access cloud applications and data is flawed and wasn’t built with today’s scale in mind.

                                      As Joe put it, Public clouds are impressive and cater to various business needs, such as selling ads, shoes, and videos. However, adding a security layer on top can be suboptimal due to potential congestion issues, server locations, and scaling concerns. Our interactions with enterprise customers revealed that many do not scrutinize the underlying architecture of their SASE vendors.”

                                      Joe Skorupa added to the conversation: “Google, for instance, has a vast global reach and impressive bandwidth, but its infrastructure is not ideal for SASE. Their architecture, optimized for search and video streaming, features dense and concentrated compute at the core. It’s also designed for delivery, so it has limited bandwidth and high latency at delivery points. Effective SASE requires high-performance compute at the edge, near the user. Using public cloud infrastructure for SASE involves backhauling security processing, leading to performance and availability issues. Additionally, sharing network resources with services like YouTube and Gmail causes congestion, making it suboptimal for the low-latency, edge-based compute needs of SASE architecture”

                                      If you have a performance problem, you have a security problem

                                      In essence, SASE aims to deliver a superior user experience by combining robust security measures with optimized network performance, ensuring that users can access the resources they need quickly and securely. 

                                      Joe Skorupa emphasized that networking and security professionals must ensure SASE deployments meet business needs to avoid compromising user experience. He warned that if end users find the SASE solution hindering their work, they will find ways to bypass it. In his words: “Without real data on performance and availability, troubleshooting issues becomes impossible. Using a public cloud network limits visibility and control, further complicating effective management.”

                                      Joe DePalo added: “Many enterprises are shifting from on-prem devices to the public cloud, resulting in loss of visibility, troubleshooting, and operational control. In contrast, a SASE vendor with dedicated infrastructure can act as an extension of the enterprise. Such a vendor provides APIs, digital experience monitoring, and full controls, offering similar benefits to having an on-prem appliance within the network.”

                                      When evaluating SASE clouds, always ask the hard questions and request a proof of concept (POC)

                                      Both Joe DePalo and Joe Skorupa agreed that for enterprises considering SASE, it is crucial to thoroughly evaluate potential vendors. Don’t just rely on their claims; investigate what they actually offer, as architecture and technical expertise are critical. Not all vendors have the vision or skills to build and operate the right solution. Use resources like the A Network Scorecard For Evaluating SASE Clouds report by Broadband Testing, which provides a detailed network scorecard for evaluating SASE clouds.

                                      These are things you need to ask, because if every answer is ‘our vendor does it’ then your are not buying from a SASE vendor, you are buying from a reseller,” said Joe Skorupa

                                      Additionally, conduct a proof of concept (POC) to see how the solution impacts your business, as vendors often claim to be the fastest. “Testing it yourself is essential, and there is no excuse not to run a POC “said Joe DePalo.

                                      Stay tuned for the upcoming installments of our I&O Perspective series.

                                      Learn why Netskope debuted as a leader in the 2024 Gartner® Magic Quadrant™ for Single-Vendor Secure Access Service Edge

                                      author image
                                      Francisca Segovia
                                      Francisca Segovia is Director of Marketing at Netskope, where she leads the messaging and positioning of network and Infrastructure solutions.
                                      Francisca Segovia is Director of Marketing at Netskope, where she leads the messaging and positioning of network and Infrastructure solutions.

                                      Stay informed!

                                      Subscribe for the latest from the Netskope Blog