Can Your Vendor Deliver on the SASE Cloud Promise? Be Sure to Look Under the Hood

This blog is part of the ongoing “I&O Perspectives” series, which features insights from industry experts about the impact of current threats, networking, and other cybersecurity trends.

We recently had the privilege of hosting two distinguished experts in the security and networking industry to discuss the essentials of building a SASE cloud, featuring Joe Skorupa, former Gartner Distinguished VP Analyst, and Joe DePalo, Chief Platform Officer at Netskope, on the  latest episode of the ‘Architecture Matters’ series, titled ”Can Your Vendor Deliver on the SASE Cloud Promise?”

In essence, the promise of secure access service edge (SASE) to the enterprise is to revolutionize the way organizations manage and secure access to applications and networks by offering a comprehensive, cloud-native solution that integrates networking and security services. In other words, SASE delivers a secure, scalable, and efficient framework that simplifies network and security management, enhances performance, supports modern work environments, and reduces costs. This enables enterprises to focus on their core business objectives while ensuring their network infrastructure is resilient, agile, and protected against evolving threats.

There are many vendors offering a complete SASE solution in the market, but not all SASE clouds are created equal. SASE cloud refers to the underlying infrastructure used to host and power a SASE platform, which is critical to ensure that all traffic is securely inspected without negatively impacting the user experience. Furthermore, the quality, performance, and comprehensiveness of existing SASE solutions can differ greatly. It’s essential to assess each vendor’s infrastructure, security features, global reach, scalability, and service reliability to ensure they align with your organization’s requirements. 

When choosing a SASE provider, it is crucial to thoroughly assess the key aspects of their infrastructure and network. Many vendors often fail to deliver the performance and reliability required to fulfill the SASE cloud promise, resulting in poor transaction performance that adversely affects end-user experience and overall productivity.

In Joe Skorupas’s view, “When it’s done right, a SASE cloud delivers highly available, reliable connectivity and secure access to applications regardless of the user’s location or the location of the applications.”

Hyperscalers are heavily optimized for their business 

The carriers and cloud providers have no motivation to solve the performance vs. security trade-off dilemma that all enterprises face with today’s internet because they know it’s too expensive and difficult for them to build their own interconnected environment

In the webinar, Joe Skorupa drills down to the essence of the issue regarding SASE clouds, noting,  “When evaluating a SASE vendor, you need to match the network problem to the right architecture to solve that problem. When evaluating a vendor’s offering, it’s important to understand: what was the architecture designed to do? In the case of SASE cloud, there are two choices: public cloud network (the internet or a hyperscaler’s network) or a dedicated private cloud.”

In a previous blog, Joe DePalo discussed why a dedicated private cloud was the right choice for Netskope, but it’s no secret that the underlying infrastructure that businesses around the world use to access cloud applications and data is flawed and wasn’t built with today’s scale in mind.

As Joe put it, “Public clouds are impressive and cater to various business needs, such as selling ads, shoes, and videos. However, adding a security layer on top can be suboptimal due to potential congestion issues, server locations, and scaling concerns. Our interactions with enterprise customers revealed that many do not scrutinize the underlying architecture of their SASE vendors.”

Joe Skorupa added to the conversation: “Google, for instance, has a vast global reach and impressive bandwidth, but its infrastructure is not ideal for SASE. Their architecture, optimized for search and video streaming, features dense and concentrated compute at the core. It’s also designed for delivery, so it has limited bandwidth and high latency at delivery points. Effective SASE requires high-performance compute at the edge, near the user. Using public cloud infrastructure for SASE involves backhauling security processing, leading to performance and availability issues. Additionally, sharing network resources with services like YouTube and Gmail causes congestion, making it suboptimal for the low-latency, edge-based compute needs of SASE architecture”

If you have a performance problem, you have a security problem

In essence, SASE aims to deliver a superior user experience by combining robust security measures with optimized network performance, ensuring that users can access the resources they need quickly and securely. 

Joe Skorupa emphasized that networking and security professionals must ensure SASE deployments meet business needs to avoid compromising user experience. He warned that if end users find the SASE solution hindering their work, they will find ways to bypass it. In his words: “Without real data on performance and availability, troubleshooting issues becomes impossible. Using a public cloud network limits visibility and control, further complicating effective management.”

Joe DePalo added: “Many enterprises are shifting from on-prem devices to the public cloud, resulting in loss of visibility, troubleshooting, and operational control. In contrast, a SASE vendor with dedicated infrastructure can act as an extension of the enterprise. Such a vendor provides APIs, digital experience monitoring, and full controls, offering similar benefits to having an on-prem appliance within the network.”

When evaluating SASE clouds, always ask the hard questions and request a proof of concept (POC)

Both Joe DePalo and Joe Skorupa agreed that for enterprises considering SASE, it is crucial to thoroughly evaluate potential vendors. Don’t just rely on their claims; investigate what they actually offer, as architecture and technical expertise are critical. Not all vendors have the vision or skills to build and operate the right solution. Use resources like the A Network Scorecard For Evaluating SASE Clouds report by Broadband Testing, which provides a detailed network scorecard for evaluating SASE clouds.

“These are things you need to ask, because if every answer is ‘our vendor does it’ then your are not buying from a SASE vendor, you are buying from a reseller,” said Joe Skorupa

Additionally, conduct a proof of concept (POC) to see how the solution impacts your business, as vendors often claim to be the fastest. “Testing it yourself is essential, and there is no excuse not to run a POC “said Joe DePalo.

Stay tuned for the upcoming installments of our I&O Perspective series.

Learn why Netskope debuted as a leader in the 2024 Gartner® Magic Quadrant™ for Single-Vendor Secure Access Service Edge