2021 SASE integration strategic roadmap (I)

Gartner released 《2021 year SASE Integration strategy roadmap 》, This paper outlines the edge architecture of security access service （SASE） The main challenges of transformation . This article will take you to look at this road map .

Digitization 、 Working everywhere and cloud based computing accelerate cloud delivery SASE product , To support anytime, anywhere access from any device . Security and risk management leaders should develop from traditional boundaries and hardware based products to SASE Model migration plan .

summary

Important findings

• For at any time 、 Protect access to digital capabilities anywhere , Security must be defined by software and delivered by cloud computing , This forces changes in the security architecture and vendor choices .
• Adopt a boundary based approach to protect any location 、 Visit at any time , This has led to suppliers 、 Patchwork of policy and console , It brings complexity to security administrators and users .
• Integrate existing skill sets 、 Enterprises with suppliers and products and hardware update cycle time as migration factors will have their secure access to the service edge (SASE) The adoption time of is reduced by half .
• Branch transformation project （ Including software defined Wan SD-WAN、MPLS uninstall 、 Only Internet branches and related cost savings ） More and more SASE Part of the project scope .
• SASE Is a practical and compelling model , It can be partially or fully realized today .

Suggest

The safety and risk management leadership responsible for infrastructure security should be the adoption of SASE Develop a roadmap and product functionality ：

short-term

• Deploy zero trust network access (ZTNA) To enhance or replace the legacy of remote users VPN, Especially for high-risk use cases .
• Check the equipment and contract , To achieve the phasing out of hardware used for many years at local boundaries and branches , To support cloud based SASE Functional delivery .
• With safety Web gateway (SWG)、 Cloud access security agent (CASB) and VPN Renewal of contract , Consolidate suppliers and reduce complexity and cost . Take advantage of the convergence market that has emerged in conjunction with these secure edge services .
• Actively participate in branch transformation and MPLS Uninstallation measures , In order to integrate cloud based security edge services into the scope of project planning .

long-term

• take SASE Integration of products into one or two clearly cooperating suppliers .
• Implement... For all users ZTNA, No matter where it is , Including in offices or branches .
• Select allow to control where the check occurs 、 How traffic is routed 、 What to record and where the logs are stored SASE product , To meet privacy and compliance requirements .
• Create a dedicated team of security and network experts , Jointly responsible for the safety access project , Across the site 、 Teleworkers 、 Branches and edge locations .

Strategic planning concept

To 2024 year ,30% Enterprises will adopt cloud delivery from the same supplier SWG、CASB、ZTNA And branch firewall services （FWaaS） Ability , and 2020 This proportion is less than 5%.

To 2025 year , At least 60% Enterprises will have a clear strategy and timetable to adopt SASE, Include users 、 Branch office and edge access , and 2020 Year only 10%.

To 2023 year , To provide flexibility 、 economic 、 Scalable bandwidth ,30% The location of the enterprise will only be internet WAN Connect , and 2020 This proportion is about 15%.

Introduce

The current network security architecture is designed with the enterprise data center as the focus of access requirements . Digital services drive new IT framework , Such as cloud computing and edge computing , And initiatives to work anywhere , This in turn reverses the need for access , More users 、 equipment 、 Applications 、 Services and data are located outside the enterprise , Not inside the enterprise .COVID-19 The pandemic has accelerated these trends .

The network security model based on the peripheral security of data center using a set of security equipment is not suitable to meet the dynamic needs of modern digital business and its distributed digital labor force .

Traditional boundaries must be transformed into a set of cloud based fusion functions , Can be created at the time and place needed by the enterprise , That is, dynamically created 、 Policy based secure access service edge .

meanwhile , Enterprises are increasingly pursuing zero trust strategy , However, the effective implementation of the principle of zero trust faces challenges . The security posture of providing zero trust is emerging SASE An integral part of the product . The zero trust network model uses continuous assessment of risk / Trust level replaces implicit trust （ Zero trust is the goal ）. When the context surrounding the interaction changes , They adjust the number of explicit trusts granted to interactions .

While keeping complexity manageable , The need to nimbly support digital business transformation efforts is emerging SASE An important driving force of the market , The market is mainly delivered in the form of cloud based services . This market is integrated with the Internet （ Such as SD-WAN） And network security services （ Such as SWG、CASB、ZTNA and FWaaS）, As shown in the figure below ：

since 2019 year 7 Month defines emerging SASE Since the market , Industry and customers are very interested in SASE Your interest has exploded , This is mainly because existing suppliers cannot meet the needs of existing enterprises . However, the speculation of suppliers makes people's understanding of the Shanghai composite index market more complicated . Since the publication of the initial study , And 2019 - 2020 Year on year comparison , In the total number of end-user conversations related to security topics , mention SASE The percentage of end-user queries from 3% Growth to 2021 year 1 Of the month 15%, The interest continues to grow ,17% End users call to mention the same group of related markets SASE. Significant supplier integration 、 Acquisitions and announcements , To build a complete SASE The portfolio has increased , Expected in the future 12 to 24 There will be more in the next month .

However , Enterprises transition to a complete SASE The model takes time . The reality is that , The existing investment of enterprises in hardware is not fully amortized , There is still time left on the software contract . The average hardware refresh cycle of the branch is 5 To 7 year . Relationships with existing suppliers and staff expertise are another factor . send SASE The more complicated is , Most large enterprises have independent network security and network operation teams . Last , Not everyone claims to provide SASE The suppliers of products currently provide all necessary and recommended SASE function ( See note 1). Even so , Not all SASE The functions of suppliers are at the same level of function and maturity . Through analysis SASE The gap between the future and current state of the product , We are SASE Adoption in the coming years provides a strategic roadmap 、 Migration plan and implementation suggestions . Here's the picture ：