Can I skip SD-WAN and jump straight to SASE?

SASE RFP questions

Avatar for Ray WatsonBy Ray Watson|Oct 20, 2020|7:30 am CDT

Secure Access Service Edge, otherwise known as SASE is a new term introduced by Gartner, and it’s gaining traction in the industry as the next evolution of SD-WAN. So, does that mean you can skip an SD-WAN investment and go straight for the SASE solution? In this series of SASE Straight Talk articles, we answer questions on the minds of every IT professional, helping you clarify how to identify the smartest approach for your business needs.

SASE includes SD-WAN and much more

SASE has been defined as converged offerings combining WAN capabilities with network security functions in a single cloud service from one provider. These new package of technologies include the following five core capabilities:

  1. SD-WAN
  2. Firewall as a Service
  3. Secure Web Gateway
  4. Cloud Access Security Broker (CASB)
  5. Zero Trust Network Access

Sure, you can “skip” the SD-WAN investment and go straight for the SASE solution. But SD-WAN is already inside the SASE toolbox. So, you’re not really skipping SD-WAN as much as you are rolling SD-WAN into a larger investment.

According to IDG, 91% of IT professionals are interested in SASE solutions. So, there’s no doubt that there will be plenty of IT leaders looking to switch gears midstream, converting an SD-WAN RFP into a SASE RFP. But doing so should be more than just adding a few additional technologies to the list of questions. SASE is a unified service where all five elements work together on the same cloud service platform, which makes it more than a simple product bundle.

So, which provider is best suited to deliver across all of these individual industries, condensing all of these capabilities into one interoperable service? We explore that question in this article.

RFP Questions: SD-WAN versus SASE

Gartner warns buyers of providers who do little more than bolt technologies together. They alert IT leaders about oversimplified solutions that daisy chain technologies together in an aim to be among the first to compete in this emerging new market. Their Hype Cycle report includes these words of caution:

Software architecture and implementation matters. Be wary of vendors that propose to deliver services by linking a large number of features via VM service chaining, especially when the products come from a number of acquisitions or partnerships. This approach may speed time to market but will result in inconsistent services, poor manageability and high latency.

Therefore, your RFP will want to take a deeper look at the infrastructure and at the integration. SASE architecture matters, because interoperability and visibility are of utmost importance when unifying disparate network and security capabilities into one solution. Its advantage is a standardized platform where vast technologies converge, all working on a single “operating system.” The architecture and implementation establishes that one common platform. To achieve everything that SASE envisions, the solution must be a transparent ecosystem where all converged technologies interact, delivering analytics and insights to a unified management portal. To fall short of this goal is to prolong all the same problems every IT team has today–multiple technologies, systems, and dashboards to evaluate, cross reference, and manage.

Sample SASE RFP questions

RFP questions for SASE should hone in on the five core capabilities and how the provider converges them into a single cloud service:

Five core capabilities

  • How do you deliver on all five core capabilities of SASE?
  • Which technologies do you compile into one cloud service platform?
  • If the five SASE capabilities serve as checkboxes, how many times does your solution check each box?
  • Did you build all the technology components yourself or do you partner with outside providers to compile your SASE tech stack? Does integration happen at the source-code level? Learn more about the difference between SASE tech stacks
  • The SASE market is new–how is your solution evolving to expand, improve interoperability, and gain strength?

SASE architecture

  • How do you consolidate all SASE capabilities into a single platform?
  • Do you use your own private network as the cloud service platform for SASE?
  • Tell me about the cloud platform infrastructure and how it provides a standard operating system for all capabilities to interact and interoperate. Is it a ubiquitous infrastructure? Is it built on software-defined principles?
    Learn more about the importance of SASE platform architecture

One cloud service platform

  • How many vendors will I need to interact with in order to receive services for all five core services? (Gartner advises not more than two vendors.)
  • Do I get visibility across all five capabilities in one management portal?

Additionally, understanding the relationships among the core capabilities is helpful, as some of the technologies will have a natural affinity. For example, it’s common for today’s SD-WAN solutions to come already bundled with next-generation firewalls and secure web gateway. Additionally, SD-WAN hardware devices from security-focused providers are more likely to already include additional security functionality in their SD-WAN solution offering. Zero Trust can be achieved in many different ways, but it can include some components of secure web gateway, firewall as a service, as well as CASB.

Exploring where each provider’s core competencies are and how those map against SASE will also help distinguish partners who come prepared with a unified toolset versus those who struggle to integrate them together in order to compete in this disruptive market. Additionally, understanding where your own IT gaps map against SASE’s five core capabilities is also helpful in defining which areas will provide the most strategic value to your business.

Read more articles in the SASE Straight Talk series:

Engage in the SASE conversation online. Don’t forget to follow us on Twitter!