• Skip to primary navigation
  • Skip to content

NetMotion Software

  • SOLUTIONS
    • Zero trust access
    • Experience monitoring
    • Enterprise VPN
    • SASE
  • PLATFORM
    • NetMotion cloud
    • How it works
    • Devices & deployment
    • Analytics & visibility
    • Policy controls
  • COMPANY
    • About
    • Customers
    • Careers
    • News
    • Management
    • Contact
  • SECTORS
    • Legal
    • Finance
    • Public safety
    • Healthcare
    • Transport
    • Utilities
  • PARTNERS
    • Alliances
    • Resellers
    • Network operators
  • INSIGHTS
    • Blog
    • Reports
    • Analysts
    • Case studies
    • Webinars
    • Videos
  • DEMO
  • SUPPORT
  • EN

Mobility

Planning for SASE: a step-by-step guide for how to get there

March 9, 2021

By: Joel Windels | March 9, 2021

SASE is one of the hottest buzzwords in IT and security in 2021, but reaching it can feel like a long way off. Here are some tips for building your SASE strategy for secure access

Secure Access Service Edge (SASE) is something that analysts, vendors and other experts will insist that you simply must do. What often seems to be missing, however, is exactly how to do that. Crucially, while it may be easy to talk about zero trust, the cloud and operating at the edge, the reality is quite different. Many IT professionals are still struggling to manage antiquated legacy systems and dealing with the consequences of decisions made a decade ago. For those reasons and more, a large number of those working in IT clench their teeth when thinking about SASE.

Put in the most basic of terms, SASE represents the new tools and processes an organization will need to secure workers in a world that is no longer centered on the perimeter. Employees operate from their homes, outside the office and on unmanaged networks. They also access resources spanning the public web, IaaS, SaaS and on-premise applications. SASE includes modern functionality to better reflect this new working environment, avoiding the cumbersome and complicated network gymnastics that legacy technologies demanded – firewalls, SWGs and hardware VPNs.

This all sounds great on paper, but the vast landscape of SASE technologies can be intimidating to even know where to begin.

The simplest may even be with something you’re already doing. CDNs or SD-WAN, for example, represent an attractive place to start. These offer enhanced connectivity and optimizations, albeit typically for branch-based workers rather than home-based ones. For that reason, many IT leaders are leveraging SD-WAN as an early cornerstone of their SASE strategies.

Ultimately, however, most SASE strategies will focus on the secure access part of that acronym. If not VPN and SWG, then what? More specifically, how can SASE solutions help keep employees and corporate assets protected in the new, distributed and cloud-heavy workplace? The following steps help IT and security leaders navigate at least one corner of their SASE roadmap – focusing on secure access and the path from legacy VPNs to modern zero-trust network access (ZTNA).

Step one: fragmented legacy access

If you’re not yet leveraging the cloud to manage secure access, then you’re not alone. Prior to the events of 2020, most businesses relied on a fragmented set of VPN tools to manage remote workers. Often, IT teams managed more than one remote access solution, using free products or those with a poor UX to ‘make do’ for the rare occasions that employees worked away from the office. In many instances a more robust, specialized product like NetMotion was used only with workers who could not afford to compromise on experience, such as field workers.

Managing multiple VPNs is a headache, though, and treating remote workers as a priority, rather than an afterthought, is the first step on the pathway to SASE. The simplest place to start with this mindset is consolidating and scaling your remote access solution to a dedicated product designed to support mass distributed working. A key step here is to standardize on software-based solutions, especially those that can provide optimizations and policy controls.

Recommendation: amalgamate and upgrade remote access solutions to a single, dedicated and software-based product for all workers

Step two: embracing zero trust

This step can happen before or after step three; it will depend entirely upon the culture and maturity of your organization. If you are already content with your delivery model for consuming secure access (whether that is an SDP, ZTNA or VPN), then you may start considering zero trust. An end-to-end zero trust policy for all use-cases, applications and personnel is unrealistic.

Instead, security professionals should select a limited group. This could be a single department or, more likely, a particular resource (or set of resources). From this starting point, start leveraging the policy engine of your secure access solution. Map out the risks associated with unwanted usage of that resource. Who can access it? Where should they be located? Which devices can they use? What time of day is access expected? On which networks, or types of networks, can it be reached?


The forecast is cloudy
The cloud has become a huge buzzword but most organizations aren't ready to go 100% cloud. For most, a hybrid
View
Inside NetMotion: A security engineer’s view of SASE
Security engineer, Jose Navarro, shares his thoughts about SASE and the adoption of the framework as more organisations pivot to
View
Best practices in legal IT: Andrew Black, Muckle LLP
For many organizations, 2020 was an enormous catalyst for digital transformation. What normally would have taken several years was compressed
View
The future of network security is in the cloud
The shift to cloud and everything-as-a-service has been underway for more than a decade, but the global pandemic of 2020
View
What is zero trust? Uncovering zero trust network myths
What is zero-trust: Network security has become an increasingly hot topic during the past year. What network security myths are
View
Attracting and retaining the best talent: what IT can do to help
As businesses re-open, attracting and retaining talent will depend more than ever on the IT team's influence. Here's how they
View
Improve Microsoft Cloud Services with seamless security and employee experience enhancements
As users and consumers of data, most of us are so accustomed to having immediate access to the content, apps
View
How well do IT pros really understand Zero Trust?
Adopting SASE is the right thing to do, but it's hard to know where to begin. Zero Trust may be
View
NetMotion & Zebra announce official validation of joint solution for distributed workforces
NetMotion has achieved Zebra validation, making our platform an even better choice for any organization looking to improve productivity, connectivity
View
Microsoft365: new data reveals the number one priority in IT and the challenges with implementation
As companies consider a new hybrid working environment, how does M365 fit into the picture with SASE, zero trust and
View
1 2 3 Next »

Asking and answering these questions will build out a risk profile and set of desired conditional access rules that can be implemented via a ZTNA or SDP solution. Experimenting with the risk tolerance and combination of contextual policies will find the right security-experience balance, and by limiting it to a single application, the impact of such experimentation will be confined. This reduced-scope approach to zero trust is the best way to build familiarity without exposing the wider organization to major potential usability and experience concerns.

Recommendation: experiment with the zero trust capabilities of your secure access solution by selecting a very limited scenario and testing it

Step three: zero trust and the cloud

This might happen in tandem with your early experimentation with zero trust: the timing will fluctuate with your own priorities. Once you’ve selected a secure access solution that can deliver the functionality required for a SASE environment, the next step is to manage a migration plan for where it is hosted. The unique nature of your organization will hugely influence this plan. Some companies, industries and geographies will maintain long-term requirements for on-premise options – at least for subsets of workers or apps. Most, however, will be looking to migrate a majority to the cloud.

Whether that is managing secure access in their own IaaS (Azure, AWS, Google Cloud) environment or consuming the solution entirely via SaaS, many IT departments are seeking a cloud-first strategy for network security. Ensure you select a vendor that is flexible to the needs of all three (SaaS, IaaS and on-prem) to gradually chart the journey to SASE without compromising on certain use-cases, which are rarely homogenous.

Recommendation: ensure your delivery method for consuming your secure access solution is scalable, streamlined and future-proof, without compromising the requirements of today

Step four: expanding zero trust

By this stage, you will be several years into your journey to SASE, perhaps also implementing solutions from other areas of the framework such as CASB or FWaaS. Having developed a deeper intimacy with zero trust (as outlined in step two), by now you should be prepared to start scaling zero trust policies across your organization. More departments, a wider scope of devices, a greater range of applications and a never-ending list of use-cases should be the objective. The principles of zero trust demonstrably reduce the attack surface, and so expanding its implementation across the enterprise is essential to staying both secure and agile.

Recommendation: continue to rollout new zero trust policies to individuals, teams, applications, geographies and use-cases across the enterprise

Step five: integrated SASE

Alongside this simple maturity model, you will have almost certainly adopted other technologies. Most specifically with secure access, the most important will have been a Cloud Access Security Broker (CASB) and a cloud Secure Web Gateway (SWG). These help the enterprise secure SaaS applications and the broader public web respectively. Several years into your SASE journey, the sophistication of your approach to SASE technologies will be reaching the zenith – you’re almost at the Gartner-grade panacea of modern secure access.

The final stage is about ensuring each of your solutions is well integrated, or at least inter-operable, with the others. Some vendors will promise any and every solution from a single source, suggesting this is possible from the start. The reality, however, seldom matches the marketing. Only in very rare instances can a single vendor truly deliver a full suite of products to an industry-leading standard, and so the more likely outcome is that businesses are managing several solutions from several vendors (just as they were for traditional network security stacks). Taking advantage of integrations between ZTNA, CASB, cloud SWG, cloud VPN, FWaaS, SD-WAN and other disparate technologies will be crucial in realizing the full benefits of a SASE strategy.

Recommendation: implement SASE solutions that co-exist and integrate with one another for compounded benefits across technologies.

Continue reading…

  • Creating a Cyber Security Culture with former Arsenal F.C IT Director, Christelle Heikkila
  • Demand for ZTNA continues its upward trajectory in 2022
  • What does “cyber resilience” mean to Legal IT?
  • Where are you on the machine learning and artificial intelligence roadmap?
  • Voices of NetMotion: reflecting on 2021
Avatar

About Joel Windels

Joel Windels is CMO at NetMotion, where he is currently spending time thinking about how to articulate complicated things in simpler, more digestible ways. He’s spent the last decade working for fast-growth technology companies, spanning martech, cyber security and UX. If you want to get his attention, the best way is to start talking about Chelsea FC, science fiction, or something to do with animals.

Meet the secure virtual private network that's purpose-built for mobile workers. Your free evaluation of NetMotion Mobility® starts here.

Keep Reading

Creating a Cyber Security Culture with former Arsenal F.C IT Director, Christelle Heikkila

Security

Demand for ZTNA continues its upward trajectory in 2022

Products/Solutions Remote Working Security

What does “cyber resilience” mean to Legal IT?

Security

  • Customer Portal
  • Knowledge Base
  • Support and Services
  • Training
  • Support Plans
  • Professional Services
  • Release updates
  • Security Advisories
  • Support Advisories
  • Supported Systems
  • Disclosure policy


Avatar
Joel Windels

Try the software for 30 days, for free


Get Started
  • SASE
  • Company
  • Sectors
  • Partners
  • Resources

Secure remote access, without sacrificing on experience.

LinkedIn Twitter instagram youtube Email
  • SASE
    • ZTNA
    • DEM
    • VPN
    • SD-WAN
    • SWG
    • FWaaS
    • CASB
  • Company
    • Customers
    • Careers
    • News
    • Management
    • Privacy
    • Legal
    • Manage preferences
  • Sectors
    • Law firms
    • Finance
    • Public safety
    • Healthcare
    • Transport
    • Utilities
  • Partners
    • Alliances
    • Resellers
    • Verizon
    • AT&T
    • Telstra
    • Rogers
    • Microsoft
  • Resources
    • Blog
    • Reports
    • Analysts
    • Case studies
    • Webinars
    • Videos
    • Support

© 2022 NetMotion Software