Over time, savvy vendors work to find new easier ways for people to consume their products. For example, years ago to rent a movie, you had to go to a store, wander through the aisles, pick out your movie, pay for it, then drive back to the store later to return it. At the time, it didn’t seem like a big deal. But it’s a lot easier now to pay a monthly fee, select from a vast list of options, and watch as many movies as you want over the course of your subscription. The change in the way a product is consumed also changed the business model.
In cybersecurity, a Secure Access Services Edge (SASE) architecture converges networking and security, to provide secure access and high-performance connectivity to remote users. From a cost perspective, it makes it possible to shift from upfront capital investments to an operational expense business model with user-based licensing. Like the switch from renting a movie to streaming, the shift in consumption has changed how security technology is sold.
When it comes to securing remote users with SASE solutions, many salespeople have made it sound easy. You purchase a SASE solution, point your users at it, and everything works. Except the reality is not quite that simple. Because SASE solutions are made up of multiple products, with some vendors, the procurement process involves scouring lists of countless combinations of products to figure out exactly what you need to order.
The licensing models can be surprisingly complex and confusing, and if the vendor has either acquired or partnered to fill gaps in its SASE solution, the products may or may not be integrated well with one another. Many cloud-delivered solutions don’t provide enterprise-grade security to all remote users everywhere. Sometimes they also can’t seamlessly integrate their SASE solutions with the wide range of physical and virtual network and security tools that are deployed at network edges.
When you’re looking at options, it’s important to make sure that a SASE solution can meet all of your needs. Most organizations need a solution that covers the following areas.
Secure Internet Access
The increase in remote and hybrid work has expanded the attack surface, so organizations need a solution that can protect users no matter where they or the applications they use are located. To address advanced threats, SASE needs to be more than just an encrypted tunnel security. It should include enterprise-grade security solutions that can inspect traffic and detect and respond to known and unknown threats, including a secure web gateway (SWG) to monitor and protect data and applications against web-based attack tactics, zero trust network access (ZTNA), URL filtering, DNS security, anti-phishing, antivirus, anti-malware, and sandboxing.
Secure Private Access
A flexible SASE solution should be able to provide fast and secure connectivity to corporate applications, whether they are deployed at a private data center or in the public cloud. It should include integrated ZTNA to provide explicit per-application access to authenticated users for granular control over who and what is on the network. SASE should integrate with SD-WAN and next-generation firewalls (NGFW). Ideally, it should have only one agent, so traffic redirection, ZTNA, CASB, and endpoint protection are included in a single tool.
Secure SaaS Access
Because of the increase in SaaS applications, an effective cloud-delivered security solution must protect mission-critical data and secure and safeguard cloud-based information. An effective SASE solution should support next-generation dual-mode cloud access security broker (CASB). It should support both in-line and API-based capabilities to overcome shadow IT challenges and secure critical data. SASE solutions should provide visibility into key SaaS applications with the ability to report on any risky applications and remediate application malware across both managed and unmanaged devices.
SASE Should be Everywhere
At Fortinet, our vision is to reduce complexity through convergence, integration, and end-to-end automation. Convergence brings together network and security infrastructure and integration between different security technologies, allowing them to function collaboratively. Then automation takes advantage of the built-in intelligence that integration enables across different solutions.
FortiSASE is an example of this Fortinet philosophy. Driven by our single-vendor SASE approach, FortiSASE converges cloud-delivered security—including secure web gateway (SWG), Universal ZTNA, next-generation dual-mode CASB, and Firewall-as-a-Service (FWaaS)—and networking (Secure SD-WAN). Powered by a single operating system (FortiOS), FortiGuard AI-powered security services, and a unified FortiClient agent, FortiSASE helps improve efficiency and delivers consistent security everywhere.
Because Fortinet owns and maintains the cloud network and firewall infrastructure, users receive enterprise-grade performance and security based on the policies set by the business. Additionally, FortiSASE is built on the same operating system as other Fortinet firewall deployments, FortiOS, which ensures that the experience is the same regardless of deployment and simplifies management and policy orchestration. Shared threat intelligence powered by FortiGuard Labs offers continuously updated threat prevention for more effective security.
FortiSASE is offered as a single SKU with per-user licensing, so purchasing is straightforward. Simple tiered licensing enables organizations to predict a cost-to-business growth correlation and use of security rather than tying up capital in excess hardware. It has a single unified agent, FortiClient, which can be used for ZTNA, CASB, and endpoint protection, while automatically redirecting traffic to protect assets and applications through cloud-delivered security.
Learn more about FortiSASE and how Fortinet can deliver SASE solutions that provide consistent security and user experience no matter where users and applications are distributed
