Connect with us

Hi, what are you looking for?


Network Security

8 Degrees of Secure Access Service Edge      

Assembling a diverse team, outlining clear objectives, and meticulously assessing your network landscape can enable organizations to successfully navigate SASE migration without hiccups and pitfalls.

Edge Device Cyberattacks

Moving from the traditional hub and spoke WAN with legacy security perimeter to agile architectures like SASE requires a worn-out migration plan. I say “worn-out” because the path should be tried and true, serving as the closest line between two points without deviation, to ensure a successful investment. Without a sensible migration plan, organizations risk facing hurdles and setbacks. While the ideal migration roadmap will vary depending on specific requirements and limitations, these eight steps can apply to most deployment scenarios.  

1. Assemble Your Team: Start by breaking down the networking and security silos. Engage not only security and networking personnel but also key application owners and workplace transformation leaders for a rich and multi-dimensional perspective. A diverse team with all stakeholders involved will ensure comprehensive evaluations, seamless migration, and minimum resistance.

2. Define Your Objectives: Clearly define your objectives and goals for the migration. These may include facilitating WFA (work from anywhere) and remote access, supporting global expansion through affordable and consistent connectivity with minimal lead times, ensuring secure direct internet access (DIA) without backhauling or security appliance sprawl, or optimizing global connectivity to cloud applications. These goals and priorities will eventually shape the project roadmap.

3. Know Your Requirements: Not all sites have the same connectivity and SLA needs. Assess bandwidth and performance requirements as well as physical locations for each branch office. Leverage SD-WAN’s flexibility to choose the optimal connectivity option (MPLS, DIA, broadband) based on site significance. For instance,  MPLS running over redundant fiber may be most suitable for headquarters and critical branches, while redundant broadband should suffice for small branch or home offices. 

Keep in mind the user requirements, too. Determine if agent-based deployment or agentless browser connections suit your needs best. Also, map application/resource and user location to SASE points of presence. SASE PoPs serve as cloud on-ramps for high-performance, direct connectivity to cloud resources, so proximity ensures better performance and minimal latency. 

4. Future-proof Your Deployment: Plan for future needs, like global reach, portfolio expansion, flexible working, cloud migration or repatriation, mergers and acquisitions, etc. Consider how a SASE model will scale and adapt to emerging business needs for a truly future-proof network.

5. Scout the Perfect Provider: With clear objectives and requirements in hand, craft an RFI (request for information) for potential SASE providers. The RFI should outline your organization’s current network setup —  topology, technology stack, connectivity options — and security needs. It should also seek details on the vendor’s SASE architecture, features and capabilities, and support structure. The response will help narrow down the list for future proof of concept.

6. Plan a Gradual Deployment: SASE migration is better treated like a journey as opposed to a one-off project. Start small, migrating a few sites at a time or deploy only for new sites. Consider phasing in SASE as MPLS contracts expire or networking equipment or security appliances phase out. You can also implement SASE for specific cloud resources or user groups, like remote and mobile employees initially, and move incrementally from there. Not only is this approach more cost-efficient, but it can also minimize disruption.

Advertisement. Scroll to continue reading.

7. Build Your Business Case: All said and done, the boardroom holds the final say on SASE migration. When presenting the case, focus on the power of SASE in simplifying the network, optimizing costs, and mitigating security risks. Position SASE as an investment that delivers tangible business outcomes. Real-life success stories and data from other SASE adopters can also strengthen the case for SASE.

8. Run PoC and Migrate: Once the leadership is onboard, shortlist the top two or three providers and request proof of concept deployments. Test each solution for a maximum of 60 days, carefully selecting and focusing on diverse use cases to ensure a comprehensive evaluation. By the end of the PoC, your organization should be ready to commit and migrate fully. 

Embracing SASE can unlock a secure and agile foundation for a future-proof network. However, not all SASE implementations are a seamless success. Emphasizing a phased deployment not only lays the groundwork for full SASE adoption but also provides tangible evidence of its benefits and business impact, allowing the boardroom to witness SASE in action firsthand.

Additionally, assembling a diverse team, outlining clear objectives, and meticulously assessing your network landscape can enable organizations to successfully navigate SASE migration without hiccups and pitfalls. Overall, due diligence in planning during the initial phases will set the stage for a seamless migration, propelling organizations towards a network that is primed for whatever the future holds.

Written By

Etay Maor is Chief Security Strategist and founding member of Cyber Threats Research Lab (CTRL) at Cato Networks, a network security provider with more than 2,200 enterprise customers and 1,000 employees across 30 countries. Previously, he was Chief Security Officer for IntSights and held senior security positions at IBM and RSA Security's Cyber Threats Research Labs. An adjunct professor at Boston College, he holds a BA in computer science and a MA in counterterrorism and cyber terrorism from Reichman University (IDC Herzliya), Tel Aviv.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Gabriel Agboruche has been named Executive Director of OT and Cybersecurity at Jacobs.

Data security startup Reco adds Merritt Baer as CISO

Chris Pashley has been named CISO at Advanced Research Projects Agency for Health (ARPA-H).

More People On The Move

Expert Insights