From Networking to Security, SASE Takes a New Kind of Teamwork

The SASE (secure access service edge) market is on target to exceed $16 billion by 2028, largely driven by companies’ desire to move more IT to the cloud and to secure all the multi-cloud data exchanges that they perform at the same time, according to a recent report by Dell’Oro group.

"The SASE market is not just growing; it's transforming how enterprises approach their network and security architecture,” said Mauricio Sanchez, Sr. Director, Enterprise Security and Networking at Dell'Oro Group, in a release. “As businesses adapt to the new normal of hybrid work and distributed applications, integrating networking and security into a cohesive, cloud-native solution becomes paramount. SASE is not a trend; it's the future of enterprise connectivity and security.”

Are IT departments integrating their security and networking areas because of SASE? Judging by the organizations I’ve spoken with, it’s a mixed bag of combining both departments, leaving both departments as separate silos, and trying to blend them into some kind of hybrid collaboration.

In virtually all cases, the key is identifying the differences and the synergies between the two groups because it is commonly acknowledged that they must work together when it comes to SASE. This process begins with classifying the skillsets and competencies of both groups, seeing where there is duplicity of duties, and then determining the right blend of skills and effort to field a team for SASE.

Step One: Assessing SASE Skills

For network management professionals, the skills and competencies of employees are:

In the cybersecurity area, the important employee skills and competencies are:

In the event of a network security breach or threat, the security and network groups work together for purposes of breach prevention or mitigation.

There is bound to be overlap as the two groups work together and there is, especially when both are focused on a potential or actual security breach. In other cases, there is a sharp division of labor. The networking group is more technically oriented because its utmost attention is directed toward network uptime, availability, and optimal performance for users.

In contrast, the security group is less technically oriented. Instead, it focuses on being cognizant of security threats and ensuring that the latest guidelines and regulations for security are in place. The security team also reports on security and compliance to the board, upper management, insurance companies, auditors, examiners, and others with a need to know.

Next Steps: The Conversation That SASE Forces

Because SASE moves security practices and governance out to the edges of cloud providers and out of the data center, the task becomes not only ensuring the enterprise's security and governance criteria are met by the SASE provider but also that the SASE provider has compliant security practices in its own right. To do this, both the networking group, which configures security at the SASE provider, and the security group, which ensures that the SASE is security-compliant, must participate.

Some companies have reconsidered their organizational structures because of SASE, thinking that it might be more effective to combine the security and networking functions into a single department instead of having both functions operate under their own separate silos. This approach can work -- and separate silos can work too, so long as there is active collaboration between the two functions as it is needed.

What hasn’t worked is a blended approach between networking and security where there is a dotted line reporting from one function to another. This blended approach quickly becomes dysfunctional because there is always confusion as to whom has the ultimate authority to call the shots when it comes to decision making or strategy.