Navigating the SASE (Secure Access Service Edge) Landscape for First-Time Adopters
Hi, I'm Max Clark. My team and I have been doing a deep dive on Sassy providers lately. Why? Because Sassy is awesome and most of them just suck. I don't know how else to say this.
Speaker 1:It's late in the day for me. So my yeah. I'm ready to get spicy, I guess. Let me explain this a little bit more and we'll come back to the beginning. So what is Sassy?
Speaker 1:Sassy is basically you take your firewall, your SD WAN. You say you have you just throw a bunch of stuff together into one pot and you call it SaaS is basically what happened. And what those things are typically it's your well, it stands for secure access service edge, but what you're taking is you're taking what was gonna be an SD WAN function. You move your firewall typically from your premise where you're buying a big box. You're going to a cloud based firewall.
Speaker 1:Right? That's what these things get called now is cloud based firewall. And and you're and you're layering in a bunch of other technology as well, usually secure web gateway, usually probably 0 trust network access e t n a maybe it comes with DLP maybe it comes with gas b maybe it comes with RBI and threat intelligence tools and like depending your vendor you're gonna get a bunch of different stuff about it the thing that's awesome about Sassy is not only do you get a really good security solution for your office your physical locations but you get to deliver the same solution to your remote users so smaller offices as well as remote users can have the same security stack as your main office location does and this is why this is valuable because if you've got somebody working from home or traveling or you've got a small satellite office you don't want that to be the weak link in your security structure but your whole apparatus can go out the window because you've got somebody at their house with with who knows what's going on and then that gets infected and that just has a free rein into your network because something else is going on.
Speaker 1:So Sassy now gives you fundamentally the ability to integrate a lot of this network tool no. A lot of this network stuff that you want with security stuff into one thing and then give that both to your main office locations, your small offices, your satellite offices, and your remote users. And by the way, so now you have your remote users. Your remote users can connect to the Internet and securely connect to the Internet, browse the Internet, not we'll have to worry about them going to malicious websites, downloading bad stuff, if they need remote access to your applications. And this is where ZTNA and CASB depending on what you're actually like, if you're if you're trying to securely connect to Salesforce, technically, that's CASB.
Speaker 1:And if you're trying to get to something in your data center and you're on private cloud, that's technically ZTNA. But these things are kinda getting blurry in terms of, like, what's the one versus the other. It's just becoming kind of like this thing. Now I started off by saying that SaaS SaaS is awesome. Hopefully, I've kind of explained why I think SaaS is awesome.
Speaker 1:Right? You can now in the good old days, if you wanted to have a secure remote user, that remote user, let's say, we'll just use simple geographies. Right? Let's say that remote users in in Los Angeles and your office is in New York and that remote user now has to VPN to your office in New York in order to get on the Internet. What happens?
Speaker 1:Well, it basically sucks for them because they have to traverse the entire United States in order to get through your corporate firewall to then go out. And oh, by the way, other things pop up where it's like, search engines don't know where they are in the in the world when they're trying to find stuff by default and you can fix that but it's it's annoying. That's a simple solution. Now imagine that your main office is in what would it would do we'll do Seattle your main office is in Seattle and you've got manufacturing in Brazil and you've got a development office in India. Okay?
Speaker 1:Now think about that network traffic for a second. Is all of your operations in Brazil gonna tunnel back to Seattle in order to get corporate IT policy and have access to your stuff? Oh, and by the way of AWS in Virginia USC Swan. Same thing with your India team or may maybe it's some other country, and you've got a you've got a team in Romania or Turkey or whatever. Right?
Speaker 1:That is common architecture with old school firewalls is to have this pinning of traffic traversing huge geographies and the people on the wrong side of that connection just life sucks for them because you just can't do anything about the fact that it takes time for things to go across 2 continents. So this work gets so, again, SaaS, it's awesome because it gives you a bunch of tooling in one thing centrally controlled, managed by your provider, updated in real time, aggregated data across their entire they they're just gonna see more stuff and be able to protect you against more stuff faster right now the Sassy architecture also means that instead of pinning your traffic back to your office to your main location the gateways key term the gateways are gonna exist in lots of different locations around the globe most now here's that here's the 30 secrets most Sassy vendors are gonna start off by taking and putting gateways inside of cloud regions so they're gonna use Oracle Amazon Microsoft Google Oracle some some of the big footprint. So for instance, Microsoft Azure is really popular for these types of things because Microsoft has regions in Latin America.
Speaker 1:They have regions in Africa. They have regions in India. Right? So so maybe you end up with Microsoft. Big negative with this is by using a cloud a public cloud vendor.
Speaker 1:The most expensive thing to do with a public cloud is move data and egress data out of the public cloud. So now you've got a very expensive Sassy solution because they're using the most expensive bandwidth known to mankind in that cloud vendor in order to bring stuff in and out. So the second step for a Sassy vendor is to start bringing on their own infrastructure. The fastest way to bring on their own infrastructure when I say infrastructure, I'm talking about them going out and doing what was used to be referred to as dedicated servers or maybe VPS's. And this is my rant because now they have dedicated server infrastructure located around the globe with a hodgepodge of different providers offering a dedicated server infrastructure.
Speaker 1:And usually these boxes are just absolute crap. You're talking about cheap processors, consumer grade hardware, slow slow bus speeds, chunky hard drives. And and here's the key, really slow network connections. Like a 100 megabit per second flat rate port network connections. Why?
Speaker 1:Because a dedicated server provider doesn't wanna allocate crazy amounts of bandwidth to a dedicated server box where they have a lot of bandwidth risk in terms of pricing. But at a 100 meg, even if that box gets used in a DDoS attack or some some other who knows what or gets compromised and the spewing stuff out, it's limited in terms of damage it can do. By the way, almost every consumer focused VPN platform does the same thing they go out and they purchase dedicated servers from providers in different regions or providers can offer them multiple regions because they have that infrastructure, but again we're talking dedicated server boxes And then they're using that to actually be the locations of things and where they go. Why does this suck so much? Well first off, I don't know about you but I don't want my network connection for all of my users limited to a 100 megabit in today's world so if you have people with fast internet connections in their house and you've got a lot of them in a region let's just say you've got a 100 users in the region with reasonable downloads of like 500 megabit cable modems and now you're gonna connect them to a gateway in that region that's got a 100 megabit download what happens it sucks life sucks and that's why I'm so pissed off right now how do this is happening so I mean first off you should be doing a an evaluation you should be doing some sort of PFC some trial some some month to month service whatever it is with this infrastructure before you're signing a contract.
Speaker 1:And in part of that, you should be configuring it into a real world where you're putting users and they're connecting users to it and then you're connecting and building tunnels to that to your infrastructure and you're getting your and you're putting everything together. And as soon as you do that, start trying to do some big transfers against it. And what you're gonna find really quickly is a lot of them, that transfer is going to saturate at right around 10 megabytes per second, AK 80 megabits per second. And why is that a magic number? Well, that is a magic number because that's what a 100 meg dedicated server and connected interface is going to saturate at.
Speaker 1:You're also gonna see this with QoS policies. Maybe the provider is using QoS as opposed to a physical port. It's a VPS server of type. You're gonna see the other one which is almost even more frustrating which is the download scale up and get to some point and they go did come back down to almost nothing and then scale back up again and you get this horrible kind of like sawtooth zigzag experience coming up and down and it's so frustrating because we have found some just unbelievably great stories, good logos, good interfaces, good tech, and then you get you get deep into it. Everything sounds right.
Speaker 1:You've I mean, we ask at this point, like, what's your what's your interface so we can connect? Oh, yeah. Yeah. Yeah. No problem.
Speaker 1:We got blah blah blah blah. And then you find out, no. You don't. You line rat bastard. Other thing that's a big problem is Sassy.
Speaker 1:The way Sassy gets implemented is if you've got, a permanent location in office, you have a box that goes into that office. And this can be a lot of things it depends on the provider how they actually do it could be like SD WAN it could be SD WAN light it could be no SD WAN and just like an IPSec tunnel but you've got some sort of physical box with that VPN usually again creating a tunnel to that provider's nearest gateway pop whatever they want to call it right which then is where their infrastructure is running which is then where bandwidth is coming in and out of typical architecture if you're a remote user so if you're on your cell phone if you're on a tablet if you're on a laptop if you're at your house if you're a satellite office with only a few number of users put in a hardware appliance in order to do this right that VPN client is running on that device in order to create that tunnel to the gateway in order to then deliver the service that you've purchased it is crazy how many of these providers have software agents that get installed that are absolute complete steaming piles of garbage there's one which I mean if you put this software on your cell phone all of a sudden you wonder why your cell phone battery it just goes from 8 hours of life to 2 hours of life it's because you're running the software on it and the client sucks and sucks all the battery down so I I don't what what sucks about this and also is it's such great technology that's implemented so badly and if you make the mistake and you accidentally sign up with the wrong one you're gonna think that it all sucks Let me just tell you it doesn't all suck.
Speaker 1:The people that you just got stuck with suck and there's other ones out there that are way better and actually do what you wanna do and it life is as awesome as you think it. I mean, again, one of my favorite pieces of tech are in in the market today is Sassy because what it does for you and how transformative it can be for your network and security and remote users and and management and everything. It's wonderful. Absolutely. Go buy a Sassy platform.
Speaker 1:Do it. Do it tomorrow. Right now. Like watching this video stop watching the video go buy a sassy platform. Just make sure you're not getting one that sucks.
Speaker 1:Okay. Ran over. I'm Max Clark. If you have questions drop me a comment below. Peace.
