Wesley van Rayne and Morne Vermeulen, Redvine Networks
While a handful of vendors will tell you that SSE (Secure Services Edge) is the way to go and that SASE
(Secure Access Services Edge) will eventually disappear, it is not an all or nothing approach. Typically,
these vendors neither have edge devices nor a value proposition tied into SD-WAN, resulting in them
pushing a specific agenda. SASE is more relevant to Africa than ever, especially when one takes into
account the unreliability of links across the continent.
SASE combines SD-WAN, firewall-as-a-service, Secure Web Gateway, CASB filtering and content
control, amongst others and is designed to accommodate office, home, and anywhere users while also
accounting for devices whether user-driven or autonomous.
SSE is defined as all of this, but without the access component, in this case, SD-WAN. SSE only caters
for office users and does not account for devices and other technologies that are not user interfacing. The
argument for adopting SSE is that it will eventually take over when enterprises stop requiring a WAN
environment. Proponents say that one would only require a stable internet connection to remain
operational.
Counterclaim
While we don’t disagree that SSE makes sense for certain remote workers or any person using an
endpoint client where an operating system can be installed and supported, it does not account for the
rapidly expanding IoT infrastructure ecosystem. As yet, endpoints cannot be installed on unmanned
devices like IoT sensors, or signalling devices attached to hardware. Of course, the IoT argument is just
one.
Currently, the biggest downside is that it does not matter what you are connecting from, it is about the
stability and resilience of the connection. And this is something that is fundamental to SD-WAN
connectivity. For example, a company might install and manage a link using an SSE platform. But if the
link goes down, the entire business goes down.
People often forget that the quality of links in Africa will not exponentially improve over the coming five
years. SASE is therefore still essential when it comes to delivering performance over those unreliable
links.
Making it practical
Let us examine two use cases for SASE.
Mining is a business that requires people to be onsite and part of a corporate network that can control
who can access what data. It is a strict environment with many applications and services that are not
publicly accessible. There are no general internet links for these systems on a mine. Furthermore, an
SSE will be of no use to get information quickly and efficiently from weighbridges into a mine’s auditing
software. There is simply no way to install a VPN on a weighbridge system – the hardware is designed
purely to record and send information and there is no real intelligence or configurable operating system
on these types of devices. A modernised WAN environment is essential to reliably access or transport
these applications and services.
Medical pathology is another example – Inside laboratories are analysers that look at blood samples and
generate results. These analysers only connect internally and never reach the internet due to stringent
regulation when it comes to medical data. An entire WAN is built just to service these analysers. VPN
software cannot be installed on these devices as they are purpose-built to cater for specific use cases.
These are just two examples that show what it takes to run a business that does not revolve around
internet connectivity. There are many niche apps that benefit from secure and resilient WAN
infrastructure.
So where to from here?
There is no doubt that there is a time and place for SSE but not to the extent which some vendors make it
out to be. It simply introduces another layer of complexity which businesses might not consider when it
comes to integrating end devices rather than only being focused on end users.
SASE caters for any of these instances and provides local companies with a more robust value
proposition, and an always on option for businesses, given the unreliability of connectivity across the
continent.
Investing in technology, in our opinion, is rarely an all or nothing discussion. Having a clear view of what
your business needs, coupled with the need to limit complexity, while maximising the availability of
applications and tools, is key.