Wesley van Rayne and Morne Vermeulen, Redvine Networks
While a handful of vendors will tell you that SSE (Secure Services Edge) is the way to go and that SASE (Secure Access Services Edge) will eventually disappear, it is not an all or nothing approach. Typically, these vendors neither have edge devices nor a value proposition tied into SD-WAN, resulting in them pushing a specific agenda. SASE is more relevant to Africa than ever, especially when one takes into account the unreliability of links across the continent. SASE combines SD-WAN, firewall-as-a-service, Secure Web Gateway, CASB filtering and content control, amongst others and is designed to accommodate office, home, and anywhere users while also accounting for devices whether user-driven or autonomous.
SSE is defined as all of this, but without the access component, in this case, SD-WAN. SSE only caters for office users and does not account for devices and other technologies that are not user interfacing. The argument for adopting SSE is that it will eventually take over when enterprises stop requiring a WAN
environment. Proponents say that one would only require a stable internet connection to remain operational.
Counterclaim
While we don’t disagree that SSE makes sense for certain remote workers or any person using an endpoint client where an operating system can be installed and supported, it does not account for the rapidly expanding IoT infrastructure ecosystem. As yet, endpoints cannot be installed on unmanned devices like IoT sensors, or signalling devices attached to hardware. Of course, the IoT argument is just one.
Currently, the biggest downside is that it does not matter what you are connecting from, it is about the stability and resilience of the connection. And this is something that is fundamental to SD-WAN connectivity. For example, a company might install and manage a link using an SSE platform. But if the link goes down, the entire business goes down.
People often forget that the quality of links in Africa will not exponentially improve over the coming five years. SASE is therefore still essential when it comes to delivering performance over those unreliable links.
Making it practical
Let us examine two use cases for SASE.
Mining is a business that requires people to be onsite and part of a corporate network that can control who can access what data. It is a strict environment with many applications and services that are not publicly accessible. There are no general internet links for these systems on a mine. Furthermore, an SSE will be of no use to get information quickly and efficiently from weighbridges into a mine’s auditing software. There is simply no way to install a VPN on a weighbridge system – the hardware is designed purely to record and send information and there is no real intelligence or configurable operating system on these types of devices. A modernised WAN environment is essential to reliably access or transport these applications and services.
Medical pathology is another example – Inside laboratories are analysers that look at blood samples and generate results. These analysers only connect internally and never reach the internet due to stringent regulation when it comes to medical data. An entire WAN is built just to service these analysers. VPN software cannot be installed on these devices as they are purpose-built to cater for specific use cases. These are just two examples that show what it takes to run a business that does not revolve around internet connectivity. There are many niche apps that benefit from secure and resilient WAN infrastructure.
So where to from here?
There is no doubt that there is a time and place for SSE but not to the extent which some vendors make it out to be. It simply introduces another layer of complexity which businesses might not consider when it comes to integrating end devices rather than only being focused on end users.
SASE caters for any of these instances and provides local companies with a more robust value proposition, and an always on option for businesses, given the unreliability of connectivity across the continent.
Investing in technology, in our opinion, is rarely an all or nothing discussion. Having a clear view of what your business needs, coupled with the need to limit complexity, while maximising the availability of applications and tools, is key.