[By John Spiegel, Director of Strategy, Field CTO, Axis Security]
Exploring the SASE and SSE landscape is a daunting task. With over 30 vendors in the space, each with a point of view, it is easy to get lost in both the technical and marketing aspects of the frameworks. But SASE and SSE are critical to bringing convergence to network and security, enabling your application delivery system with both speed and security and reducing your organization’s operational and vendor management burden.
While I will not dive deep into how to select your vendor and platform, there are two areas I recommend exploring, arguably two of the most hyped emerging technology categories. Yes, you guessed it, AI and Quantum.
Why should you even think about the twin Taylor Swift of our decade when bringing harmony between the cats and dogs of networking and security? As Ferris Bueller, a well-known philosopher of the 80s, is known for saying, “Life moves fast. If you don’t stop and look around once in a while, you could miss it.”
Technology moves at a breakneck speed. Before you know it, these technologies will be areas you need to account for in your technology portfolios. As it is still early days for both AI and Quantum, how should you think about them today, and where does this conversation happen? The answer is roadmaps. Each vendor has a roadmap, and it’s important to understand how a vendor’s product offering aligns with your requirements. This is not a day-one conversation but a discussion area you must address as you begin to down-select the vendors you are considering.
As you engage vendors, each will discuss current features and capabilities as well as make promises about what’s coming soon. In this article, I will help you understand why AI and Quantum must be included in these discussions.
Roadmap Item 1 – AI
Every time you open your (insert social media app) or talk with your peers at a conference, the lack of talent in cybersecurity will inevitably come up. Per ISC2, the gap in 2024 is 4 million workers, and it is not improving. This is exacerbated by the mantra from leadership that you must “do more with less” and lean budget allocations set for this year. Add it all up, and the choices are challenging for those on the frontlines.
Enter AI. While ChatGCP is hogging all the headlines, AI will remake how we approach security and networking. But let me be clear, AI is not our cyber messiah, but it will assist us on the operational side of cyber security and will be our aide or guide in optimizing your technology solutions. For example, in the SSE space, your AI guide will assist you in providing recommendations for your security policies. Since it can “see” the bigger picture and understands best practices, an operations resource will interact with the AI guide to learn about policy violations and be briefed on possible areas of improvement. Perhaps there is a policy statement that is no longer being used, or worse, Jim, who was in sales, just moved to marketing. Should Jim’s privileges for sales be rationalized? Is there a business impact, such as lower operating costs and greater security outcomes?
What are the questions to ask regarding roadmaps for SASE and SSE vendors? For AI to work effectively, it must have access to massive data pools. The performance will never be met without data, the raw oil powering the AI engine. The question to ask your vendor is how they collect the data, what the data is (hopefully both network and security), and whether or not there is a single data lake. The single data lake is key. If the vendor’s solution is a series of separate, lightly integrated solutions, it’s time to be concerned. That’s because it will be hard to train their AI engine and, as a result, lower your operational costs. I recommend seeking better outcomes with vendors who built on a modern architecture based on Cloud forward principles. Providing AI assistants and normalizing the data needed for success will be much easier. Make sure to dive deep into this topic, and do not accept soft answers!
Roadmap Item 2 – Quantum
The second area is quantum encryption. Right now, all the key vendors in the space are built on TLS, IPSec, and GRE (yes, they exist), as well as newer protocols like WireGuard. Experts in the field say by 2030, all of them will be at risk. Nation-state actors will lead the way, but given Moore’s Law, the cost and power of computing will continue its march forward, putting this futuristic capability in the hands of garden-variety blackhats. That means it will become very easy to break modern protocols.
Why is this a critical roadmap question to ask? Both SASE and SSE are generally consumed on 3—to 5-year terms. The time to value for a full SASE or SSE deployment can also take 12-36 months. Why? You are consolidating what were previously point products from different vendors. Thus, you need to consider the financial impact. Is the solution depreciated? When does support expire? Given the time horizon, 2030 will be here before you know it.
So, what do you need to ask? The more innovative vendors are already planning. They will have a strong message regarding quantum and should already have an MVP in process. It may not be in general availability for a year or two which is ok. Remember, you are looking for the indication that quantum encryption is coming and a rough time frame. What you’re not looking for is a blank stare or a talk track where you’re told, “Don’t be concerned.” That’s when you should be concerned! It’s because the vendor either has not thought about it or, worse, the architecture they’ve based their solution on has become difficult to scale due to technical debt and operating costs. Asking the quantum question helps you understand the future and the present state of their technology. It’s not necessary to do a deep dive on the various quantum protocols. At this stage, you want to see how they respond. In addition, if this is an area you are passionate about, you may be able to influence their roadmap as it is still early days for quantum encryption.
Exploring the roadmaps of vendors you are down-selecting is an essential due diligence activity in procurement. You want to understand where the product is going, its vision for the future, where it is deficient, how you can influence its roadmap to solve your key business challenges, and, critically, how much of a partner it can be. Much can be uncovered and gained from these critical discussions…. Always do a roadmap review before purchase, and …. make sure to ask about AI and quantum encryption!!!