BlogFortinetSASEVersaSecurity Transformation
Blog • • 5 minute read

Sovereign SASE: Unified SASE under your control

Unified SASE adds multiple security benefits to your enterprise. Sovereign SASE extends these benefits to use cases such as data sovereignty restrictions, secure air-gapped networks and the need for a customized SASE solution.

In this blog

  1. Introduction
  2. The need for an autonomous solution
  3. Market landscape
  4. Conclusion 

 Introduction

In a previous article, "The Next Wave of SASE: Unified Solutions," the concept of Unified SASE was introduced. Unified SASE provides a single policy engine managed through a unified portal with a unified architecture that provides a single overlay network.  In addition, the consolidation of network and security provides unified visibility and reporting, enhancing security efficacy across the enterprise. 

Unified SASE delivers a solution for most organizations that can be deployed throughout the enterprise. However, specific use cases may require a different approach due to unique mitigating factors. In today's interconnected world, businesses operate across multiple countries, each with its regulations and requirements concerning data sovereignty. In addition, entities such as the federal government have restricted or air-gapped network architectures that preclude them from using any shared infrastructure.  This blog post will explore the implications of these restrictions on Security Service Edge (SSE), focusing on the emerging trend of Sovereign Secure Access Service Edge (Sovereign SASE).  

 The need for an autonomous solution

When Gartner coined the term back in 2019, the benefits of SASE were clear. Digital transformation and the pandemic quickly accelerated the need for a solution to accommodate a workforce accessing workload and data that live everywhere from any location. SASE changed how we securely access all the tools we need to be productive. To learn more about SASE and SSE capabilities, check out "What happened to the A in SASE?"

However, the characteristics that make SASE so effective (location agnostic, consistent security policies across the entire organization, highly distributed worldwide architecture) prohibit some organizations from utilizing the solution. Here is a list of use cases where SASE would be a highly effective solution but, because of one or more of these mitigating factors, cannot adopt mainline SASE solutions:

  • Service Provider / Telcom custom offerings: Many service providers offer managed SASE services as part of their customer bases' subscriptions, but the ability to differentiate and provide unique capabilities is limited when leveraging current public SASE offerings due to the inability to customize. In addition, the ability to run the service entirely within the service provider's architecture is non-existent.
  • Customers with specific geographically mandated data sovereignty requirements:  Laws such as the General Data Protection Regulation (GDPR) mandate impose strict laws on how personal data must be handled, including restrictions on cross-border data transfers.  Other regulations may require data to be kept in a controlled environment.  These mandates are beyond what public SASE offerings can achieve.
  • Air-gapped/restricted networks: Organizations such as the federal government require networks that cannot have any public infrastructure connectivity as a part of the security requirements. This makes it impossible to leverage these services, as they all exist in the public cloud.

To address these gaps, vendors have started implementing hosted versions of their SSE/SASE offerings in various countries, including China, to provide separate products with their own data and control planes. However, different organizations have different requirements, especially in highly regulated verticals. This has led to Sovereign SASE—a customer-hosted SSE/SASE environment the vendor provides in an as-a-service consumption model. 

 

 

What makes a SASE solution "Sovereign"?

A blue and white photo of a castle Description automatically generated

Imagine having a network security solution that is robust and tailored specifically to your unique needs. That's the essence of Sovereign Secure Access Service Edge (Sovereign SASE). 

With customizable services, you have the autonomy to design your architecture just the way you want it. Whether you need to meet specific regulatory requirements or geographical challenges, Sovereign SASE allows you to mold the service to fit your exact requirements, ensuring your network security is as unique as your business.

But it doesn't stop there. With Sovereign SASE, you maintain ownership and control over your data and logs. This means that all your sensitive information stays private and within your environment. 

Let's not forget that Sovereign SASE also offers controlled infrastructure, meaning you can decide where your infrastructure resides. Whether on-premises or in a private cloud environment like Equinix, you get proximity to the business services you need. This control ensures that your network is secure and optimized for performance, giving you the best of both worlds.

Think of Sovereign SASE as a custom-built fortress for your business. You design the layout (customizable services), decide where to build it (controlled infrastructure) and keep the keys to all the rooms (data sovereignty). It's the ultimate blend of security, control, and customization, protecting your business.

 Market landscape

Fortinet and Versa Networks are leading the way in developing Sovereign SASE solutions, leveraging their strong heritage in firewall and SD-WAN (Software-Defined Wide Area Network) technologies. Netskope and Zscaler also offer on-premises capabilities for managing data sovereignty concerning the creation and usage of data, and it is only a matter of time before they extend their support to include data storage use cases. Details around these solutions will be explored in a future blog post.

 Conclusion 

It is important to recognize that with great customization comes great responsibility. Implementing a Sovereign SASE solution can introduce complexity and overhead, requiring planning and management to ensure optimal performance and compliance. The need for specialized expertise and resources to design, deploy, and maintain such a solution should not be underestimated.

Despite these considerations, the benefits of Sovereign SASE are compelling. It offers unparalleled control, security, and customization, making it the ideal choice for organizations operating in highly regulated environments or with specific data sovereignty needs.

If we have piqued your interest in Sovereign SASE and you want to explore how it can be tailored to meet your organization's unique requirements, we encourage you to reach out to our team. Let's collaborate to architect your custom-built fortress.  

 

Stay tuned for our next blog post when we cover unified SASE use cases versus Sovereign SASE and delve deeper into the market landscape

Technologies