Fortinet’s SASE Enhancements Simplify Security and Networking

This syndicated post originally appeared at Zeus Kerravala, Author at eWEEK.

Fortinet’s FortiSASE enables businesses to deliver consistent security across hybrid enterprises.

This week, security vendor Fortinet announced several updates to its SASE platform to address the security needs of hybrid work.

The pandemic gave many workers a sense of what it’s like to work from home and most want to continue to do so, just not all the time. My research shows that 86% of users want to work from home but only 9% want to be 100% remote. Also, 51% of employees will work from home 2-4 days a week and 14% one day a week. These numbers point to a world where most businesses must think hybrid.

The shift to hybrid work has had a profound impact on corporate enterprise network and security strategies. Long gone is the nice, well-defined perimeter where everything on one side is considered secure and everything on the other is deemed bad. Hybrid organizations are both dynamic and distributed and the “border” is constantly changing and evolving. This happens as workers move on and off premise and access company and cloud resources from different locations.

Network and security teams have adjusted by adopting some combination of SD-WAN, security services edge (SSE) and secure access service edge (SASE). But this has its own challenges as the mix of cloud-based security, on-prem threat protection and hybrid networks increases complexity, creates bottlenecks, and degrades network performance. A converged approach to security and network is needed to address the above issues.

Enhancements Simplify Security

In this release of FortiSASE, the company has added Secure Private Access and Secure SaaS Access features.

Secure Private Access enables businesses that are using Fortinet’s Secure SD-WAN and/or FortiGate next generation firewall to connect remote users to the company network via the closest Fortinet cloud point of presence (PoP).

This lets customers take advantage of Fortinet’s SD-WAN capabilities, such as ZTNA and firewall-as-a-service, directly in the PoP instead of having to backhaul the user to a branch office. Remote workers will have the same level of security at home as they do in the office without having to make any changes to their own environment, creating consistency of experience. This is key as users typically defer to the path of least resistance, which can cause them to turn off security capabilities if they get in the way of working.

With Secure SaaS Access, Fortinet has added dual-mode Cloud Access Security Broker (CASB) capabilities where in-line and API-based CASB provides visibility into unsanctioned and sanctioned applications, respectively.

This helps companies better address shadow IT and data exfiltration challenges. In security, there’s an expression that “you can’t secure what you can’t see” and this new capability gives network and security teams full visibility to all applications. Line of businesses and end users purchasing their own applications have created a huge blind spot and Secure SaaS Access will alleviate that issue.

These new capabilities add to Fortinet’s value proposition of being a “single vendor SASE” provider. Last month, research firm Gartner issued a Market Guide for single vendor SASE that highlighted the benefits of getting all the security and network components from one company. Cost reduction is on obvious one, but the bigger payoff is the reduction of complexity. The use of more than one vendor leads to having to maintain multiple sets of policies, change management complexity and inconsistencies in security.

Security and Networking Aligned with Current Trends

This shift to consolidate security and network functions creates a great opportunity for Fortinet to gain share. The company has long been regarded as one of the premier security vendors but, despite having a strong network portfolio, has historically been on the outside looking in with regards to WAN connectivity.

SASE has been merging those technologies and has enabled Fortinet’s strength to come through to the point where it’s now an SD-WAN Magic Quadrant leader; the company is ranked highest on the ability to execute scale. Most SD-WAN vendors have strength in security or network while Fortinet has been proficient in both for years.

While there are many vendors that fall into the “single vendor SASE” camp, Fortinet’s strength is that it has a single operating system (FortiOS) that spans all its products, and it makes its own silicon. Its security processing unit, or SPU, is optimized for security capabilities similar to how a graphics processing unit (GPU) is designed for the needs of creating better video experiences. General purpose CPUs typically have problems with these specialty use cases, and Fortinet uses the combination of hardware and software to deliver consistent services everywhere.

Author: Zeus Kerravala

Zeus Kerravala is the founder and principal analyst with ZK Research. Kerravala provides a mix of tactical advice to help his clients in the current business climate and long term strategic advice.