ter to fix something before deploying new components on top of it. “The only exception would be if you had some kind of compliance requirement that needed to be addressed immediately,” said Michael McKinnon, senior vice president of solutions and engineering at Globalgig, as part of the Avant report. “I don’t see any problem with deploying SASE ahead of that. But typically, if you apply SASE while you have an underlying network issue, you’re only complicating matters because now you have multiple new components and you have to determine what’s causing the problem.” Providers recommend organizations start with a thorough review of their unique circumstances, suggested the Avant study, before building a three- to five-year strategy of action that leverages a cross-functional team representing security, networking, compliance, finance and IT management, along with any outside trusted advisors. “The discussions should begin with preferred business outcomes and then drive downward into more specific details to support users, applications and remote locations leveraging the cloud and wide area networks,” advised Presti. “As the migration continues over time, conduct ongoing audits to ensure that the desired effects are being achieved.” “The choice of what to prioritize always begins with the question of what’s not working well. What do people complain about? What’s keeping people from being optimally productive? What causes end customers pain? Those are the places you want to start.” advised Mark Peay, channel director at Cato Networks. With so many systems and staff impacted, there could be some managerial reluctance to take a stand in favor of a SASE migration, continued Presti. In these cases, executive leadership may need to clearly articulate the direction and assign team members to take direct action. At the other end of the spectrum is the potential there are simply “too many cooks in the kitchen,” Presti warned, creating a situation in which “networking people, security staff and others may begin jockeying for budgetary position, in which case the resulting strategy may become less coherent. In extreme cases, you may see multiple tools serving the same function because a clear strategy was not in place.” “The network and security teams sometimes don’t like each other,” added Bill Franklin, senior director of cloud engineering for Avant. “Some teams have been stepping on each other’s toes for years, in which case you need to start at a place where both sides can agree.” What’s more, some individuals within an organization may be more cloud-focused while others are more appliancebased, “which means you may be displacing vendors with whom they’ve been working for a long time, and that could cause friction,” Franklin continued. “In such cases, it’s not just a technical decision; it’s a political decision as well.” To the extent that non-cloud related assets continue to be in use, Presti recommends organizations consider a cloud migration as a prerequisite to a SASE migration. “It’s a different kind of platform that moves away from the current paradigm of appliancerendered capabilities for networking and security,” added Peay. “Technology needs to be looked at more holistically; to center the enterprise network around the user and identity, as opposed to the data center.” The good news is, as organizations navigate their technology options and challenges on the way to their SASE implementations, channel partners as trusted advisors can play a key role, as they tend to have a detailed understanding of clients’ needs, circumstances and technology ecosystems. This is not lost on business IT departments. According to the Avant Research & Analytics survey, 76 percent of organizations said they will turn to a trusted advisors to provide educational assistance for SASE. And as part of that education, adviser would be wise to start off by preaching patience. o Source: CompTIA Top Reasons to Engage Trusted Advisors in SASE Decisions Source: Av n Research & Analytics What, if any, security challenges are your enterprise customers/subscribers facing if they are supporting an increasing number of employees working remotely? 15% 76% 9% 7% 5% 2% Roadmap Timeline for SASE Convergence Source: Gartner • Establish a cross-functional team spanning security, networking, workforce transformation and branch office transformation • Develop an overall SASE strategy and adoption timeline with specific, measurable goals • Phase out legacy network-level VPN for third-party access • Consolidate SWG, CASB, ZTNA and RBI as contracts renew. • Drivers Enable “branch office of one” anywhere, anytime access • Consolidate vendors to reduce complexity and costs including replacement and dedicated circuits • Shift security skills from maintaining boxes to supporting business access requirements • Adopt a zero trust security posture to remote access • Continued vendor consolidation to reduce complexity and costs • Sensitive-data visibility and control access channels, including at rest in public clouds • Zero trust security posture for office and campus locations • Consistent and measured user experience • Digital business dexterity, speed in provisioning and supporting change • Sensitive-data visibility and control across endpoint, cloud and on-premises • Full zero trust security posture • Protection of edge comput- ing and distributed compos- ite applications • Continued vendor consolida- tion to reduce complexity and costs. • Measure end-to-end user experience for all access • Phase out legacy network-level VPN for remote access; keep ZTNA active when returning to the office/branch • Phase out remaining dedicated network security appliances • Enforce contractual SLAs from SASE providers • Establish a permanent, unified cross-functional organization for secure access engineering • Consolidate to 1-2 vendors covering SD-WAN and secu-rity services • Activate continuous authorization for all access requests and monitor continuously for unusual or risky behaviors using machine learning • Phase out dedicated circuits Drivers Timeline indicates when to begin. 2021 2025 Drivers Education Product/Solutio Selectio Integr tion with Legacy Systems Developing Migration Strategy Coordinating Buy-in within Customer Organization THE CHANNEL MANAGER’S PLAYBOOK 10