June 09, 2024 7m read

A CxO’s Guide: Tough Questions to Ask When Moving to SASE

Demetris Booth
Demetris Booth

Table of Contents

Wondering where to begin your SASE journey?

We've got you covered!
Listen to post:
Getting your Trinity Audio player ready...

Making the Paradigm Shift

A paradigm shift away from traditional network and security architectures towards a more flexible and highly scalable cloud-native SASE Cloud architecture can be stomach-churning for many CxOs today. However, taking a holistic view of the drivers of this shift will help put things into perspective. Realizing desired outcomes like the reallocation of resources to more strategic initiatives, agility, speed, and scalability can bring about child-like anticipation of how this new world of SASE will feel.

Before CxOs achieve technology nirvana, however, they must take a few logical steps, and asking tough questions to understand the problem statements and desired outcomes is an important part of this. To better frame this picture, we’ve discussed this with a few of our customers to understand their thought processes during their SASE journey.

Define The Problem Statement

Organizations arrive at SASE decisions from different vectors. For some, it’s as easy as upgrading their WAN connectivity and adding better security. For others, it is exploiting a refresh cycle to explore “what’s next”. Whatever the drivers, understanding the true problems is essential for proper outcomes.

A simple problem statement might be, “Our network is a mess, so we need a different approach to this refresh cycle. Do we have the talent to pull it off?” This identifies two problems to solve: network performance and reliability, and the skillset deficit. Another problem statement might be, “Our current tools are too expensive to maintain, and we need more value for the money we spend.” This implies that managing network and security tools, equals more time spent on mundane support tasks than strategic projects.

While these statements are rather generic, they are no less real-world for most CxOs. Identifying the true problem statement can be exhaustive; however, this is the first step toward understanding the right questions to ask.

“The steep learning curve on our firewalls meant we were not getting value on the high costs we were paying. We needed a simpler, well-designed solution that our teams could more easily learn and manage.”

~ Joel Lee, CIO @ an Asia-Based Construction Firm

Ask The Tough Questions

Determining which questions are relevant enough to influence a buying decision and asking them can also be exhausting. Not all tough questions are relevant questions, and vice versa. Additionally, all questions must derive from the problem statements specific to your business situation. The following were the top questions our CxOs tend to ask:

1. Does this fit our use cases, and what do we need to validate?

“What problems are we trying to solve, and how should we approach this?” By asking this question of their teams, CxOs are basically asking what is not working, why it’s not working, and what success looks like when it is working. On the surface, it seems easy to answer; however, when digging deeper, many organizations find this to be a daunting question because the answer is sometimes a moving target and is almost always subjective.

2. Do we have the right skills?

When moving to a 100% cloud-delivered SASE solution, it is logical to question the level of cloud expertise required. However, a major relief for CxOs is realizing that their teams could easily be trained for a SASE Cloud solution. Additionally, they realize their teams have more time to expand other technical skills that benefit the broader organization. This allowed them to re-frame the question to, “what additional skills can we learn to build a more agile and dynamic IT organization?”

3. SD-WAN makes sense, but SASE? How will all security services be delivered without an on-prem device? What are the penalties/risks if done solely in the cloud?

Traditional appliances fit nicely inside the IT happy place – an on-prem appliance with all configurations close by. So, can we really move all policy enforcement to the cloud? Can a single security policy really give us in-depth threat prevention? These questions try to make sense of SASE, highlighted by a fear of the architectural unknown. However, existing complexity is why these CxOs wanted to inject sanity and simplification into their operations. Security-as-a-Service delivered as part of a SASE Cloud made sense for them, knowing they get the right amount of security when needed.

4. What will the deployment journey be like, and how simple will it be?

Traditional infrastructure deployments require appliances everywhere, months and months of deployment and troubleshooting, multiple configurations, and various other risks that may not align with business objectives. This is a common mindset when pursuing SASE, and CxOs want to understand the overall logistics – “Will our network routing be the same? Will our current network settings be obsolete? Where will security sit? How will segmentation work? Is it compatible with my clouds, and how will they connect? Who supports this and how?” This is just a tiny subset of items to understand, intending to set proper expectations.

5. What are the quantitative and qualitative compromises?

CxOs need to understand how to prioritize and find compromises where needed. Traditional costs often exceed the monetary value and can veer into architecture and resource value. So, an effective approach proposed was using the 80/20 rule on compromises – what are my must-have, should-have, and could-have items or features? Answering this begins with knowing where the 80/20 split is. For example, if the solution solves 80% of your problems and leaves 20% unsolved, what is the must-have, should-have, and could-have of the remaining 20%?

  • How do you determine which is which?
  • How would you solve the must-haves differently inside the same architecture?
  • How will you adapt if an architectural could-have unexpectedly evolves into a must-have?

6. How do we get buy-in from the board?

SASE is just as much a strategic conversation as it is an architectural one. How a CxO approaches this – what technical and business use cases they map to, and their risk-mitigation strategy – will determine their overall level of success. So, gaining board-level buy-in was a critical part of their process. There were various resources that helped with these conversations, including ROI models. CxOs can also consult our blog, Talk SASE To Your Board, as another valuable resource that may assist in these conversations.

“What does this convergence look like, and how do we align architecturally to this new model?”

~ Head of IT Infrastructure @ a leading seaborne energy trader specializing in LNG

Mitigate Internal Resistance

Any new project that requires a major paradigm shift will generate resistance from business and IT teams. Surprisingly, our panel experienced very little resistance when presenting SASE to their teams. Each anticipated potential resistance to budgets, architecture change, resource allocations, etc. They determined what could and could not be done within those constraints and addressed them far in advance. This helped mitigate any potential resistance and allowed them to ease all concerns about their decision.

The ROI of Doing Nothing | Read now

What Other CxOs Can Learn

Transitioning to SASE requires time and planning, like any other architecture project. Keys to making this successful include understanding your problem statement, identifying your outcomes, and learning from your peers. This last point is key because SASE projects, while relatively new, are becoming more mainstream, and the following advice should make any SASE journey much smoother.

Planning Your Project

  • Have a clear vision and seek upfront input from business and technical teams
  • Have a clear understanding of your “as-is” and “to-be” architecture
  • Don’t jump on the bandwagon – know your requirements and desired outcomes

Conduct Thorough Research

  • Do a detailed analysis of the problem, then do your market research
  • Understand Gartner’s hype cycle, roadmaps, predictions, etc.
  • Never stop researching solutions until your goals are finalized
  • You may discover something you needed that you did not realize – extended value

Evaluate The Solution and Vendor

  • Develop a scoring mechanism to evaluate vendor technology and performance
  • Understand your compliance requirements (NIST, PCI-DSS, ISO, GDPR, etc.) and how the solution will enable this
  • Examine their approach to delivering your outcomes, and pay attention to onboarding, training, and ongoing support

Be Confident in Your Decision

  • Don’t focus solely on costs
  • Examine the true value of the solution
  • Understand the extended costs of each solution – SLAs, ongoing maintenance, patching, fixing, scalability, refresh cycles, etc.
  • Be honest with yourself and your vendor and remain focused on your outcomes.

This approach benefitted our CxOs and guided them toward the Cato SASE Cloud solution.

“Know what you want to achieve upfront, then stay focused but flexible. Pay attention to skills and capacity requirements.”

~ Stuart Hebron, Group CIO, Tes

Make the SASE Decision

SASE is the ultimate business and technology transformation, and embarking upon this journey is an important step that every decision-maker will, understandably, have questions about. Are we compromising on anything? What risks might we face? Do we have the right skill set internally? Is it financially feasible? These are just a few of the key questions CxOs will pose when pursuing SASE. Asking them will provoke critical thinking and more holistic planning that includes all elements of IT and the broader organization. In the end, asking these questions will lead you to the obvious conclusion – a digital transformation platform like the Cato SASE Cloud solution is the best approach to prepare you for continuous business transformation without limitations.

For more advice on deciding which solution is right for your organization, please read this article on evaluating SASE capabilities.

Related Topics

Wondering where to begin your SASE journey?

We've got you covered!
Demetris Booth

Demetris Booth

As the Product Marketing Director for Cato Networks in Asia Pacific, Demetris leads the strategic engagements around Cato’s Cloud-Native approach to Secure Access Service Edge (SASE). He is a strong advocate and champion of network and security convergence, promoting SASE as the pathway to better business and technical outcomes. Prior to Cato, Demetris held various leadership roles with Sophos, Cisco, Juniper Networks and Citrix Systems. As a 20+ year technology industry veteran, he brings a diverse, global perspective, having lived and worked in North America, Europe, and Asia.

Read More