SASE Adoption – Avoid Pitfalls Many Companies Face

Marko Spremo:
Good morning everybody. This is Marko Spremo with Telapprise. Welcome to the SASE Adoption: Avoiding the Pitfalls Many Companies Face. We’ll give ourselves about 90 seconds before we start here. So bear with us and so people log on in and we’ll get started here in about 90 seconds. Thank you. (silence) Okay. All right. First and foremost, for those of you who have joined, we want to have this a very interactive session. So if you have any questions, there is the chat option to ask questions. Secondly, we will try to keep this to 30 minutes to make sure that everybody has an opportunity to ask those questions. And if there are any, please do go to that chat session. Again, thank you for joining us. Today’s topic is SASE Adoption: Avoiding the Pitfalls Many Companies Face.

Marko Spremo:
Our goal here is to really address some of the issues that we see clients facing today, as we’ve gone through a number of implementations here at Telapprise with our clients. A quick blurb about Telapprise, we help clients translate telecom chaos into streamlined efficiency by helping clients manage through what we call the technology life cycle of pain. And we do that by helping clients identify source, procure, and implement solutions from the various carriers and providers as a value added representative. Today with us, we have Cato Networks. We have Sean McCarthy, our head of strategic engineering at Cato Networks, and also Mark Peay, the channel director for the west region that we work with, with our clients in regards to Cato solutions.

Marko Spremo:
And really how this came to fruition was in many implementations we’ve had over the last year, we’ve been working with a number of clients and we just see a lot of confusion as to what is SASE, what are the components of SASE? And Cato was kind enough to work with us in many clients that we’ve been working with and had a lot of success. Cato offered to join us in this webinar to educate our clients and participants about what are the issues that we are being faced. A little bit about Cato. Cato is a six-year-old billion-dollar valuation organization. Over the last four years, they’ve had 200% year over year growth in this arena. So obviously they’re doing something very right in the marketplace.

Marko Spremo:
And so today I’m going to hand it over to Sean McCarthy and Mark Peay to talk about the challenges that they’re seeing. And as I had mentioned, if there are any questions that you do have going on, we’d like to have this as much of an interactive session as we go through this. So Mark, Sean, the ball is yours. Thank you again for offering to do this. We really appreciate it and look forward to the dialogue and conversation.

Sean McCarthy:
Great. Thanks so much, Marko. And thanks everyone for joining. My name is Sean McCarthy with Cato Networks, and we’ll talk about some SASE today. A little intro to it, some background, and then hopefully some questions and hopefully it’s informative for you all. So let’s get going. So some background to SASE and why SASE came into being. As most of you are probably familiar, things have been exploding with complexity and point solutions. So you start with Legacy Network at the bottom of the screen here where you might’ve had a branch and a DC headquarters, people came into the office to work. So you connect your branch to your DC. People come to the office, they work, they’re happy, everything is fine. You put a firewall at the edge. You’re very secure. As things changed, you began to get global. You have branches all over the place.

Sean McCarthy:
You have mobile users now. Everyone works all the time now, there is no concept of coming to work and then go home. And then the cloud, right? Everything is in the cloud, servers, resources, applications, files, you’ve got to connect and secure and manage all of these resources items now. Everyone has to get to where they need to go. And so you end up putting in all these point solutions to fill the gaps. And that has snowballed into what you see on the screen here with all these items. So what does that do then? That drove this demand to combine and converge these technologies. And this is already happening today. You’re seeing it all around. It’s been happening on both sides of the coin.

Sean McCarthy:
So on network, as a service, you’re having SD-WAN, you have telco carriers, and CDN, WAN Op. All these technologies are converging as a network, as a service. Same thing on the security side, you have the network firewall, you have the web proxy, you have CASB, secure web gateway. All of these are being bundled into cloud security offerings and network security as a service. These two pillars are now converging into what is SASE. So SASE is this architecture that contains a lot of things you’re already familiar with. It’s a new way of delivering them in a cohesive converged manner. We’ll talk about more about that in a minute here.

Sean McCarthy:
One thing I want to mention is, Cato is in a lot of areas that are converging into SASE. So SASE is a new, very large category. It contains a lot of smaller categories you’ve already been familiar with such as SD-WAN, firewall as a service, zero trust, we talked about CASB and IPS. All those things are part of SASE. Some of them have their own categories today. And you’ll notice that Cato is mentioned in the four main categories of SASE individually, which is impressive and important to note that we do all of the pillars ourselves. So a little SASE one-on-one, now you’re hearing the word, you have some background on why SASE is here, what exactly is it, and how are they defining it today.

Sean McCarthy:
So there are four main requirements for SASE. Requirement one, is that it’s converged. Okay. That’s the main point of SASE. We’re trying to simplify and converge a lot of point solutions into a platform or a single solution. So converging this into a single-pass architecture versus multi-pass is one of the first steps. Okay. And by multi-pass, what we mean is various points in time or various solutions that traffic pass through the process policies. Okay, during this, it might be encrypted decrypted several times. It might delay in latency. If you have to go through your firewall and then an IPS standalone appliance, and then your web proxy, it’s going to add latency and impact performance as you go through each individual processing layer.

Sean McCarthy:
Now compare that with a SASE ideal architecture, it’s a single pass. And what we mean by that is, the single engine contains all of those sub-engine, so it will process the firewall rule, the web filtering rule, any IPS policies, any other policies that are going to be processed are processed at the same time in one pass through the same exact stack. And that will converge a bunch of that immediate latency and complexity off the bat. So converting it to single pass is one main part of SASE. It also converges the policies. Okay, so previously you have to manage policies and all these devices, you might have a firewall policy, you’ll have a secure web gateway policy. You’ll have an IPS policy, maybe an IPS team that’ll manage your updates, your signatures, your hashes, and any overrides for that complex solution.

Sean McCarthy:
When you compare that to a SASE solution, you’re looking to converge the policies too. So rather than having to go here for policy A, here for policy B, you have your policies in one location. A good example of that might be firewalls in general, where previously you might have 20, 30, 100 firewalls in the field and you need to manage, let’s say, okay, I want to change policy at site A, you’ve got to manage site A’s firewall and site A’s firewall policies. Versus a SASE product or platform, you’ll be managing just that policy. And within that policy, you may change site A’s rule, but you’re not going to have to go to site A’s policy. And that’s the big difference here. You’re doing a lot of the same things, but in a more concise converged manner. So number one is convergence, very important there.

Sean McCarthy:
Number two, cloud native, it’s got to be cloud native. For various reasons, you can’t scale to the SASE scale with appliances, hardware for one, CPU throughput, manageability, deployment, all of it will bottleneck you at some point in time. When you move this to the cloud and you become cloud native, it makes you a lot more agile. It makes you a lot more fault tolerant. So you provide this cloud that is resilient, but it’s always available. You simply have to connect to this SASE cloud service and then we actually deploy all of those features in the cloud for you. So think of it in some ways, like AWS and Azure did for compute and virtualization, SASE will be doing for network and security. You have to obtain a slice of it, right? By licensed capacity, by into the solution, and then you connect to it, but it will run in a cloud and not depend on a local appliance or a stack of local appliances to do the work for you.

Sean McCarthy:
And this is where things are going. You’ll see these quotes throughout here from Gartner, it’s that category, I didn’t make it up. We didn’t make it up. They did. And so what you’re seeing is that these are all coming about the soft problems that they found with their customers in the field. So number three requirement, it’s got to be global. And part of this, you could certainly do yourself. So like we mentioned earlier, SASE is not necessarily introducing new feature functionality, but it’s introducing a whole new way of doing this, which is as a service, much simpler and much more converged. So the global piece of this you’ve probably been doing, right? What you do is you make regional hubs at data centers. You put appliances there, you connect your regional branches to their regional hub. They go through there for policies, for access for resources and then you procure expensive tier one middle mile between your regional hubs.

Sean McCarthy:
This is not a foreign concept. Anyone managing enterprise networks has probably done this. But why go through all that pain and trouble and expense when this already is built for you, right? One of the main tenets of a SASE service is that it will be global from day one. There will be an existing global network for you and your company to connect to. You won’t have to build your own regional hubs or incur the cost of a data center or hardware, that will exist for you. You’ll need to connect your resources, all your branches, headquarters, cloud, whatever they might be, you’ll connect into this existing global service and global network and not worry about having to get into all the weed and details yourself.

Sean McCarthy:
So this is another quote, right? That it can’t be just built on a public cloud. It’s got to be their own, they have to control it. So one tenet of a global SASE provider is it’s their global SASE right? It’s not going to be them writing on a partner’s global backbone. It should be the SASE providers backbone and their network, or they’ve lost the control, right? Having the control is what makes Cato a valid and viable SASE partner. Lastly, the fourth requirement, and this is big because it really talks to the first requirement and convergence is any edge. All right, if you can’t connect any resource to this SASE network, it’s not going to account for the company’s business things. So you’ve got to connect branches, headquarters, data centers, mobile users, cloud applications, cloud infrastructure.

Sean McCarthy:
It’s all got to be able to connect to the single SASE provider or solution you choose, otherwise, you’re still going to end up duct taping things together at the end of the day. So SASE in general, Cato obviously, but SASE in general should support any edge. You shouldn’t have to go and procure a separate solution just for say your mobile workforce, your road warriors, or your work from home folks, or a separate virtual firewall for your cloud infrastructure. If you can’t plug in Azure to your SASE platform, it’s probably not SASE platform. Okay. So here is the thing, it’s the same overall design, right? But it’s simplifying the way you’re deploying this design. And it really has given you this holistic network. So those are the four really pillars of SASE. The four requirements that Gartner has put out there to be SASE.

Sean McCarthy:
Okay. So what isn’t SASE? What are some examples of not SASE? So for one, chaining point solutions together. And this is very popular among resellers, among certain telcos, and it’s not invalid as an overall design. It’s just not SASE. Okay? You might have to have a firewall and a secure web gateway. You might have to maintain your old IPS appliance at least today. But doing that, while it might provide you the policies you need at the end of the day, it’s not going to be SASE. It’s going to require you to manage several solutions in one versus having just one solution. So that’s not converged. What else is not SASE? On premises boxes. We talked about appliances. So there’s all kinds of bottlenecks there, whether it’s processing of actual packets or maintenance and your team’s time that’s put into deploying and maintaining boxes, either way, SASE is not built around on-prem boxes.

Sean McCarthy:
Yes, it is true. There will likely be an on-prem portion to anything, you’ve got to get connected. But there shouldn’t be major feature delivery on a box, that is not SASE, it’s not cloud, and obviously a box isn’t global boxes, a point location. And lastly, it’s not a telco bundle. I tell folks all the time, you could see the same PowerPoint Cato gives with different colors from almost any telco out there, right? SASE, the story, it is the same. Wanting to do all these things in one network is a universal want right now. But bundling vendor A, B, and C together into a SASE offering is not the same as offering a SASE solution. Duct tape and bubblegum, right? At the end of the day, you’re looking to go to many different spots for support, for planning, for consulting versus having someone is holistic and one single vendor, one single solution.

Sean McCarthy:
So watch out for all of these not SASE things. They’re out there. They’re pretty close, but they are not SASE. So now we’ve gone over high-level SASE, we’ve gone over some of the SASE background. I’ll talk a bit about what Cato does that makes SASE simple and why we are the first real SASE vendor out there. And then we’ll go over some questions and I’ll give you back to your days. So what Cato really does is we follow the SASE tenets really strictly. Part of that is because we were here before SASE was, so some of that is tailored to what Cato was doing. But in general, we have the global network, we take this backbone and we connect your resources to this global backbone. So wherever you are in the world, we’ll connect any of your edges, right? Headquarters, data center, cloud, work from home, SaaS applications, Azure, AWS, all of it, any edge connects to our SASE cloud.

Sean McCarthy:
Then we can secure it with that single converge policy inside the SASE cloud. And you can run it from one pane of glass. So you connect everything to the SASE cloud, you secure it with single policy, and then you run that single policy from one pane of glass anywhere in the world. And that is the archetypal SASE, sometimes words are hard. And then we’re taking all these things I mentioned earlier, all these features you’re used to, right? These are not new features to you. We’re converging them into this as a service platform. So your firewall is still there. Your SD-WAN is still there, your secure web getaway is all still there. It’s just delivered in this new format of SASE.

Marko Spremo:
And Sean and Mark, just a quick question on there. Obviously one of the bullet points we have in here is, we’re talking to as SASE versus SD-WAN. And obviously we talked about SD-WAN being a component. What we see a lot of, is we see a lot of confusion of how SD-WAN providers, SASE provider, what does that entail? And from your perspective, what do you see as the confusion in the marketplace when clients come to Cato and say, well, I want to talk about SD-WAN and SASE. How do you address that? And the differences between those particular items because obviously in this slide here, we’re saying that is a component, right? SD-WAN providers that will provide SASE components, SASE that will provide SD-WAN, can you address that a little bit?

Sean McCarthy:
Sure, absolutely. It’s a great question, Marko. So SD-WAN and SASE are inseparable for one. SD-WAN is a core component of SASE. We’ve been saying it for a while at Cato, has been my personal opinion for a while. Also, the SD-WAN isn’t so much deserving of a standalone product, but it is a collection of features or it is a way of designing your network, which means it abstracts links from connectivity. So the whole idea is that you want to connect and you have to connect from your office edge to where you’re going, right? In the case of SASE, that is from your office edge to the SASE cloud. So to get that connectivity as solid as possible, well, what do you use? You use SD-WAN. Okay? So we use SD-WAN appliances at the edge as our connectivity method to get you onto the SASE platform. And that is where SD-WAN and SASE the relationship is going to be there. They’re going to be the access portion of any good SASE platform.

Marko Spremo:
And we have a question regarding this particular slide talking about… And the question is, I like converged with SASE roadmap requires an ability for customers to pick up and choose their journey onto full SASE. Should we assume Cato is an all or nothing solution when it comes to SASE?

Sean McCarthy:
Another good question. It’s not. So there is a benefit to eventually move into a single vendor because that is what SASE is all about is that convergence, but it is not a day one, all or nothing. No one is moving 500 sites off of their current solution to Cato in a weekend migration. A lot of folks come to us and they’ll say, “Hey, listen, right now I have a need for global SD-WAN.” Right? I have brand new shiny Palo Altos. They’re great. My guys love them, but I’ve got to get connectivity sorted out. We can help with that and be the Palo Altos gateway. We have the reverse, we have folks, “Hey, I’ve got brand new, shiny versa boxes, and they’re fine. I love them, but I need a cloud firewall.” So we can be their cloud security provider. The key is that we then enable them to make that longer-term migration at whatever pace they want to or need to.

Sean McCarthy:
It can’t always be done that way. I don’t want to paint the picture of rainbows and puppy dogs. Sometimes there are networks that are more complex, but that’s the point of our IT team. They’ll work with you to make sure that we can design in a smooth transition in almost every case we can. So excellent question. Unless there’s more, I just wanted to leave you guys with just a thought. So as you’re seeing, other solutions out there that are SASE just remember when someone offers you a sandwich, make sure it’s already pre-made, okay? If they offer you SASE, ask them what their SASE is made of.

Sean McCarthy:
If they’re going to make it from vendor A firewall, vendor B SD-WAN, vendor C’s backbone, you’re not getting a true SASE. You’re getting the amalgamation or approximation of SASE. So just be diligent. There’s a lot of invitations out there right now around SASE. Quote from one of our marquee customers, obviously global really interested in converging and simplifying their network. They were able to deploy extremely fast around a thousand locations with Cato. So just one example of many, many happy customers who made the move to SASE and don’t regret it at all.

Marko Spremo:
Perfect.

Sean McCarthy:
I’d love to take any more questions we have. So let’s see what if you are, Marko?

Marko Spremo:
So one of the items that we have just in talking, we touched on it a bit in our items, number one is how do you integrate the mobile workforce as we’re making that transition, right? A lot of people in the pandemic, a big thing to move to SD-WAN and the portion, right? A lot of people moved it to the home. There was a mobile remote workforce. Now, as we’re open up, people are moving back, everybody’s shifted to the cloud. How do you see from a Cato perspective that is going to be addressed because obviously in office connectivity, we’re seeing more requirements for more bandwidth, but it’s going to be a while, if at all, before everybody goes back to the full office environment. How do you see that being addressed with the mobile workforce and what do you see some of the challenges that clients are currently facing and going to be facing?

Sean McCarthy:
So that’s a key reason why your policies can’t live in a place, can’t be location bound, why you’ve got to put them in the cloud and they’ve got to follow you wherever you are. Right? So no matter where you’re working from, obviously last year was a big problem of having to send everyone home and deal with work from home. And now we’re on the fence of, okay, are they coming back, are they not, are we hybrid? Are we three-day, workweek? Are we every other day? You can’t know they’re going to be in a chair or in a location to apply policy X or policy Y. You’ve got to have a corporate policy set and connectivity that will exist wherever they needed to exist. So with any solid SASE platform, your policy should be in the cloud.

Sean McCarthy:
So it should mean that you connect to the SASE provider, whether you’re at the office behind the SD-WAN clients, or whether you’re at home using the VPN client, you’re going to connect to that SASE provider, hopefully Cato, right? And then you’re going to be going through the core policy. So if you have Facebook blocked, you have optimization of your UCAS access, that will apply whether you’re in your seat or whether you’re at home, or whether you’re in the airport, right? So all these things should follow the users no matter where they exist. That way the admins and the business can free up to do whatever they want to do, right? If you need to be in the office, great, you need to be at home, great. No problem. It’s all accounted for.

Marko Spremo:
Excellent. Thank you. And then one of the items around in talking, Mark and Sean. Mark, you see this from your partner community, when looking at a SASE vendor, what are some of the things that clients typically miss in items that they’re not providing for that migration and what are some of the things that individuals on this webinar really need to understand that they need to have as a key component in making that migration from their current environment to a future SASE environment, are there items and pitfalls that you think there’s three to five that right off the top of your head, these are the things that we see all the time, from the community of clients that you’re speaking with?

Sean McCarthy:
So I know you asked Mark that, but I’m going to answer it somewhat technical. If you don’t mind Mark, sorry. The number one thing by far is going to be control of the routing at the location, right? So it’s a bit technical, but any kind of migration, if we have control over the routing, it’s almost always easy, right? The real challenge that we get are someone has, let’s say I’ve got a dozen of sites and today I’m using managed MPLS. And all I have in every site is a managed ISP router that I can’t control. That’s a bit of a challenge, right? Because you really can’t move anything without consulting somebody else then. So in general, one of the first thing is to get a handle around your local routing at your location, make sure you can make changes to it and control it.

Sean McCarthy:
If you have that controlling information handy, we can make a plan. Secondly, is going to be getting everyone together, right? So we’re converging things that usually also means teams, right? What used to be a firewall team versus the SD-WAN team, versus the work from home mobile user team. Now they’re all working in the same location on the same product, on the same policy set. So we’ve got to get them all on the same page. So I’d say those are the top two, right? Get your local equipment sorted out where things are happening, who’s routing what, and then the local team being on the same page so we can converge this successfully.

Marko Spremo:
There’s two questions here from the audience. Tying into that, how long does a transition take and how long should someone be looking at in doing discovery in requirement vetting before that transition happens. And I asked that off the question to be honest, but one of the things that we see is there’s a lot of… Typically in the migrations, you get a lot of project rescues because the prep in advance isn’t always done and it’s, oh, we can do this in X amount of time, but people miss the discovery phase of that. Would you say that, that is a fair assessment from what you see? And secondly, how long would you tie into that? How long would you say that someone needs to make that transition from their current environment to a SASE solution?

Sean McCarthy:
It could be a big range, right? So I’ve seen folks deploy a dozen sites less than a week. And I mean, I’ve got folks deploying 500 sites over the course of eight months, but it’s a planned out migration involving new ISPs, right? New switch refreshes. This is often as part of a larger project. So it might be other things that are our bottleneck. It’s almost never the SASE provider, or at least in our case, almost never us. That’s the bottleneck. You can stand up a site with a SASE with Cato in under 10 minutes. A lot of the policy prep… A lot of the migration happens before you deploy a single site, right? A lot of the migration is migrating your policies over, which can all be done before you’re live on Cato or even partly live on Cato.

Sean McCarthy:
At that point in time, you’re just bringing up every site once you’re ready to do it. We start almost all migrations with a single data center or your most important data centers to get them online and then bring up your branches as it go. It can make for a real smooth transition. It can go at your pace. If you have all the connectivity in place, as far as ISP goes, you have the team in place to stack boxes. I mean, you can install a dozen times a night, no problem. Or it can take you nine, 10 months if waiting on ISPs. But more of the story is the SASE and Cato part of it is going to be as quick as you want it to be.

Marko Spremo:
And a couple more questions here. If someone does offer a multi vendor solution, are there any gotchas and do you have any real world nightmare stories of going to a multi-vendor versus a single source?

Sean McCarthy:
Sure. I mean, one of the main things to ask is how can I manage it? Right? What access do I have as a customer to manage all of my policies? And do I get to manage everything? Is it being managed through a third-party portal where you put together to obscure what’s behind it. Are there limitations on that? Those are kind of the main ones. The manageability and customer power are often removed in a bundle because to bundle it, they’ve got to make their own front end a lot of times. A SASE option like for instance, Cato, you have full control of the policies. If you want to log in and do your own thing, it’s like your own firewall. It is really equivalent to an AWS Azure, right? We maintain the platform. Cato always exists, but you can log in and start from scratch.

Sean McCarthy:
You have nothing. You can make any policy you want, any route you want, any site you want can be configured by you the customer. Doesn’t go through any third party layers or API layers to get there. It’s all native configuration. So I’d look for that. I would ask them what they use. If they won’t share with you who their backbone is, they won’t share with you what their SD-WAN technology is or firewall is, they make me nervous, right? Cato, it’s all Cato, right? I’ll tell you who our backend providers are. I’ll talk to you about how we wrote our own firewall code, how we develop the SD-WAN code from scratch. They shouldn’t be shy or at all embarrassed about talking about those things. If they are, run, don’t walk, other direction.

Marko Spremo:
Thank you. And then another question that we have here from the… two more questions from the audience here, how about the cost? What does a SASE solution cost compared to a traditional solution versus a single source or compare SASE solution, how does that compare from what you’re seeing in the marketplace?

Sean McCarthy:
So there’s almost always savings. It will depend, right? So there’s a lot more savings if you can converge more. So the timing is right, and you’re looking through maybe replace a legacy MPLS and your firewalls are aging, it’s going to be huge cost savings there, right? If you’re looking to replace your VPN concentrators and you want integrate cloud, there will be savings there. If you just need one thing, it might end up being apples to apples. But the benefit there is going to be probably felt in management or in other ease of use items. In general, it’s fancy as a cost saver.

Marko Spremo:
And then around that, where do you see that cost savings? And this goes back to the question earlier that I had, as we’re moving back to the environments, we’re seeing organizations requiring to increase their bandwidth speed. Are you seeing that just in a global, are you seeing that from the combination of technologies that you’re able to reduce the cost from that perspective? Where do you see that compression of the cost?

Sean McCarthy:
Well there’s a good kind of micro example in what you just talked about. So work from home, right? Sending everyone home last year was a cost event for a lot of companies. So when this happened, everyone had to go home. That was not an option, right? So you had two choices as an admin at a company. You either send everyone home, give them VPN client. And they back all through corporate. So they’re like in the office. So they get all the corporate security policies, they get the corporate NAT for any cloud items you have secured via NAT. Everything is like they’re at the office, but they’re going to put a severe strain on your office bandwidth, right? Every person’s 100 meg Comcast download is 100 Meg upload at your office, plus a hundred Meg download of their session originally.

Sean McCarthy:
So you’re getting bi-directional traffic at the office for any single direction from the homeworker. So that was bad option A. Okay, bad option B, will send everyone home and say, “Well, we can’t afford option A, our firewalls can’t handle it. The bandwidth can’t handle it. So we’re going to split tunnel your traffic and wish you good luck on the internet and hope you’re pretty much secure.” Those were both really bad options. One is pretty expensive, right? If you want to upgrade your VPN, upgrade your concentrator, upgrade your firewall and your bandwidth. The other one’s expensive in the business cost of getting someone compromised on the network, getting a piece of malware at the company.

Sean McCarthy:
So what SASE will do is remove that, right? So when Cato customers went home last year, everyone went home and their policy followed them. They didn’t back haul through corporate. They just went through their home internet, went through their same policy as the office, we’re connected to everything they need to be connected to for office files or SaaS applications, and everyone was happy. So I think that there’s a real good micro example, just right there in cost savings of no bandwidth upgrades, no firewall upgrades, no VPN upgrades. Everyone just worked as usual. That’s Cato in a nutshell.

Marko Spremo:
Okay. Last question here. And I think this is a very important question here, is what is the level of effort to replace existing systems?

Sean McCarthy:
Good question. It could be, and this could be anyone on a scale. I’m sorry, whoever asked the question and not give a great answer to this, but let’s say you have an enterprise network, you have a layer three switch that does all your routing. You have a firewall at the edge that does a default route. You have two ISPs and you have enough switchboards, easy. I can talk you through kind of a zero interruption, migration path where we can do all of the effort out of band. And the effort itself is pretty minimal. My other example of a fully managed router where you have no control, or maybe you have no ISP, that becomes a real project. I mean, some of these things are real when migrations, and I apologize to anyone who has been sold the bill of goods before on SD-WANS magic pill. Take SD-WAN and your problems have gone away.

Sean McCarthy:
Maybe, yeah, maybe. But you need to really consider what the project will look like and what else it might entail. It could be easy. It really could be, but it could be a project and you want to know ahead of time and you can know ahead of time what it will be, so sorry for the non-answer. But if you really have a desire to look at it, we can tell you the level of effort we can help you figure that out at a time.

Marko Spremo:
Excellent. And Mark from your perspective, last item, I think we’ll close out. I know you have a unique perspective in working the channel and working with organizations like us here at Telapprise who have as a value added representative of the various vendors and carriers like yourselves, what do you see from a SASE environment that you see partners like us are coming to you with the challenge that they’re seeing in the environment of clients saying, my clients are asking this for the audience that we have here. Is there anything specific that you would add to that, that we didn’t talk about today?

Mark Peay:
Certainly. And actually it points to one of the key question, one of the key pitfalls. Honestly though, a lot of customers and partners alike go through which highlights they need for Telapprise. And that is this notion of as an enterprise IT team, don’t consider these challenges in silos and find a solution about one problem by itself. Try and work with, and still at Telapprise work with a trusted advisor to zoom out at some of these key challenges. If you’re having performance issues with some of your users and they’re complaining to the help desk, but you also have some challenges making sure that that security at the work-from-home levels is always enabled, is always on. You’re also considering a migration of folks to get back to the branch. And you’re considering things like SD-WAN look at those things more holistically because… And then this feeds in the cost compression equation, convergence natively creates opportunities for cost compression.

Mark Peay:
And it’s really a matter of working with the trusted advisor of Telapprise and looking at opportunities to look at competing design. So if you’re working with a vendor that has a SASE-ish looking solution, let’s look at where you would potentially use that from a use case perspective and try that vendor for that use case and try Cato, too. And to solve that use case better with Telapprise helping to manage that process. So that you’re not looking at one solution, one at a time and winding up with a hodgepodge of things over time. You’re looking at solving for these use cases and creating a multiplicative outcome and cost compression as a result. So I would say that, that’s one of the biggest pitfalls and the reason a lot of customers have wound up with this pantheon of solutions for networking security over time, because everyone does this one little thing really well.

Mark Peay:
And Marko, we saw it before. 15 years ago, or so you would have a Nortel PBX that needed a call recording solution to go with it and a call accounting package, and a voicemail solution and trunking, and all those things are sold separately. Now it’s normal to get all those things through the unified communications as a service vendor that just has everything altogether because those products have been converged into features. That same opportunity now exists in the networking security world. And that’s what SASE represents, is the conversion of those what used to be separately purchased products, converted into features delivered in an ecosystem via a platform like Cato. So it’s a real opportunity, but honestly more than ever, clients need a trusted advisor like Telapprise to help them guide through, find the immediate pain and use cases, the things to solve for also helping to zoom out and look at more of a strategic roadmap we’ll see how SASE can solve for those different challenges over time.

Marko Spremo:
Thank you. I think if there’s anything I would sum it up as it hasn’t gotten easier in doing this as long as I’ve done this, it has actually got more confusing and we see more what I would call project rescues that are being addressed because we started out at the part of the conversation, which is around identifying what the applications and the requirements are and including the various stakeholders. We’ve answered all the questions. Thank you the audience for attending. Thank you for the question and dialogue, Sean and Mark and Cato, thank you for helping us go through what the pitfalls are with SASE. I hope everybody’s found this very valuable. I found this valuable and really appreciate the time and effort in doing this.

Marko Spremo:
So thank you so much and thank you to all those attendees. If there were any questions you can reach out to our team here at Telapprise at the info@telapprise.com. If there’s any further questions or comments, as well as in Cato, you can reach out to Mark Peay at mark.peay@catonetworks.com. Again, thank you everybody. Have a fantastic rest of the day and appreciate all your time. Thank you.

Mark Peay:
Thank you.

Sean McCarthy:
Thank you.

Marko Spremo:
Thank you, gentlemen. Take care.