Making Sense of SGN and SASE

SGN and SASE Deep Dive

One of the most important foundational concepts for any company undergoing an IT transformation is understanding what SGN (Secured Global Network) and SASE (Secure Access Service Edge) truly mean. It’s not just about knowing the acronyms; it’s about comprehending their significance in practical, understandable terms.

These concepts underpin many of the critical decisions businesses make about their infrastructure. Connectivity has evolved dramatically over the years, and while this progress is exciting, it can also feel overwhelming. SASE, in particular, is a buzzword in the industry, but it’s often used loosely, as there is no rigid framework or standard documentation dictating how SASE must be implemented. This makes it even more important to clarify its meaning and relevance.

What is SASE?

SASE represents a convergence of networking and security services, delivered through the cloud. It’s a framework that allows organizations to securely connect users, devices, and systems, regardless of their location, using a unified approach. However, the way SASE is implemented can vary widely, depending on the needs and specific infrastructure of the business.

The Evolution of Connectivity: MPLS

To understand SASE fully, it’s useful to compare it to traditional models like MPLS (Multiprotocol Label Switching). MPLS networks have been a cornerstone for enterprise connectivity, allowing organizations to connect multiple branches and locations via a managed service provided by their ISP.

Benefits of MPLS:

ISP-managed infrastructure: Enterprises don’t need in-house expertise to manage it, as the service provider handles everything.
Service level agreements (SLAs): These guarantees ensure a certain level of reliability and performance for the network.

Limitations of MPLS:

Cost: MPLS is expensive, especially when extending it to multiple locations.
Provider limitations: Every location must be served by the same provider, which can restrict flexibility.
Security concerns: Traditional MPLS networks are unencrypted, meaning data traveling between locations could be intercepted if compromised.
No built-in security: MPLS doesn’t offer firewalling or advanced security measures. Enterprises must rely on their own on-premises firewalls or the limited security options offered by the ISP. Traffic, including SSL-encrypted data, often passes through without inspection.

SD-WAN Overview

Next up is SD-WAN (Software-Defined Wide Area Network), which has become the popular solution for many organizations and is now widely offered by ISPs as a managed option. Firewall vendors have also developed their own SD-WAN solutions to meet the growing demand for more flexible connectivity solutions.

Benefits of SD-WAN:

Flexibility with ISPs: SD-WAN removes the need to rely on a single ISP. You can use multiple internet service providers across different locations, reducing dependency on any one provider.
Encryption: Traffic between sites is encrypted since it runs over the standard internet, unlike traditional MPLS, which was not encrypted by default.

Limitations of SD-WAN:

No SLAs: With SD-WAN, your connection relies on a standard business internet circuit, meaning there are no Service Level Agreements (SLAs) guaranteeing the performance or uptime like there would be with MPLS.
Bandwidth constraints: Encryption adds overhead to the traffic, reducing the amount of usable bandwidth. As the network encrypts and routes the data, it consumes additional bandwidth, which can affect the overall performance.
Complex setup and management: SD-WAN requires physical hardware on-site, and managing this hardware—along with updates, licenses, and security configurations—can be a significant burden. Without proper setup and management, SD-WAN can open up vulnerabilities, such as giving unrestricted access between locations.
Poor network segmentation can expose your entire network if one location is compromised. ISPs have adapted by providing physical appliances on-site that manage these virtual connections, but this shifts the burden of hardware management and updates to the customer or a managed service provider.

Both MPLS and SD-WAN are used to connect physical locations. However, remote users who are not at a corporate site still need to use a VPN (Virtual Private Network) to access company resources such as files, applications, and infrastructure.

The VPN Challenge

While VPNs are commonly used for remote access, they come with their own set of issues, especially in terms of user experience and security.

How VPNs Work:

A VPN creates a secure tunnel between the remote user’s device and the corporate network. When a remote user attempts to access a website or company resource, the request is routed through this VPN tunnel. The traffic must first reach the corporate firewall or router, and then be sent out to the internet through that same tunnel. This process significantly reduces available bandwidth and introduces latency, often resulting in a poor user experience.

For example, a remote worker on the West Coast connecting to a company server on the East Coast has all their internet traffic routed through the corporate network, then back out to the internet, and then returned, causing considerable delays. This can be especially problematic for workers who need fast, real-time access to files or applications.

VPN Alternatives and Limitations:

One solution to improve performance is using split tunneling, where only internal corporate traffic is routed through the VPN, while internet traffic is routed directly from the remote device. However, this exposes security vulnerabilities, as the remote device’s internet traffic bypasses the corporate firewall and security infrastructure. If the user accesses malicious websites or downloads harmful files, their local security setup may not be sufficient to protect the device or the corporate network.

Additionally, VPNs are reliant on specific technologies (e.g., SSL or LTP), and if a network blocks or restricts these technologies, users may experience issues establishing a VPN connection. This often leads to a high volume of support requests and frustration for both users and IT teams.

Modern Connectivity: SASE and SGN

SASE (Secure Access Service Edge) is the next step in modern connectivity, combining the strengths of both MPLS and SD-WAN while addressing their limitations. It offers a flexible, cloud-based solution for managing networks and securing traffic, no matter where users are located or which devices they use. At DataTel, we use a specific SASE implementation called SGN (Secured Global Network), which enhances these capabilities with a software agent installed on endpoints.

The Benefits of SASE and SGN:

Hybrid advantages: SASE combines the benefits of MPLS (centralized management and strong performance) with the flexibility of SD-WAN (using any ISP and allowing on-premise traffic management).
Remote user experience: One of SASE’s main advantages is that it supports remote users seamlessly. A small piece of software installed on each device ensures automatic connection to the nearest data center, with over 30 globally, providing low-latency and high-speed access.
Global backbone: SGN’s infrastructure includes a 100-gigabit fiber backbone between data centers, ensuring fast, secure routing of traffic between locations.
Cloud-managed security: Firewall settings and security policies are managed centrally in the cloud, meaning no physical hardware is required on-site. Whether you’re securing a headquarters, satellite office, or remote user, every device gets the same level of protection.

Key Features:

Global connectivity: Devices are automatically connected to the closest data center, minimizing latency and ensuring high-speed access for remote users.
Consistent security: Every device, regardless of location or connection type, receives the same level of security, managed centrally through the cloud.
SSL decryption: Unlike older models that only scanned insecure traffic, SGN’s SASE solution includes SSL decryption, scanning all internet traffic to protect against malicious sites or threats.

The Downsides and Pushbacks

While SASE and SGN offer numerous advantages, there are a few common concerns from customers:

No CapEx Option: Many organizations are used to buying physical hardware, like SD-WAN appliances, which they can own and manage. SASE is entirely cloud-based, meaning there’s no physical equipment to purchase or own, which can be a significant shift for businesses that prefer CapEx models.
Reliability and Uptime: Since SASE relies on both the internet service provider and the SASE solution provider for uptime, there is a dependency that some companies might find uncomfortable. However, this is a common challenge with MPLS as well, where businesses also rely heavily on their ISPs for performance.

Zero Trust and SASE

Another key element baked into the SGN SASE solution is the Zero Trust security model, which is gaining momentum in the cybersecurity space. Zero Trust assumes that no one and no device should be trusted by default—both the user and the device must be verified before access is granted.

How Zero Trust Works in SASE:

User and device verification: Every time a user attempts to access the network, the system verifies their identity and the device they’re using before granting any permissions.
Granular access control: Firewall rules can limit access to resources based on user roles. For instance, a field manager doesn’t need access to accounting systems, and with Zero Trust, they won’t see or interact with those resources.
No exposure of local networks: Even if a threat actor manages to gain physical access to your network, they won’t be able to see anything without proper credentials. This drastically reduces the risk of a security breach.

Governments are starting to push for Zero Trust implementation, and it’s expected that private organizations will follow suit in the near future.

Why No CapEx in Modern Connectivity?

In a traditional CapEx (capital expenditure) model, businesses purchase hardware, like SD-WAN appliances or firewalls, as a one-time expense. These assets are then owned, depreciated over time, and can be written off. Organizations have control over these assets, which appeals to many, especially larger or more established businesses with strict financial structures. However, the shift to cloud-based solutions, like SGN’s SASE, moves this expenditure to OpEx (operational expense), where services are leased or paid for on an ongoing basis, like a subscription.

Why Do Some Businesses Prefer CapEx?

Tax Benefits and Write-Offs: With CapEx, businesses can write off the purchase of equipment and depreciate it over several years, which some financial departments see as a significant benefit. This allows businesses to manage their financials in a way that reflects long-term investments and gains.
Ownership and Control: Some organizations prefer owning physical hardware, giving them perceived control over their infrastructure. They like the certainty of owning assets outright rather than renting or subscribing to services, which they may view as less predictable.
Budgeting for Larger Organizations: In larger organizations, CapEx is often part of long-term financial planning. These organizations may have cash set aside specifically for capital investments, and converting that budget to OpEx might require significant internal policy changes or board approval.

The Modern OpEx Shift:

The industry trend, especially in IT, is moving towards OpEx-based models. Everything-as-a-Service (XaaS)—software, infrastructure, security—is becoming the norm. This is because:

Flexibility and Scalability: Cloud-based models allow businesses to scale services up or down as needed. With CapEx, you’re locked into the hardware you’ve purchased, which could become obsolete or insufficient as needs evolve.
Lower Initial Costs: With OpEx, businesses avoid large upfront costs. Instead, they spread expenses out over time, which can help in managing cash flow and adapting to changing operational needs.
Future-Proofing: As hardware ages, businesses need to replace it to stay current with technology. In a cloud-based model, the service provider takes care of updates and improvements, ensuring that businesses always have access to the latest tech without the burden of managing the lifecycle of physical assets.

Challenges to Transitioning to Cloud-Based Infrastructure:

For older organizations or those with rigid financial structures, this shift can be difficult to navigate. Convincing boards of directors or higher-ups to adopt an OpEx model often means changing how financial benefits are perceived and communicated. The longer lifecycle of CapEx assets and the tax advantages they offer can make it hard to justify a shift to a model where there’s a recurring operational expense, even if the long-term value is greater.

However, modern IT infrastructures, like SASE, eliminate many costs associated with hardware maintenance, upgrades, and security, providing a streamlined, scalable solution. The challenge is mostly cultural and financial, especially when long-standing financial models or leaders are involved.

Addressing the Challenge as an MSP:

As MSPs and IT providers, it’s crucial to recognize that this mindset shift is real and may present roadblocks during sales conversations. While cloud and OpEx models represent the future of connectivity, it’s essential to explain this transition in terms of long-term value and flexibility. It might help to position the switch as part of the company’s digital transformation journey, focusing on how it reduces long-term costs, improves security, and frees up IT teams from managing hardware.

By offering financial models that emphasize cost efficiency over time, the elimination of CapEx expenses tied to replacing obsolete equipment, and better operational control, you can help navigate these organizations through the transition to modern cloud infrastructure.

Why Unified Security Architecture is Critical:

Endpoint-Centric Security: With Zero Trust baked into this model, the assumption is that every network is already compromised. This shifts the security focus to endpoints—devices, servers, and users—and ensures that even if the local network is breached, the endpoints remain secure. This removes the need for extensive on-premise hardware and replaces it with endpoint security tools that are managed remotely.
Minimal On-Prem Infrastructure: One major advantage is that you don’t need to invest heavily in on-site infrastructure. For small businesses, a basic router and firewall for basic defense is enough. For larger organizations, a firewall to block inbound traffic is necessary, but the focus is not on protecting local networks—it’s on securing individual devices and ensuring safe traffic at all times, whether users are on-premise or remote.
Flexibility and Scalability: Since it’s cloud-based, the solution scales easily from one user to thousands. This means small businesses with a handful of employees benefit from the same protection that a large enterprise would. This makes it accessible to organizations of any size without overwhelming them with hardware or complex setups.

Compliance Benefits:

Compliance is a key concern for enterprises, particularly those dealing with sensitive data.

Comprehensive Security Stack: With SGN SASE, you’re not just getting connectivity but also a wide range of security solutions.
SIEM and Threat Detection: Security Information and Event Management systems analyze all events and logs across endpoints, connectivity, and cloud services. This ensures you’re not missing any potential threat vectors.
EDR and AV: Endpoint Detection and Response (EDR) and Next-Gen Antivirus (AV) offer real-time protection, actively looking for and blocking threats.
Managed Extended Detection and Response (MXDR): A 24/7 Security Operations Center (SOC) that continuously monitors the environment, offering round-the-clock security.
Zero Trust and Segmentation: By segmenting your network and operating under Zero Trust principles, you ensure that users only have access to the specific data and resources they need. This drastically reduces the potential for a breach, as even if someone gets access, they cannot move laterally within your systems.
Centralized Compliance: Because all of these components are managed from a central platform, it simplifies compliance. Whether your business needs to meet HIPAA, SOC 2, or other stringent regulations, you can easily show auditors that your security protocols cover all bases, from endpoint security to data integrity.
Data Visibility: By unifying everything under one platform, you get complete visibility across your network, endpoints, and cloud services. This reduces the likelihood of a breach slipping through unnoticed. In traditional models, where these components are siloed, analyzing threats in real-time is more difficult. With SGN SASE, you’re able to create proactive detection rules, linking suspicious activities from different sources to respond quickly.

Why It’s Important for Smaller Businesses:

While this sounds ideal for enterprises, smaller businesses benefit just as much because:

Simplified Management: Small businesses typically don’t have dedicated IT or security teams. This solution can be fully managed by an MSP, reducing the burden of IT management. For larger clients with dedicated IT or security teams, the solution allows flexible control, where they can manage it in-house if desired.
Cost-Efficient: Smaller companies often struggle with the costs of implementing sophisticated security systems. Since this is a modular and scalable solution, they only pay for what they need, allowing them to have enterprise-level security without the high upfront investment in hardware.
Future-Proof: This cloud-first architecture aligns with the ongoing digital transformation of businesses, where more operations move to the cloud. As more employees work remotely, ensuring secure access from anywhere becomes critical.

Unifying Security: Why This Matters:

Traditional security models are fragmented. One system might handle endpoint protection, while another manages network security. This separation often means that data from different systems doesn’t interact well, leading to potential blind spots in threat detection.

With SGN SASE, however:

All traffic, endpoints, and cloud services are viewed holistically. If suspicious activity is detected in one area (like a user clicking a malicious link), the system can track that activity across multiple environments (e.g., cloud services, endpoint devices).
Instead of using SIEM retrospectively (to investigate past breaches), the system proactively scans for threats across all components, linking the activities in real-time.

This consolidation offers a more responsive, efficient security setup, where organizations can detect and respond to threats much faster than traditional setups.

Summary

For large enterprises, this system offers complete visibility, proactive security measures, and simplicity in management. For smaller businesses, it scales efficiently, providing them with robust protection without the complexity of managing multiple vendors and solutions. As more businesses shift to a cloud-based operational model, this approach becomes essential for staying secure and compliant.

For a mid-sized business owner with 200-400 employees and 10-12 locations, the transition to a more modern, cloud-based security solution like SGN SASE is surprisingly straightforward. Here’s how to think about it in more business-focused terms.

Current Setup:

You’re probably using firewalls and endpoint detection to protect your network and systems, and likely operate in a break-fix model—fixing problems as they arise. This may work for now, but you’re constantly reacting to issues, spending time and resources on managing hardware and keeping up with the evolving security landscape.

What You’re Missing:

Scalability and Efficiency: As you grow, this break-fix model becomes inefficient. Your IT team (or provider) is spending a lot of time managing hardware at each location, which is time-consuming and costly.
Security Gaps: Traditional firewalls are designed to block traffic at the perimeter, but today’s security threats are more complex. Hackers are targeting your users directly, and having only firewalls or endpoint detection leaves gaps where new, evolving threats can slip through.
Lack of Centralized Visibility: Managing separate systems—firewalls, endpoint detection, and maybe cloud security—means you don’t have a unified view of what’s going on across your locations and employees. If something happens at one location, your IT team needs to jump between systems to figure out what went wrong.

Why Shift to a Unified Cloud-Based Solution?

This is where a modern, integrated solution like SGN SASE comes in. It combines all the tools you need—endpoint security, firewalls, zero-trust network access (ZTNA), cloud security, and 24/7 threat monitoring—into one cloud-based platform.

Here’s what that looks like in practical terms for a business like yours:

Simple, Fast Deployment: Instead of replacing hardware at each site, this solution is software-based. For example, once you sign up, your IT provider can:

Install the security agents on each endpoint (laptops, desktops, etc.) remotely.

Set up secure connections to any central resources (like your data centers or key applications) in a few clicks.

The process is mostly invisible to your users; it’s quick and doesn’t disrupt daily operations.

Ongoing Protection: Because this is a cloud solution, it’s always up to date. New security threats are being tackled in real time, and the system automatically updates its detection rules. No more worrying about whether your firewall rules are out of date or whether a location is exposed to a new type of cyberattack.

Unified Management: You or your IT provider get a single dashboard where you can see what’s happening across all your locations and employees. If there’s a suspicious login attempt or someone clicks on a bad link, you’ll know immediately—across all locations. This visibility means you can respond faster and more effectively.

Scalability: As your business expands, you don’t need to worry about adding more hardware at each new location. Whether you add one or ten locations, the process is as simple as installing the software at the new site, and they’re connected to the central security system.

What It Looks Like Before and After:

Before: You’re manually managing multiple systems at each location—each site may have its own firewall, switches, or other hardware. If your business acquires a new location, your IT team needs to physically go there, install new equipment, and connect it to your network. This process is time-consuming, costly, and can leave your business exposed during the transition.
After: With a solution like SGN, when you acquire a new location or expand, you simply install the software agents on the endpoints at the new site, and they instantly have access to the corporate network—with zero need for complex hardware installations. Your security is unified, and new sites are integrated without the long deployment timelines.

Timeline and Ease of Transition:

The transition is quick, typically starting with the installation of endpoint agents (software) across your devices. This can be done remotely, which means you don’t have to shut down locations or send in IT teams. The average transition for a mid-sized business can take just a few weeks depending on the number of locations and users.

The Big Picture:

Ultimately, shifting to this model:

Reduces IT management complexity.
Improves security—you’re always protected, with real-time monitoring and threat detection.
Makes scaling easier—as your business grows, you don’t have to worry about setting up more hardware.
Lowers long-term costs—no more investing heavily in on-premise firewalls and IT infrastructure.

For businesses with 200-400 employees and multiple locations, the benefit is clear: you’re securing your business, improving efficiency, and reducing operational headaches, all while setting yourself up for easier growth in the future.

Why Hardware Firewalls Are Being Phased Out:

On a broader scale, companies that produce hardware firewalls are already recognizing that the landscape is shifting. Physical firewalls:

Require constant updates because threats evolve daily.
Don’t scale well as businesses move to cloud-first or remote work models.
Are being supplemented by subscription-based security services to stay relevant.

The market is moving towards software-defined security solutions because they provide more agility, especially in today’s fast-moving threat environment.

In conclusion, transitioning to a unified solution like SGN is about future-proofing your business, simplifying your IT infrastructure, and staying ahead of evolving security risks.

When talking to a business owner or board-level executive about why they should care about moving from a traditional hardware-centric IT model to a more modern, cloud-based security solution like SGN SASE, the conversation needs to focus on three main areas: risk, cost, and efficiency.

Risk Mitigation: Protecting Your Reputation and Data

As a business owner, your data is your most valuable asset. In today’s world, it’s not about if you’re going to be breached, but when. The speed at which you detect and respond to a threat determines how much damage you can prevent. The reality is that legacy hardware firewalls and traditional security methods are slow to adapt to modern cyber threats. Cloud-based security like SGN works by:

Detecting threats in real-time and isolating them immediately before they can spread.
Protecting endpoints across all devices and locations without needing new hardware at every site.
Reducing the attack surface by eliminating the need for exposed IPs or publicly accessible firewalls that are vulnerable to cyberattacks.

In simple terms: you avoid costly breaches that could result in lost revenue, legal costs, and damage to your reputation. Keeping your company off the headlines for a data breach is a huge win.

Operational Cost Savings and Flexibility

The big shift from traditional IT infrastructure is the move from capital expenses (CapEx)—purchasing and maintaining hardware and software—to operational expenses (OpEx), where you pay for what you use on a monthly basis.

With SGN, you’re only paying for the number of endpoints that need protection, on a subscription basis.
This is far less expensive than buying, maintaining, and updating physical firewalls or other legacy systems.
Additionally, because it’s software-based, there’s less maintenance and fewer IT resources required to keep it running, further reducing operational costs.

In the long term, your team can focus on growing the business, rather than troubleshooting outdated infrastructure. This makes the company more agile and future-proof, able to scale up or down easily without additional hardware investments.

Efficiency and Empowerment

Modern cloud-based security solutions don’t just protect your company—they also make life easier for your IT staff and your end users.

Your IT team can spend less time on managing hardware, applying patches, or troubleshooting network vulnerabilities.
Your employees can work securely from anywhere—whether they’re in an office, at home, or traveling—without compromising speed or security.
The solution provides centralized control and visibility, giving your IT team the ability to monitor and respond to threats across all locations, from a single dashboard.

The result? Higher productivity, reduced downtime, and peace of mind knowing your systems are secure, without compromising user experience or slowing down your business operations.

The Bottom Line

From a financial perspective, this shift means moving away from heavy upfront investments in hardware to a predictable monthly expense. Yes, larger organizations may resist OpEx models, but when you compare the cost of managing and maintaining old infrastructure to the lower, scalable costs of cloud-based security, the long-term savings become clear. You’re also avoiding the high potential costs of a data breach, which can cripple a business financially and operationally.

In short, adopting this modern approach means you’re protecting your business from the inevitable breach, reducing costs, and empowering your employees to be more productive—all while making your IT environment simpler and more scalable.

If you would like to learn more about connectivity and how it relates to the security of your business schedule a meeting with our experts.

Ben Tiggelaar and Ernest Murray hosted a Live Session on this topic. You can check it out here.