SASE since its inception has typically been deployed in a software-as-a-service (SaaS) model, delivering network security services from the cloud. Some organizations, however, have strict security and regulatory compliance needs that require SASE be deployed and managed under the direct control of an organization. That’s where the concept of sovereign SASE comes in.
Sovereign SASE allows enterprises and service providers to deploy a SASE platform within their own on-premises or private cloud environments, rather than relying on a shared cloud-based service. Today, Versa Networks is announcing the general availability of its entry into the growing sovereign SASE market. Back in August 2024, rival vendor Fortinet announced its initial sovereign SASE solution.
Versa’s sovereign SASE deployment is a natural progression from the company’s earlier products. Like most SASE vendors, it started with a shared cloud service, then rolled out a private SASE service, where organizations get their own dedicated private link. Sovereign SASE goes a step further, with Versa’s SASE software running on customer-owned hardware and environments.
“We started to see this trend, and customers asking to deploy SASE in their own air-gapped infrastructure,” Kelly Ahuja, CEO of Versa Networks, told Network World. “We asked why and they said, well, they want increased privacy and control.”
How Versa’s sovereign SASE works
For some types of private SaaS offerings, vendors will simply provide organizations the ability to deploy and run from inside of a VPC (virtual private cloud) and call that a private deployment.
The Versa Networks sovereign SASE approach is more than just enabling deployment in a VPC. Versa’s sovereign SASE runs entirely on customer-controlled infrastructure. The solution is based on the Versa Operating System (VOS), which is a single-stack architecture that integrates networking and security functions.
Versa’s sovereign SASE offering is designed to be highly customizable, allowing customers to choose their own compute resources, whether on-premises or in a private cloud. The company provides the software and recommends the hardware, but the customer maintains full control over the deployment.
The system supports both containerized and virtual machine deployments, which lets organizations choose their preferred infrastructure model. All components, including advanced security features like sandboxing and malware detonation that traditionally required cloud services, can run within the customer’s environment.
Sovereign SASE enables expanded integration capabilities
Versa’s sovereign deployment maintains feature parity with its cloud-based SASE offering while providing additional control over security feeds and policies. Organizations can integrate their own threat intelligence and customize security policies while maintaining complete data sovereignty.
“We have our own security threat research team that provides feeds,” Ahuja said. “We can also incorporate customers’ own feeds. If it’s a service provider, they have a big threat security research team, they might be doing their own.”
The support model for Sovereign SASE differs significantly from cloud-based services. Enterprises typically work with system integrators to build internal support capabilities, while service providers develop their own L1 and L2 support teams.
Versa provides L3 support without requiring direct access to customer environments or data. For day-to-day operations, organizations can leverage Versa’s AI-powered tools, including “Verbo,” the company’s copilot system for troubleshooting and management. The system includes anomaly detection and correlation engines that analyze logs and tickets to automate problem resolution
Looking ahead: Expanding sovereign SASE and universal SASE
Looking forward, Versa’s roadmap includes continued innovation in its sovereign SASE offerings, as well as the expansion of its universal SASE offerings.
“Our motion is really for helping customers build their own self-protecting network,” Ahuja said. “That’s going to be driven by a function of this platform, which is the convergence of network and security into a single stack, and the second part is radical simplification from an automation standpoint.”
Source:: Network World