shyshka - Fotolia
Less than a year after it received an official name from Gartner, Secure Access Service Edge has started to disrupt the networking and security markets. As incumbent vendors make strategic moves to build SASE offerings, the nascent technology has the potential to upend traditional networking and security.
What is SASE?
Enterprise networks handle more external traffic than ever before, as traffic travels to and from cloud and SaaS environments, IoT devices, mobile users and remote workers, according to John Burke, CIO and principal analyst at Nemertes Research. Each endpoint needs connectivity into the network, and enterprises must secure those connections and any resulting traffic. But routing traffic back to the data center to undergo security inspection impedes efficiency and UX.
With SASE, enterprises can distribute networking and security services -- such as URL filtering, DNS, software-defined WAN (SD-WAN) and secure web gateway -- directly to any endpoint, regardless of where it connects to the network, according to Gartner's report, "The Future of Network Security Is in the Cloud."
SASE policies are based on user and device identity so they can deliver the proper services to each endpoint based on real-time context. According to Gartner's definition, SASE best operates as a cloud-based offering from a single vendor. But both Burke and Steve Garson, president of SD-WAN Experts, said they don't believe customer options are limited to Gartner's definition.
"There are SASE solutions that aren't cloud-native that are still perfectly fine," Garson said. For example, a customer could run its security stack in an SD-WAN customer premises equipment device at the edge, which would be centrally managed. If the company ran workloads in the cloud, the access would connect through the SD-WAN device into the cloud instances.
SASE vendor approaches
As SASE technology gains recognition and marketing hype, incumbent vendors are promoting their strong points to claim a stake in the SASE market. This vendor rush has spawned a variety of approaches, such as single-vendor SASE and multivendor SASE. With the latter, customers stitch together networking and security functions from different vendors.
Cato Networks and Open Systems offer single-vendor platforms that distinguish them as top SASE contenders, Garson said. While these vendors can "deliver a platform that works without having to cobble together pieces," he said only a handful of vendors can accomplish this approach. Burke agreed, saying he doubted single-vendor SASE would be widely attainable, which will push vendors to better accommodate multivendor approaches within their frameworks.
"Other vendors will emerge into the space and probably come in with more flexibility as a differentiator," Burke said, citing Palo Alto Networks as an example.
Palo Alto completed its acquisition of SD-WAN vendor CloudGenix in April, with the expectation to build a SASE platform by integrating SD-WAN into its Prisma security portfolio. But customers can choose to integrate other SD-WAN vendors with Palo Alto's security stack, Burke said, which enables a more open approach. Once Palo Alto completes its CloudGenix integration, both Garson and Burke said it would be a strong contender.
Cisco, meanwhile, announced in mid-June a software update to its Viptela SD-WAN devices, which integrates security capabilities from its Cisco Umbrella portfolio into the same offering. But Cisco's integration plans don't always go smoothly, Garson said.
"[Customers] have seen how Cisco acquires companies with a plan to integrate the platform, and it doesn't always go so well," Garson said. Even if companies have legacy Cisco environments, most are willing to evaluate other vendors, he added.
While multivendor SASE might provide more flexibility, it could potentially complicate the manageability issues that SASE tries to fix -- a point Dave Greenfield, technology evangelist at Cato Networks, emphasized.
Steve GarsonPresident, SD-WAN Experts
"There's a difference between integration and convergence," Greenfield said. "When I integrate appliances together -- in the best of all worlds -- I have it service-chained, it works brilliantly and my installation goes easily. But that's it. I'm still left managing discrete devices."
With converged, single-vendor SASE, customers don't have to deal with separate devices, which also entails separate analytics and vendor contracts. According to Garson, this manageability is a driving factor for many enterprises evaluating SASE.
"They go into the evaluation process thinking they're going to do that [multivendor approach]. Then, once they learn more, they realize it doesn't make sense," Garson said. "Nobody likes managing a half-dozen different contracts with security vendors."
Garson has also seen increased interest in managed and comanaged SASE, which enables customers to work with a managed service provider, while retaining the ability to make changes on their own when needed. The managed option is also often cheaper, he added.
SASE adoption and benefits
While Garson and Burke don't expect the SASE market to develop fully for a couple years, they've already seen burgeoning interest from enterprises, especially with the sudden reliance on remote access due to the COVID-19 pandemic.
"Everyone we're talking to wants to implement it ASAP," Garson said. "They're not talking about next year or the year after; they're talking about today."
Burke has already seen SASE's momentum increase and expects the pandemic to ramp up the underlying factors that drive adoption, such as the desire for a unified policy environment and the ability to provide secure access -- without relying on VPNs.
IT leaders have clearly prioritized remote access the past few months, ensuring they have full connectivity for their employees who work from home. For Cato Networks, the pandemic acted as a launchpad for the remote and mobile access capabilities integrated into its SASE platform.
"A lot of our customers had to purchase Cato for remote access," Greenfield said. "COVID-19 strikes, and boom, now, they can instantly turn mobile or remote access on."
In addition to SASE's options for remote access and its advancements in manageability for networking and security services, SASE also improves efficiencies, reduces latency and cuts costs. These benefits have stimulated enterprise interest, leading Gartner to forecast that at least 40% of enterprises will have SASE adoption strategies in place by 2024. Garson expected most enterprises will adopt SASE within the next five years.
"It's the wave of the future," Garson said.