Secure Access Service Edge Hype:
The Looming Deluge
by Paula Musich, Research Director - Security and Risk Management, Enterprise Management Associates
The convergence of networking and security, intended to better meet the performance and security needs of the digitally transformed enterprise, is still a fairly young market opportunity, marked by at most a couple dozen SASE providers. Make no mistake, though: a growing number of marketers on either side of the networking/security divide are preparing to jump on the bandwagon, whether their organization’s technology is ready or not to meet the requirements driving interest in SASE.
Although SASE has not yet reached the apex of the hype cycle, marketing of SASE services is on a steep growth ramp. IT networking and security professionals tasked with investigating SASE services to better adapt their IT infrastructure to the new reality of work-from-home and the largescale migration of workloads to the cloud will have to educate themselves on what SASE can and should deliver.
Although the term secure access service edge was only coined about 18 months ago, awareness of it is already fairly high. In two separate EMA research projects in late 2020 aimed primarily at either networking or security professionals, at least 75% and 78% of respondents in the studies expressed familiarity with the term. Beyond that, quite a few of the respondent organizations were already engaged with SASE at varying levels. For example, 28% of respondents in the networking survey said their organizations were in the midst of evaluating SASE or engaging in proof of concept activity around it. However, only 8% of security practitioners indicated their organizations were conducting a POC. This suggests that networking teams are leading the charge to adopt SASE services. At the other end of the engagement spectrum, 13% of networking respondents said their organizations had fully implemented a SASE solution, while only 6% of security practitioners indicated full SASE deployment.
For those at the beginning of the journey to adopt SASE, here are a few questions to keep in mind as you research SASE offerings.
What exactly constitutes a SASE service?
SASE services, delivered primarily from the cloud, can potentially include a long laundry list of integrated networking and security functions. EMA believes that at minimum, a SASE service should include SD-WAN, secure web gateway, cloud access security broker, zero trust network access, firewall as a service, the ability to identify malware and sensitive data, and the networking functions necessary to support line rate performance at the edge and from the cloud. Still, at the end of the day, any networking and security functions that were deemed necessary in the old days of users working from the office on the enterprise network or on the road should be supported in this new paradigm.
What capabilities does a prospective SASE services supplier support today versus what is on their roadmap?
Given how new the market is, many SASE providers are relatively early in the process of building out their SASE functionality. Quite a few involve acquisitions of SD-WAN or other pure-plan networking providers that only took place last year, and integration of those into a more complete suite of capabilities takes time. For example, Fortinet only acquired SD-WAN provider OPAQ Networks in July of 2020 and just recently delivered its first iteration of its SASE service.
How many points of presence does the SASE service have, and where are they located?
As SASE providers scale out their cloud-delivered services, the number and location of their points of presence can have an outsized impact on the performance that end users will experience.
Can our team build our own SASE service by selecting best-of-breed providers for the functions we need and integrating those together?
That is called service chaining, and it may be possible if your organization has the right skillset, budget, and requirements that preclude getting it all from one SASE specialist. You have to ask yourself, what would we gain by being our own systems integrators? What would we gain in having to manage multiple provider relationships and contracts? There is the option of working with SASE providers who work with multiple partners to deliver a more integrated, multi-vendor SASE offering. However, these still require navigating different pricing models and establishing and managing multiple service contracts.
What organizational constructs will we need to put in place to ensure smooth collaboration between networking and security teams responsible for managing the converged networking and security services?
Security and networking teams in the past had different objectives, used different tools with different interfaces, and fought to protect or expand their own budgets. Networking teams strove to ensure good performance and uptime, while security teams worked hard to ensure the protection of their organization’s digital assets. Executive management will need to create new, more cohesive objectives and incentives to ensure these groups come together in a productive way.
Get more insights when you attend the April 20 research webinar, Availability and Buying Options in the Emerging SASE Market.