How do you tease out the differences in SASE solutions? Tech stacks set providers apart

Published on October 6th, 2020

In 2020, a new acronym is dominating the SD-WAN industry–SASE (Secure Access Service Edge). Now, every SD-WAN provider is hitting the market with their SASE solution. So, how do early adopters understand the differences between them? In Masergy’s SASE Straight Talk articles, we’re working to shed light on this emerging market, helping IT professionals navigate critical decisions as they plan for a move toward SASE.

SASE differences: Core capabilities offer a good starting place

As the clearest definition of SASE, early adopters should first look at the five core capability areas that allow for the best apples-to-apples comparison between solutions. Analyst Andrew Lerner describes SASE as “a new package of technologies including SD-WAN, Secure Web Gateway, Cloud Access Security Broker, Zero Trust Network Access, and Firewall as a Service as core abilities.”

That’s a defined place to begin, but even within this definition solutions vary widely.

Every provider delivers differently on those five elements with different technologies and approaches. So, one size does not fit all. The five core capabilities serve as a framework or even a buyer’s checklist, but this doesn’t mean every provider will check each box once or even twice, for example. When it comes to security, professionals will be quick to say that checking each box once isn’t always an adequate security strategy. Defense in depth requires a more exhaustive approach, and each provider will do SASE differently.

40% of enterprises will have strategies to adopt SASE by 2024

Understanding where your own IT gaps align with the list of core capabilities can help prioritize which SASE capabilities will generate the most strategic value to your business. It’s likely that companies have already made investments in areas overlapping SASE’s core areas. In these cases, it might be helpful to:

  • Talk to current partners: Ask your existing provider if they have SASE on their product roadmaps, as this can reduce the complexity of migration.
  • Find solutions that fit: It may be important to consider SASE solutions that will work with the existing IT environment. Some solutions will ask the client to rip and replace, starting fresh with the provider’s entire suite of services, so that everything works in sync. Therefore, it’s important to understand how SASE technologies are compiled.

SASE differences: Tech stack compilation

As providers compile many tools into one SASE toolbox, they typically take two different approaches. They either have a box of tools that are all their own homegrown brand or a box of tools that include mixed brands from other companies. Here’s what to consider in comparing them.

Homegrown tech stack

These solution tech stacks are built using the provider’s own homegrown technologies and services. This all-in-one-vendor approach is great for solution simplicity, and for this reason, many theorize that SASE will trigger more mergers and acquisitions. However, there are some potential drawbacks:

  • Clients may need to rip and replace any overlapping capabilities where they may have already made investments.
  • Clients may not always get the best technology available on the market. When the solution relies on one provider’s technology, it’s best to evaluate which of SASE’s five core capabilities best coincide with the provider’s own core competencies. This will help reveal where the provider will deliver the strongest value.
  • Another thing to note is that SASE is still an emerging market. With each of the five SASE components recognized as a standalone industry, providers need time to expand and develop their own homegrown tech stack to address each area. For this reason, some investors prefer a best-of-breed tech stacks.

Best-of-breed tech stack

These solution tech stacks are built by taking best-of-breed technologies from an array of companies and integrating them together into a single cloud service platform. With these solutions, clients can gain the advantages of having all the leading brands in their SASE toolbox. Typically, these providers believe no single vendor today is capable of solving the myriad of cybersecurity risks that fall under SASE’s big umbrella (and they particularly call out startups). All in all, best-of-breed providers differentiate themselves by leaving the security tool development to those who do it best–the industry-leading manufacturers of each technology.

But potential downsides may arise in exactly how all these different tools are integrated. This is when SASE architecture matters most–the uniformity of the underlying platform determines the quality of interoperability and visibility across all tools. Does integration happen at the source code level? Gartner advises buyers to avoid solutions that link a large number of products via virtual machine service chaining. Don’t miss this article, which further unpacks Gartner’s warning label on SASE architecture.

SASE differences: Providers who can master a constellation of capabilities

SASE is all about convergence. And, when companies rely on a single company to deliver an entire constellation of services, it’s more critical than ever to understand the provider’s strengths, weaknesses, and history. After all, they will have to span multiple bridges, mastering each area while still delivering a superior customer experience.

Technology manufacturers and IT services providers will likely yield two very different SASE offerings and different client experiences, because inherently one will be focused on technology and the other on business outcomes. Targeting a provider that is both a tech innovator and a strong managed service partner will be key, particularly for IT teams that have limited experience with SD-WAN and are seeking a fully managed service.

Likewise security companies and network companies will be heavily oriented on one side or the other. At a time when convergence is the name of the game, those with a history of excellence on both sides of the IT domain will know how to create the best synergy between the two worlds of network and security.

All in all, SASE solutions are real, but much like the market they are still rapidly developing. These are just a few ways to make sense of the early solutions hitting the market.

Read more articles in the SASE Straight Talk series:

Our SASE conversation continues online. Follow us on Twitter!

Ray Watson

Ray Watson is VP of Innovation at Masergy. He brings over 17 years of expertise in IT strategy, application solution design and next-generation network architectures. Ray has enabled numerous global enterprises in transforming their IT infrastructures to guarantee business outcomes. Ray is an industry thought leader in IT transformation and is a frequent speaker on topics such as hybrid networking, SDN, NFV, cloud connectivity and advanced security. Prior to joining Masergy, Ray worked at Airband Communications and Broadwing Communications. He holds a B.S. from Purdue University.

Related Content

Can I skip SD-WAN and jump straight to SASE?

Want to switch from SD-WAN to SASE midstream? These RFP questions can help you roll your IT modernization project into a larger investment.

Read more

What are the benefits of SASE?

Why do businesses need SASE and more importantly does it help with work from home? Here’s how SASE solutions deliver real value.

Read more

The future of the network is autonomous: WFH strategies prepare for self-driving networks

While IT leaders are enabling the remote workforce, they are also building an autonomous network. Leverage your investments today for innovation tomorrow.

Read more