Is SASE real or just a concept?

SASE (Secure Access Service Edge) is often introduced as an emerging market, and Gartner has made statements about comprehensive solutions still years away. So, are new solutions just a marketing mirage or a real business investment to be made in 2020? In this series of SASE Straight Talk articles, Masergy answers some of the biggest SASE questions on the minds of IT professionals.

Is SASE real or just a concept? The answer is it’s both. SASE is multidimensional.

• SASE is a forward-leaning vision for network and security convergence
• SASE is a model and a solution framework that is still evolving and maturing.
• SASE is a new solution market with more entrants every day.

When it comes to the validity of solutions, there are opinions on both sides of the argument. Nay-sayers call today’s offerings more marketing fluff than product reality. And that’s no surprise given that Gartner’s 2019 Hype Cycle for Enterprise Networking report forewarns buyers of this “marketecture.” SASE is still in its formative phase. Meanwhile, more and more providers are hitting the streets with their SASE product claims, reassuring clients that their first-to-market offerings are legitimate and deliver real business value.

So, where does this leave early adopters?

Ultimately, of course, the burden is largely on the IT buyer to discern the validity of any particular solution. SASE may still be an emerging and evolving market, but there are tactical ways to tease out the leaders from the laggards. It starts with SASE’s five core capability areas and a warning label from Gartner.

SASE: It’s more about core capability areas than a detailed feature checklist

Buyers are often looking for a detailed feature checklist, but SASE is still “soft” at this time. Gartner describes solutions that unify SD-WAN and security into one cloud-based service from a single provider. Thus, SASE acts as a model or framework for building the next generation of IT services. And yet, Gartner hasn’t prescriptively provided a detailed checklist of every last technology required–they only provide core capability areas:

• SD-WAN
• Secure Web Gateway (SWG)
• Firewall as a Service (FWaaS)
• Cloud Access Security Broker (CASB)
• Zero Trust Network Access (ZTNA)

Beyond these core components, the market lacks defined feature standardization. With these details intentionally loose, there is wide variation in the way solutions deliver on SASE, what technologies providers use, and how they bring all the elements together in one cloud service platform. This brings us to Gartner’s warning label.

Unpacking Gartner’s warning: SASE architecture matters

Gartner’s Hype Cycle report offers IT leaders some breadcrumbs to help IT leaders separate a true solution from the mere facade

“Software architecture and implementation matters. Be wary of vendors that propose to deliver services by linking a large number of features via VM service chaining, especially when the products come from a number of acquisitions or partnerships. This approach may speed time to market but will result in inconsistent services, poor manageability and high latency.”

To unpack this, it helps to think about SASE as a standard platform where a constellation of capabilities are being unified under a single operating system. Architecture and implementation matter because it exposes the uniformity of that one common platform. When everything needs to interoperate, the underlying architecture is what allows for cooperation and collaboration. Otherwise, IT teams could easily be left stymied by multiple dashboards and controllers. This is exactly the problem SASE aims to avoid!

It’s a bit like comparing Frankenstein’s parts and pieces all stitched together to a set of nesting dolls all crafted from the same template. How providers go from delivering point solutions to a fully integrated “as a service” model will expose key differences, distinguishing true SASE solutions. Does integration happen at the source-code level?

Network service providers typically use their own private network to serve as SASE’s common underlying platform. Understanding the uniformity of that network is key and explains why providers with a ubiquitous software-defined network will be quick to advertise that fact. When the core operating system is the same all across the globe and uses modern software-defined principles, it’s easier to get all five core capabilities to interoperate with edge-to-edge visibility in one management portal.

Evidence of a well-architected SASE platform becomes particularly tangible when:

• Network analytics and security analytics come together in one dashboard, providing insights across both IT domains
• Consistent strategies can be used across both the network and security
• Solutions enforce consistent security policies across all SD-WAN devices and deliver security alert metrics all in one place
• Clients can map a pervasive IT security posture across their multi-tenant WAN and LAN infrastructure using a centralized security deployment, meaning solutions can secure users and endpoints across multiple instances of virtual routing and forwarding (VRFs) and LAN segments

Ready for more? Read more articles in the SASE Straight Talk series

• Is SASE real or just a concept?
• Why are there so many different interpretations of SASE?
• Can I skip SD-WAN and jump straight to SASE?
• Is there more than one way to SASE?
• What is SASE? And why it’s the next big thing

Engage in the SASE conversation online. Don’t forget to follow us on Twitter!