Is there more than one way to SASE? Cloud separates two strategies, schools of thought

Posted on October 1st, 2020

As the hottest new trend in networking SASE is gaining a lot of attention. But as an emerging market, there are many points of confusion. In this series of SASE Straight Talk articles we answer the burning questions about the solutions converging network and security functions into one cloud service. Today, we look at the different ways companies are approaching SASE, exploring the question: Is there more than one strategy with SASE?

The cloud is starting to become a dividing line between two schools of thought, showing us that the answer to the question is yes. Here’s the heart of the matter splitting IT leaders into two camps:

Do you take a cloud-only approach to SASE, or is there still a need for on-premise hardware?

Industry analysts, like Zeus Kerravala from ZK Research, are tracking the different ways teams are tactically going about SASE, helping IT leaders understand how to align the model with their strategies and infrastructure. His Network World article first introduced SASE as two approaches, each with its own take on the cloud. (If you’re familiar with cloud-only and cloud-first strategies, this will feel very similar.)

  • Cloud-native SASE: Those who take this approach follow Gartner’s definition strictly, mandating a cloud-only strategy with SASE. The only on-premises infrastructure in the SASE solution is the SD-WAN lightweight hardware device–everything else is cloud-deployed. Hence the cloud-native name.
  • Cloud-managed SASE: Those in this group take SASE as a general guideline, letting their business needs ultimately dictate whether to select on-premise or cloud functions. IT professionals in this camp tout the benefit of cloud-managed appliances as outweighing any limitations associated with the cloud-native approach.
  • Others argue that the dichotomy outlined above is too rigid; they claim that a hybrid approach is the best direction for the future.

So, where does Gartner come down on this? In their August 2020 “Forecast Analysis: Gartner’s Initial SASE Forecast” report, Gartner recognizes that use cases still require parts of the service to be delivered locally. The report doesn’t condone those taking the more lenient hybrid or cloud-managed approach; however, it states that “stronger” SASE offerings will have “a larger percentage of services hosted from the cloud edge.”

Regardless of how vague the advice is or just how blurry the line between the two strategies may be, understanding your appetite for the cloud is still relevant, because it can help guide investors in finding the right SASE solution. Not all providers and solutions will allow clients the hybrid flexibility, providing the ability to mix and match on-premise and cloud features and functions–much less let you transition between the two as your needs change. Those who are taking a cloud-first approach today–but plan to take a cloud-only approach in the future–will want to select carefully.

Business use cases shed light on the right SASE strategy for your business

Real world examples help highlight the difference between the two SASE strategies and when to use each approach. Cloud-native approaches work well for companies with “greenfield” projects and operations, where all workers are remote or the project is starting from scratch. But for “brownfield” businesses with brick-and-mortar locations or legacy systems, SASE cloud-managed flexibility can have significant advantages. Here at Masergy, we see clients prioritize application performance, using a combination of cloud-based and premise-based solutions.

Firewalls are also the hallmark example spurring the native-vs-managed debate. That’s because on-premise firewalls are still preferred in some cases. With cloud FWaaS, security inspection is performed in the cloud, which can create a drag on performance at large sites. Whereas with on-premise appliances, security monitoring is performed on a local level, which enhances the performance for large sites with a significant amount of network traffic. In these cases, on-premise firewalls offer superior performance and have a lower cost of ownership due to the fees associated with cloud FWaaS. Thus, large manufacturers and healthcare providers with hundreds or thousands of employees under a single roof may benefit from a cloud-managed approach to SASE.

As even Gartner admits, SASE is a journey–not a destination. Undoubtedly strategies and even the definition of SASE itself will evolve with time.

Read more articles in the SASE Straight Talk series

Engage in the SASE conversation online. Don’t forget to follow us on Twitter!

Ray Watson

Ray Watson is VP of Innovation at Masergy. He brings over 17 years of expertise in IT strategy, application solution design and next-generation network architectures. Ray has enabled numerous global enterprises in transforming their IT infrastructures to guarantee business outcomes. Ray is an industry thought leader in IT transformation and is a frequent speaker on topics such as hybrid networking, SDN, NFV, cloud connectivity and advanced security. Prior to joining Masergy, Ray worked at Airband Communications and Broadwing Communications. He holds a B.S. from Purdue University.

Related Content

Can I skip SD-WAN and jump straight to SASE?

Want to switch from SD-WAN to SASE midstream? These RFP questions can help you roll your IT modernization project into a larger investment.

Read more

What are the benefits of SASE?

Why do businesses need SASE and more importantly does it help with work from home? Here’s how SASE solutions deliver real value.

Read more

The future of the network is autonomous: WFH strategies prepare for self-driving networks

While IT leaders are enabling the remote workforce, they are also building an autonomous network. Leverage your investments today for innovation tomorrow.

Read more