Is there more than one way to SASE? Cloud separates two strategies, schools of thought

Avatar for Ray WatsonBy Ray Watson|Oct 1, 2020|7:30 am CDT

As the hottest new trend in networking SASE is gaining a lot of attention. But as an emerging market, there are many points of confusion. In this series of SASE Straight Talk articles we answer the burning questions about the solutions converging network and security functions into one cloud service. Today, we look at the different ways companies are approaching SASE, exploring the question: Is there more than one strategy with SASE?

The cloud is starting to become a dividing line between two schools of thought, showing us that the answer to the question is yes. Here’s the heart of the matter splitting IT leaders into two camps:

Do you take a cloud-only approach to SASE, or is there still a need for on-premise hardware?

Industry analysts, like Zeus Kerravala from ZK Research, are tracking the different ways teams are tactically going about SASE, helping IT leaders understand how to align the model with their strategies and infrastructure. His Network World article first introduced SASE as two approaches, each with its own take on the cloud. (If you’re familiar with cloud-only and cloud-first strategies, this will feel very similar.)

  • Cloud-native SASE: Those who take this approach follow Gartner’s definition strictly, mandating a cloud-only strategy with SASE. The only on-premises infrastructure in the SASE solution is the SD-WAN lightweight hardware device–everything else is cloud-deployed. Hence the cloud-native name.
  • Cloud-managed SASE: Those in this group take SASE as a general guideline, letting their business needs ultimately dictate whether to select on-premise or cloud functions. IT professionals in this camp tout the benefit of cloud-managed appliances as outweighing any limitations associated with the cloud-native approach.
  • Others argue that the dichotomy outlined above is too rigid; they claim that a hybrid approach is the best direction for the future.

So, where does Gartner come down on this? In their August 2020 “Forecast Analysis: Gartner’s Initial SASE Forecast” report, Gartner recognizes that use cases still require parts of the service to be delivered locally. The report doesn’t condone those taking the more lenient hybrid or cloud-managed approach; however, it states that “stronger” SASE offerings will have “a larger percentage of services hosted from the cloud edge.”

Regardless of how vague the advice is or just how blurry the line between the two strategies may be, understanding your appetite for the cloud is still relevant, because it can help guide investors in finding the right SASE solution. Not all providers and solutions will allow clients the hybrid flexibility, providing the ability to mix and match on-premise and cloud features and functions–much less let you transition between the two as your needs change. Those who are taking a cloud-first approach today–but plan to take a cloud-only approach in the future–will want to select carefully.

Business use cases shed light on the right SASE strategy for your business

Real world examples help highlight the difference between the two SASE strategies and when to use each approach. Cloud-native approaches work well for companies with “greenfield” projects and operations, where all workers are remote or the project is starting from scratch. But for “brownfield” businesses with brick-and-mortar locations or legacy systems, SASE cloud-managed flexibility can have significant advantages. Here at Masergy, we see clients prioritize application performance, using a combination of cloud-based and premise-based solutions.

Firewalls are also the hallmark example spurring the native-vs-managed debate. That’s because on-premise firewalls are still preferred in some cases. With cloud FWaaS, security inspection is performed in the cloud, which can create a drag on performance at large sites. Whereas with on-premise appliances, security monitoring is performed on a local level, which enhances the performance for large sites with a significant amount of network traffic. In these cases, on-premise firewalls offer superior performance and have a lower cost of ownership due to the fees associated with cloud FWaaS. Thus, large manufacturers and healthcare providers with hundreds or thousands of employees under a single roof may benefit from a cloud-managed approach to SASE.

As even Gartner admits, SASE is a journey–not a destination. Undoubtedly strategies and even the definition of SASE itself will evolve with time.

Read more articles in the SASE Straight Talk series

Engage in the SASE conversation online. Don’t forget to follow us on Twitter!

Interested in how SD-WAN can improve your business?

Call us now to arrange a consultation (855) 238-1463.
Or arrange for a consultation through our request form.