Is there more than one way to SASE? Cloud separates two strategies, schools of thought

Posted on October 1, 2020

As the hottest new trend in networking SASE is gaining a lot of attention. But as an emerging market, there are many points of confusion. In this series of SASE Straight Talk articles we answer the burning questions about the solutions converging network and security functions into one cloud service. Today, we look at the different ways companies are approaching SASE, exploring the question: Is there more than one strategy with SASE?

The cloud is starting to become a dividing line between two schools of thought, showing us that the answer to the question is yes. Here’s the heart of the matter splitting IT leaders into two camps:

Do you take a cloud-only approach to SASE, or is there still a need for on-premise hardware?

Industry analysts, like Zeus Kerravala from ZK Research, are tracking the different ways teams are tactically going about SASE, helping IT leaders understand how to align the model with their strategies and infrastructure. His Network World article first introduced SASE as two approaches, each with its own take on the cloud. (If you’re familiar with cloud-only and cloud-first strategies, this will feel very similar.)

  • Cloud-native SASE: Those who take this approach follow Gartner’s definition strictly, mandating a cloud-only strategy with SASE. The only on-premises infrastructure in the SASE solution is the SD-WAN lightweight hardware device–everything else is cloud-deployed. Hence the cloud-native name.
  • Cloud-managed SASE: Those in this group take SASE as a general guideline, letting their business needs ultimately dictate whether to select on-premise or cloud functions. IT professionals in this camp tout the benefit of cloud-managed appliances as outweighing any limitations associated with the cloud-native approach.
  • Others argue that the dichotomy outlined above is too rigid; they claim that a hybrid approach is the best direction for the future.

So, where does Gartner come down on this? In their August 2020 “Forecast Analysis: Gartner’s Initial SASE Forecast” report, Gartner recognizes that use cases still require parts of the service to be delivered locally. The report doesn’t condone those taking the more lenient hybrid or cloud-managed approach; however, it states that “stronger” SASE offerings will have “a larger percentage of services hosted from the cloud edge.”

Regardless of how vague the advice is or just how blurry the line between the two strategies may be, understanding your appetite for the cloud is still relevant, because it can help guide investors in finding the right SASE solution. Not all providers and solutions will allow clients the hybrid flexibility, providing the ability to mix and match on-premise and cloud features and functions–much less let you transition between the two as your needs change. Those who are taking a cloud-first approach today–but plan to take a cloud-only approach in the future–will want to select carefully.

Business use cases shed light on the right SASE strategy for your business

Real world examples help highlight the difference between the two SASE strategies and when to use each approach. Cloud-native approaches work well for companies with “greenfield” projects and operations, where all workers are remote or the project is starting from scratch. But for “brownfield” businesses with brick-and-mortar locations or legacy systems, SASE cloud-managed flexibility can have significant advantages. Here at Masergy, we see clients prioritize application performance, using a combination of cloud-based and premise-based solutions.

Firewalls are also the hallmark example spurring the native-vs-managed debate. That’s because on-premise firewalls are still preferred in some cases. With cloud FWaaS, security inspection is performed in the cloud, which can create a drag on performance at large sites. Whereas with on-premise appliances, security monitoring is performed on a local level, which enhances the performance for large sites with a significant amount of network traffic. In these cases, on-premise firewalls offer superior performance and have a lower cost of ownership due to the fees associated with cloud FWaaS. Thus, large manufacturers and healthcare providers with hundreds or thousands of employees under a single roof may benefit from a cloud-managed approach to SASE.

As even Gartner admits, SASE is a journey–not a destination. Undoubtedly strategies and even the definition of SASE itself will evolve with time.

Read more articles in the SASE Straight Talk series

Engage in the SASE conversation online. Don’t forget to follow us on Twitter!

Ray Watson

Ray Watson is VP of Innovation at Masergy. He brings over 17 years of expertise in IT strategy, application solution design and next-generation network architectures. Ray has enabled numerous global enterprises in transforming their IT infrastructures to guarantee business outcomes. Ray is an industry thought leader in IT transformation and is a frequent speaker on topics such as hybrid networking, SDN, NFV, cloud connectivity and advanced security. Prior to joining Masergy, Ray worked at Airband Communications and Broadwing Communications. He holds a B.S. from Purdue University.

Related Content

Cisco Webex + Masergy SD-WAN: The collaboration combo businesses need in 2021

Keep things simple with integrated services. Masergy UCaaS with Cisco Webex offers SD-WAN service for a perfectly complete collaboration solution.

Read more

CRN Names Masergy to its 2021 MSP 500 List

Masergy recognized by CRN as innovative and forward-thinking managed service provider.

Read more

Secure Web Gateway: How it serves the hybrid workforce and SASE too

SWG melds into broader offerings today, better serving the needs of the anywhere business. As markets converge, here’s what buyers should consider.

Read more