Why are there so many different interpretations of SASE?

The many facets of SASE

Published on September 9th, 2020

In late 2019, Gartner gave birth to a new acronym that has since taken the SD-WAN market by storm–SASE (Secure Access Service Edge). Now, every SD-WAN player is suddenly announcing their SASE solution. These rapid transitions make the market ripe for misstatements and misunderstanding, which trigger more critical questions.

Masergy is fielding lots of them, helping IT professionals and consultants get a handle on what SASE is and what it’s not. In this series of SASE Straight Talk articles, we step through the most common questions we’re hearing from business leaders, providing an in-depth explanation for each.

One question, 10 answers

Ask people what SASE is and you’ll likely get 10 different answers. While the newness of SASE is a factor here, various definitions are also the result of just how dynamic and multifaceted SASE is.

Is it a forward-leaning vision for network and security convergence? Yes.

Is it a model or solution framework? Yes, and it’s still evolving and maturing.

Is it a new solution market? Yes, with more entrants coming onboard everyday.

Ultimately, it’s Gartner’s foresight turned into a conceptual framework that is now manifesting into new solution offerings. People talk across these different facets individually without bringing them all together into one view, hence the vast explanations. Security professionals describe it as “a security platform for network services” while network professionals describe it as “a network platform for security services”–so you can see how it’s all in one’s perspective.

What is SASE? Gartner’s definition

For the record, here’s how Gartner defined SASE in their original Hype Cycle for Enterprise Networking report:

“SASE are emerging converged offerings combining WAN capabilities with network security functions (such as secure web gateway, CASB and SDP) to support the needs of digital enterprises. . . These capabilities are delivered as a service based upon the identity of the entity, real time context and security/compliance policies. Identities can be associated with people, devices, IoT or edge computing locations.”

Understanding the multiple facets of SASE

A vision for network and security convergence: SASE is a concept born under the pretenses that the IT environment has dramatically changed, demanding a new way of addressing the needs of the network and security. These changes include WAN workloads shifting to the cloud, networks plagued by cloud performance issues as well as trends like edge computing, remote workforces, and the fact that security and the network need to work in unison.

Gartner recognizes that the data center is no longer the heart of the IT architecture and companies everywhere are trying to tackle an ocean of network and security capabilities individually. But point solutions and a myriad of different vendors is an approach that lacks intelligent integration, increases IT complexity, and requires a forklift effort. When there must be a better way, SASE arguably represents Gartner’s way of challenging the industry to solve the biggest problems in IT. And it’s working. The industry is already shaping itself accordingly.

A solution offering and a framework for building next-generation IT services: Gartner generally describes SASE as solutions that unify SD-WAN and security into one cloud-based service from a single provider. Thus, SASE acts as a model or framework for building the next generation of IT services, and yet, Gartner hasn’t prescriptively provided a detailed checklist of every last technology required. They only provide five core capability areas. That’s because SASE is still an emerging market in the early stages of development. If you’re like me and you just want the most tangible list of what SASE is, here are the core capabilities and the four primary tenets:

  • 5 core capabilities of SASE: Gartner Analyst Andrew Lerner describes SASE as “a new package of technologies including SD-WAN, Secure Web Gateway, Cloud Access Security Broker, Zero Trust Network Access and Firewall as a Service as core abilities.”
  • 4 primary tenets or characteristics of SASE:
      1. Cloud-based service: SASE solutions are delivered as a service, helping enterprises transition from hardware to software, reducing costs with multi-tenancy, and supporting a remote, distributed, and mobile workforce.
      2. Identity-focused: User identities and individual devices (not the data center) are the focus for SASE, so access to identity analytics and user activity tracking capabilities are key.
      3. Globally distributed: SASE offerings cater to companies doing business across multiple regions or countries with a software-defined network for low-latency routing across worldwide points of presence.
      4. Edge flexible: SASE services place emphasis on flexibility and security at the edge, where branch locations, cloud applications, and mobile and IoT devices connect.

Beyond these capabilities, the market lacks defined feature standardization. So, there are wide variations in product offerings. This makes it all the more important to understand what SASE is not.

What SASE is not: Understanding compliance and convergence

It’s not a matter of compliance. People ask, “Is your solution SASE compliant?” But it’s really not a matter of regulatory compliance–no federal laws are associated with SASE. Its loose framework makes it difficult for providers to offer a consistent checkbox list of requirements met. Gartner offers more best practice guidance than hard-lined definitions and laundry lists of technical prerequisites. Thus, it’s more about asking each provider how they interpret and approach SASE.

It’s not just network and security convergence. SASE makes sense to IT professionals who are familiar with the trend of network and security convergence, but it reaches beyond the concept of consolidation to define how converged solutions should look, operate, and what they should value–namely cloud-based services, identity analytics, globally distributed capabilities, and edge flexibility. SASE calls for convergence with a strong emphasis on a cloud-based services model from one provider.

Ready for more? Read all the articles in the SASE Straight Talk series:

Is SASE real or just a concept?

Ray Watson

Ray Watson is VP of Innovation at Masergy. He brings over 17 years of expertise in IT strategy, application solution design and next-generation network architectures. Ray has enabled numerous global enterprises in transforming their IT infrastructures to guarantee business outcomes. Ray is an industry thought leader in IT transformation and is a frequent speaker on topics such as hybrid networking, SDN, NFV, cloud connectivity and advanced security. Prior to joining Masergy, Ray worked at Airband Communications and Broadwing Communications. He holds a B.S. from Purdue University.

Related Content

Co-managed SD-WAN: IT decision makers are leaning in but how do you get the best of both worlds?

What’s the difference between a fully managed SD-WAN service and a co-managed service? Here’s how to get the best out of shared responsibilities.

Read more

Poised for continued innovation, Masergy welcomes Ajay Pandya as Director of Product Management – Network Solutions

Masergy’s new Director of Networking explains the questions driving ingenuity and the company’s next generation of solutions.

Read more

Enabling 5,500 remote employees in one weekend: How one CIO was already prepared for COVID-19

What if you had started building a work-from-anywhere IT platform before COVID-19? Joe Gracz shares his personal story with the aim of helping others.

Read more