How do you tease out the differences in SASE solutions? Tech stacks set providers apart

In 2020, a new acronym is dominating the SD-WAN industry–SASE (Secure Access Service Edge). Now, every SD-WAN provider is hitting the market with their SASE solution. So, how do early adopters understand the differences between them? In Masergy’s SASE Straight Talk articles, we’re working to shed light on this emerging market, helping IT professionals navigate critical decisions as they plan for a move toward SASE.

SASE differences: Core capabilities offer a good starting place

As the clearest definition of SASE, early adopters should first look at the five core capability areas that allow for the best apples-to-apples comparison between solutions. Analyst Andrew Lerner describes SASE as “a new package of technologies including SD-WAN, Secure Web Gateway, Cloud Access Security Broker, Zero Trust Network Access, and Firewall as a Service as core abilities.”

That’s a defined place to begin, but even within this definition solutions vary widely.

Every provider delivers differently on those five elements with different technologies and approaches. So, one size does not fit all. The five core capabilities serve as a framework or even a buyer’s checklist, but this doesn’t mean every provider will check each box twice, for example. When it comes to security, professionals will be quick to say that checking each box once isn’t always an adequate security strategy. Defense in depth requires a more exhaustive approach, and each provider will do SASE differently.

Understanding where your own IT gaps align with the list of core capabilities can help prioritize which SASE capabilities will generate the most strategic value to your business. It’s likely that companies have already made investments in areas overlapping SASE’s core areas. In these cases, it might be helpful to:

Tech stack compilation

As providers compile many tools into one SASE toolbox, they typically take two different approaches. They either have a box of tools that are all their own homegrown brand or a box of tools that include mixed brands from other companies. Here’s what to consider in comparing them.

Homegrown tech stack

These solution tech stacks are built using the provider’s own homegrown technologies and services. This allin-one-vendor approach is great for solution simplicity, and for this reason, many theorize that SASE will trigger more mergers and acquisitions. However, there are some potential drawbacks:

Best-of-breed tech stack

These solution tech stacks are built by taking best-ofbreed technologies from an array of companies and integrating them together into a single cloud service platform. With these solutions, clients can gain the advantages of having all the leading brands in their SASE toolbox. Typically, these providers believe no single vendor today is capable of solving the myriad of cybersecurity risks that fall under SASE’s big umbrella (and they particularly call out startups). All in all, best-of-breed providers differentiate themselves by leaving the security tool development to those who do it best—the industryleading manufacturers of each technology.

But potential downsides may arise in exactly how all these different tools are integrated. This is when SASE architecture matters most—the uniformity of the underlying platform determines the quality of interoperability and visibility across all tools. Does integration happen at the source code level? Gartner advises buyers to avoid solutions that link a large number of products via virtual machine service chaining. Don’t miss this article, which further unpacks Gartner’s warning label on SASE architecture.

A master of all capabilities

SASE is all about convergence. And, when companies rely on a single company to deliver an entire constellation of services, it’s more critical than ever to understand the provider’s strengths, weaknesses, and history. After all, they will have to span multiple bridges, mastering each area while still delivering a superior customer experience.

Technology manufacturers and IT services providers will likely yield two very different SASE offerings and different client experiences, because inherently one will be focused on technology and the other on business outcomes. Targeting a provider that is both a tech innovator and a strong managed service partner will be key, particularly for IT teams that have limited experience with SD-WAN and are seeking a fully managed service.

Likewise security companies and network companies will be heavily oriented on one side or the other. At a time when convergence is the name of the game, those with a history of excellence on both sides of the IT domain will know how to create the best synergy between the two worlds of network and security.

All in all, SASE solutions are real, but much like the market they are still rapidly developing. These are just a few ways to make sense of the early solutions hitting the market.

Interested in how SD-WAN can improve your business?

Call us now to arrange a consultation (866) 588-5885.
Or arrange for a consultation through our request form.