How do you tease out the differences in SASE solutions? Tech stacks set providers apart
In 2020, a new acronym is dominating the SD-WAN industry – SASE (Secure Access Service Edge). Now, every SD-WAN provider is hitting the market with their SASE solution. So, how do early adopters understand the differences between them? In Massery’s SASE Straight Talk articles, we’re working to shed light on this emerging market, helping IT professionals navigate critical decisions as they plan for a move toward SASE.
SASE differences: Core capabilities offer a good starting place
As the clearest definition of SASE, early adopters should first look at the five core capability areas that allow for the best apples-to-apples comparison between solutions. Analyst Andrew Lerner describes SASE as “a new package of technologies including SD-WAN, Secure Web Gateway, Cloud Access Security Broker, Zero Trust Network Access, and Firewall as a Service as core abilities.”
That’s a defined place to begin, but even within this definition solutions vary widely.
Every provider delivers differently on those five elements with different technologies and approaches. So, one size does not fit all. The five core capabilities serve as a framework or even a buyer’s checklist, but this doesn’t mean every provider will check each box twice, for example. When it comes to security, professionals will be quick to say that checking each box once isn’t always an adequate security strategy. Defense in depth requires a more exhaustive approach, and each provider will do SASE differently.
Understanding where your own IT gaps align with the list of core capabilities can help prioritize which SASE capabilities will generate the most strategic value to your business. It’s likely that companies have already made investments in areas overlapping SASE’s core areas. In these cases, it might be helpful to:
- Talk to current partners: Ask your existing provider if they have SASE on their product roadmaps, as this can reduce the complexity of migration.
- Find solutions that fit: It may be important to consider SASE solutions that will work with the existing IT environment. Some solutions will ask the client to rip and replace, starting fresh with the provider’s entire suite of services, so that everything works in sync. Therefore, it’s important to understand how SASE technologies are compiled.
Tech stack compilation
As providers compile many tools into one SASE toolbox, they typically take two different approaches. They either have a box of tools that are all their own homegrown brand or a box of tools that include mixed brands from other companies. Here’s what to consider in comparing them.
Homegrown tech stack
These solution tech stacks are built using the provider’s own homegrown technologies and services. This all-in-one-vendor approach is great for solution simplicity, and for this reason, many theorize that SASE will trigger more mergers and acquisitions. However, there are some potential drawbacks:
- Clients may need to rip and replace any overlapping capabilities where they may have already made investments.
- Clients may not always get the best technology available on the market. When the solution relies on one provider’s technology, it’s best to evaluate which of SASE’s five core capabilities best coincide with the provider’s own core competencies. This will help reveal where the provider will deliver the strongest value.
- Another thing to note is that SASE is still an emerging market. With each of the five SASE components recognized as a standalone industry, providers need time to expand and develop their own homegrown tech stack to address each area. For this reason, some investors prefer a best-ofbreed tech stacks.
Best-of-breed tech stack
These solution tech stacks are built by taking best-ofbreed technologies from an array of companies and integrating them together into a single cloud service platform. With these solutions, clients can gain the advantages of having all the leading brands in their SASE toolbox. Typically, these providers believe no single vendor today is capable of solving the myriad of cybersecurity risks that fall under SASE’s big umbrella (and they particularly call out startups). All in all, best-of-breed providers differentiate themselves by leaving the security tool development to those who do it best—the industry-leading manufacturers of each technology.
But potential downsides may arise in exactly how all these different tools are integrated. This is when SASE architecture matters most—the uniformity of the underlying platform determines the quality of interoperability and visibility across all tools. Does integration happen at the source code level? Gartner advises buyers to avoid solutions that link a large number of products via virtual machine service chaining. Don’t miss this article, which further unpacks Gartner’s warning label on SASE architecture.
A master of all capabilities
SASE is all about convergence. And, when companies rely on a single company to deliver an entire constellation of services, it’s more critical than ever to understand the provider’s strengths, weaknesses, and history. After all, they will have to span multiple bridges, mastering each area while still delivering a superior customer experience.
Technology manufacturers and IT services providers will likely yield two very different SASE offerings and different client experiences, because inherently one will be focused on technology and the other on business outcomes. Targeting a provider that is both a tech innovator and a strong managed service partner will be key, particularly for IT teams that have limited experience with SD-WAN and are seeking a fully managed service.
Likewise, security companies and network companies will be heavily oriented on one side or the other. At a time when convergence is the name of the game, those with a history of excellence on both sides of the IT domain will know how to create the best synergy between the two worlds of network and security.
All in all, SASE solutions are real, but much like the market they are still rapidly developing. These are just a few ways to make sense of the early solutions hitting the market.
Interested in how SD-WAN can improve your business?
Call us now to arrange a consultation (866) 588-5885.
Or arrange for a consultation through our request form.
What are the benefits of SASE?
Why do businesses need SASE and more importantly does it help with work from home? Here’s how SASE solutions deliver real value.
Is there more than one way to SASE?
Are firewalls becoming a dividing line between SASE strategies? Why some IT leaders choose a cloud-managed approach over a cloud-native one.
Is SASE real or just a concept?
When it comes to SASE validity, there are lots of opinions. Here’s a look from all sides and tips for how to evaluate SASE architecture.
Why are there so many different interpretations of SASE?
Ask people what SASE is and you’ll likely get 10 answers. While the newness of SASE is a factor in the confusion, here’s what SASE is and what it’s not.