Is SASE real or just a concept?

SASE (Secure Access Service Edge) is often introduced as an emerging market, and Gartner has made statements about comprehensive solutions still years away. So, are new solutions just a marketing mirage or a real business investment to be made in 2020? In this series of SASE Straight Talk articles, Masergy answers some of the biggest SASE questions on the minds of IT professionals.

Is SASE real?

When it comes to the validity of solutions, there are opinions on both sides of the argument. Naysayers call today’s offerings more marketing fluff than product reality. And that’s no surprise given that Gartner’s 2019 Hype Cycle report forewarns buyers of this “marketecture.” SASE is still in its formative phase. Meanwhile more and more providers are hitting the streets with their SASE product claims, reassuring clients that their first-to-market offerings are legitimate and deliver real business value.

So, where does this leave early adopters?

Ultimately, of course, the burden is largely on the IT buyer to discern the validity of any particular solution. SASE may still be an emerging and evolving market, but there are tactical ways to tease out the leaders from the laggards. It starts with SASE’s five core capability areas and a warning label from Gartner.

Is SASE real or just a concept? The answer is it’s both. SASE is multidimensional.

  • It’s a forward-leaning vision for network and security convergence.
  • It’s a model and solution framework that is still evolving and maturing.
  • And, it’s a new solution market with more entrants coming onboard everyday.

SASE: It’s more about core capability areas than a detailed feature checklist

Buyers are often looking for a detailed feature checklist, but SASE is still “soft” at this time. Gartner describes solutions that unify SD-WAN and security into one cloud-based service from a single provider. Thus, SASE acts as a model or framework for building the next generation of IT services. And yet, Gartner hasn’t prescriptively provided a detailed checklist of every last technology required—they only provide core capability areas:

  • SD-WAN
  • Secure Web Gateway
  • Cloud Access Security Broker (CASB)
  • Zero Trust Network Access
  • Firewall as a Service

Beyond these core components, the market lacks defined feature standardization. With these details intentionally loose, there is wide variation in the way solutions deliver on SASE and how they bring all the elements together in one cloud service platform. When each of the five capability areas serve as their own individual industries, that unification is a tall order. How anyone company can adequately compile and harmonize them all is a key question for investors. Some providers use their own homegrown technologies, while others take a series of products from outside partners and integrate them together. This brings us to Gartner’s architecture warning label.

Unpacking Gartner’s warning: SASE architecture matters

Gartner’s Hype Cycle for Enterprise Networking report offers IT leaders some breadcrumbs to help IT leaders separate a true solution from the mere facade:

Software architecture and implementation matters. Be wary of vendors that propose to deliver services by linking a large number of features via VM service chaining, especially when the products come from a number of acquisitions or partnerships. This approach may speed time to market but will result in inconsistent services, poor manageability and high latency.

To unpack this, it helps to think about SASE as a standard platform where a constellation of capabilities are being unified under a single operating system. Architecture and implementation matter because it exposes the uniformity of that one common platform. When everything needs to interoperate, the underlying architecture is what allows for the cooperation and collaboration. Otherwise, IT teams could easily be left stymied by multiple dashboards and controllers. This is exactly the problem SASE aims to avoid!

It’s a bit like comparing Frankenstein’s parts and pieces all stitched together to a set of nesting dolls all crafted from the same template. How providers go from delivering point solutions to a fully integrated “as a service” model will expose key differences, distinguishing true SASE solutions.

Network service providers typically use their own private network to serve as SASE’s common underlying platform. Understanding the uniformity of that network is key and explains why providers with a ubiquitous softwaredefined network will be quick to advertise that fact. When the core operating system is the same all across the globe and uses modern software-defined principles, it’s easier to get all five core capabilities to interoperate with edge-to-edge visibility in one management portal.

Evidence of a well-architected SASE platform becomes particularly tangible when:

  • Network analytics and security analytics come together in one dashboard, providing insights across both IT domains
  • Consistent strategies can be used across both the network and security
  • Solutions enforce consistent security policies across all SD-WAN devices and deliver security alert metrics all in one place
  • Clients can map a pervasive IT security posture across their multi-tenant WAN and LAN infrastructure using a centralized security deployment, meaning solutions can secure users and endpoints across multiple instances of virtual routing and forwarding (VRFs) and LAN segments