Why are there so many different interpretations of SASE?

In late 2019, Gartner gave birth to a new acronym that has since taken the SD-WAN market by storm—SASE (Secure Access Service Edge). Now, every provider is announcing their SASE solution. In this series of SASE Straight Talk articles, Masergy steps through the most common questions we’re hearing from business leaders, providing an in-depth explanation for each. This week, we tackle the many interpretations of SASE.

One question, 10 answers

Ask people what SASE is and you’ll likely get 10 different answers. While the newness of SASE is a factor here, various definitions are also the result of just how dynamic and multifaceted SASE is.

  • Is it a forward-leaning vision for network and security convergence? Yes.
  • Is it a model or solution framework? Yes, and it’s still evolving and maturing.
  • Is it a new solution market? Yes, with more entrants coming on board every day.

Ultimately, it’s Gartner’s foresight turned into a conceptual framework that is now manifesting into new solution offerings. People talk across these different facets individually without bringing them all together into one view, hence the vast explanations. Security professionals describe it as “a security platform for network services” while network professionals describe it as “a network platform for security services”—so you can see how it’s all in one’s perspective.

What is SASE? Gartner’s definition

For the record, here’s how Gartner defined SASE in their Hype Cycle for Enterprise Networking report:

“SASE are emerging converged offerings combining WAN capabilities with network security functions (such as secure web gateway, CASB, and SDP) to support the needs of digital enterprises… These capabilities are delivered as a service-based upon the identity of the entity, real-time context, and security/compliance policies. Identities can be associated with people, devices, IoT, or edge computing locations.”

Understanding the multiple facets of SASE

A vision for network and security convergence: SASE is a concept born under the pretenses that the IT environment has dramatically changed, demanding a new way of addressing the needs of the network and security. These changes include WAN workloads shifting to the cloud, networks plagued by cloud performance issues as well as trends like edge computing, remote workforces, and the fact that security and the network need to work in unison.

Gartner recognizes that the data center is no longer the heart of the IT architecture and companies everywhere are trying to tackle an ocean of network and security capabilities individually. But point solutions and a myriad of different vendors is an approach that lacks intelligent integration, increases IT complexity, and requires a forklift effort. When there must be a better way, SASE arguably represents Gartner’s way of challenging the industry to solve the biggest problems in IT. And it’s working. The industry is already shaping itself accordingly.

A solution offering and a framework for building next-generation IT services: Gartner generally describes SASE as solutions that unify SD-WAN and security into one cloud-based service from a single provider. Thus, SASE acts as a model or framework for building the next generation of IT services, and yet, Gartner hasn’t prescriptively provided a detailed checklist of every last technology required. They only provide five core capability areas. That’s because SASE is still an emerging market in the early stages of development. If you’re like me and you just want the most tangible list of what SASE is, here are the core capabilities and the four primary tenets:

5 core capabilities of SASE

Gartner Analyst Andrew Lerner describes SASE as “a new package of technologies including SD-WAN, Secure Web Gateway, Cloud Access Security Broker, Zero Trust Network Access and Firewall as a Service as core abilities.”

4 primary tenets or characteristics of SASE

  1. Cloud-based service: SASE solutions are delivered as a service, helping enterprises transition from hardware to software, reducing costs with multitenancy, and supporting a remote, distributed, and mobile workforce.
  2. Identity-focused: User identities and individual devices (not the data center) are the focus for SASE, so access to identity analytics and user activity tracking capabilities are key.
  3. Globally distributed: SASE offerings cater to companies doing business across multiple regions or countries with a software-defined network for low-latency routing across worldwide points of presence.
  4. Edge flexible: SASE services place emphasis on flexibility and security at the edge, where branch locations, cloud applications, and mobile and IoT devices connect.

Beyond these capabilities, the market lacks defined feature standardization. So, there are wide variations in product offerings. This makes it all the more important to understand what SASE is not.

What SASE is not: Understanding compliance and convergence

It’s not a matter of compliance. People ask, “Is your solution SASE compliant?” But it’s really not a matter of regulatory compliance–no federal laws are associated with SASE. Its loose framework makes it difficult for providers to offer a consistent checkbox list of requirements met. Gartner offers more best practice guidance than hard-lined definitions and laundry lists of technical prerequisites. Thus, it’s more about asking each provider how they interpret and approach SASE.

It’s not just network and security convergence. SASE makes sense to IT professionals who are familiar with the trend of network and security convergence, but it reaches beyond the concept of consolidation to define how converged solutions should look, operate, and what they should value–namely cloud-based services, identity analytics, globally distributed capabilities, and edge flexibility. SASE calls for convergence with a strong emphasis on a cloud-based services model from one provider.