• SASE combines WAN with elements of security and edge technology, but that is not a catch-all solution.
• For SASE to work, organizations must break down internal silos to create a unified approach to data routing and security policies.
What is SASE or – to reference it by its full name – secure access service edge? Enterprises can be forgiven to a degree of uncertainty on this point since, as with all new technology concepts, the term has been used rather freely by vendors, service providers, and analysts alike. In its original form, the concept envisioned a move beyond traditional WAN (including SD-WAN) to a group of network technologies that would be deployed at the network edge (in a move away from customer premises equipment) and would combine both routing and security capabilities.
The concept of SASE, particularly the bringing together of network and security, has found a degree of traction among enterprises, but this interest is most commonly at the level of future planning rather than immediate deployment – and there are several reasons for this. SASE as a product or service rather than a concept is still at a formative stage. Many, if not almost all, security and SD-WAN vendors now proclaim to offer SASE and have done so for at least 18 months. However, the earliest SASE instances were often relabeled versions of existing SD-WAN or next-generation firewall solutions.
Service providers (SPs) have also only just begun to embrace SASE. Most Tier I SPs will have a SASE solution in play by the end of 2022, but they are very much first iterations, with more fully fledged solutions not set to be available until 2023. SPs have been slow, in part because any new service launch takes time and the range of available vendor partners is significant, but also because they have needed to understand where SASE sits within their portfolios. Is it networking, is it security, is it both – and where does it fit within their wider cloud and edge networking strategies?
If service providers are taking time to adjust, then it is understandable that enterprises will take time as well. Many enterprises GlobalData has spoken to have said that while they wish to deploy a SASE-type solution, they are not ready to take that step. This is particularly true for smaller MNCs and medium-to-large enterprises that are still relatively new to SD-WAN.
The prospect of combining SD-WAN with security sounds great, but internal corporate policies are often not a stage where the decision to do so in any meaningful way can be achieved. Network and security policies are often determined separately, and combining decision-making and procurement into a single process is not easy – especially when security is a source of understandable paranoia for most businesses.
Furthermore, most enterprises run a wide range of security solutions – it is not uncommon for an organization to have to identify double-digit numbers of security products covering everything from firewall and DDoS mitigation in addition to cloud/SaaS security services. The idea that one solution could combine all of these is unlikely (and to be fair, no SASE vendor yet claims that they can do everything), and most enterprises prefer a best-of-breed approach – this extends to the WAN side as well.
More advanced enterprises are also beginning to think about networks in more cloud-oriented terms. Although tending to be virtualized and flexible, enterprises at times still view the current generation of SASE solutions as too similar to traditional WAN solutions to necessarily justify taking the leap into this new technology.
Enterprises should, however, be aware that the technology is evolving quickly. Opting for SASE does not mean vendor lock-in, and it may help to reduce complexity in network and security estates. Cloud/edge-based deployments of SD-WAN and cloud gateways can also be a stepping-stone toward a cloud-based, network-as-a-service-type solution.