So by now, most networking folks know about SDWAN. And of course, just when everyone is aware and comfortable with a technology, and it is (relatively) stable with over 25,000 paying customers, and we can start to absorb it…then Boom. Things change. And we are absolutely seeing the market evolve. And the new “thing” is SASE – Secure Access Service Edge, pronounced “sassy”. Note: the research effort is being lead by Neil MacDonald and Joe Skorupa.
Side note: I actually don’t love saying “sassy”, but I digress…
SASE combines network security functions (such as SWG, CASB, FWaaS and ZTNA), with WAN capabilities (i.e., SDWAN) to support the dynamic secure access needs of organizations. These capabilities are delivered primarily aaS and based upon the identity of the entity, real time context and security/compliance policies.
So essentially, SASE is a new package of technologies including SD-WAN, SWG, CASB, ZTNA and FWaaS as core abilities, with the ability to identity sensitive data or malware and the ability to decrypt content at line speed, with continuous monitoring of sessions for risk and trust levels.
We expect a number of SASE announcements over the next year as vendors merge products and/or partner to compete in this emerging market. Further, we are seeing multiple incumbent vendors from the networking and network security markets developing new cloud-based offerings and/or enhancing existing cloud delivery.
We are already seeing (and anticipate a lot more) hype and marketing (and PowerPoint and hyperbole…). So, in addition to the definition above, here are some thoughts when looking at SASE offerings: Software architecture and implementation really matters. Be wary of vendors that propose to deliver services by linking a large number of features via VM service chaining, especially when the products come from a number of acquisitions or partnerships. This approach may speed time to market but will result in inconsistent services, poor manageability and high latency. Also, we recommend short-term SASE contracts of one to two years maximum as licensing models are in flux. Favor SASE vendors that offer the simplicity of identity-/entity-based subscription licensing (not based on bandwidth) across all offerings.
This is just a small piece of our SASE research. For additional information, here’s the full document (paywall):
Summary: Digital business transformation inverts network and security service design patterns, shifting the focal point to the identity of the user and/or device — not the data center. Security and risk management leaders need a converged cloud-delivered secure access service edge to address this shift.