Blog post

Checking in on SASE

By Andrew Lerner | March 26, 2021 | 1 Comment

WANNetworkingJust Published

SASE is pretty hot. In fact, it is the #1 most-hyped term in networking*. That said, SASE is more than just a buzzword. Along those lines, we just published a SASE roadmap (paywall) that includes our updated recommendations and thoughts on the topic.

Pragmatic SASE

First, I’ll point to our SASE definition here. Definitions are important and to date, SASE means different things to different people. Hopefully that will improve with time, but is not shocking given the newness/hotness of the term.

The issue SASE aims to address is that perimeter-based approaches to securing anywhere, anytime access has resulted in a patchwork of vendors, policies, and consoles creating complexity for security administrators and users. SASE is a pragmatic and compelling model that can be partially or fully implemented today. Here are some of our specific shorter-term recommendations.

  • Deploy zero trust network access (ZTNA) to augment or replace legacy VPN for remote users, especially for high-risk use cases.
  • Inventory equipment and contracts to implement a multiyear phase out of on-premises perimeter and branch hardware in favor of cloud-based delivery of SASE capabilities.
  • Consolidate vendors and cut complexity and costs as contracts renew for secure web gateways (SWGs), cloud access security brokers (CASBs) and VPN. Leverage a converged market that emerges combining these security edge services.
  • Actively engage with initiatives for branch office transformation/modernization and MPLS offload in order to integrate cloud-based security edge services into the scope of project planning.

Predictions

Last but not least, here are some sassy** predictions:

  • By 2024, 30% of enterprises will adopt cloud-delivered SWG, CASB, ZTNA and branch office firewall as a service (FWaaS) capabilities from the same vendor, up from less than 5% in 2020.
  • By 2025, at least 60% of enterprises will have explicit strategies and timelines for SASE adoption encompassing user, branch and edge access, up from 10% in 2020.
  • By 2023, to deliver flexible, cost-effective scalable bandwidth, 30% of enterprise locations will have only internet WAN connectivity, compared with approximately 15% in 2020.

The full research note is here: 2021 Strategic Roadmap for SASE Convergence (author: Neil MacDonald)
Digitalization, work from anywhere and cloud-based computing have accelerated cloud-delivered SASE offerings to enable anywhere, anytime access from any device. Security and risk management leaders should build a migration plan from legacy perimeter and hardware-based offerings to a SASE model.

regards, Andrew

*This is a composite index, based on a combination of factors including (but not limited to) client interest, social media analysis, google trends, and analyst opinion.

**Pains me every time I say it.

Leave a Comment

1 Comment

  • Andrew,

    You said, “SASE is a pragmatic and compelling model that can be partially or fully implemented today.”

    Given the emerging trend towards hybrid workforce models, and the need for enterprise employees to securely access on-prem apps *and* cloud-based SaaS apps, it would appear that the combination of SD-WAN and SASE solutions may gain accelerated momentum in 2021.

    Besides, managing a cluster of vendor point products must be a headache for multinational enterprise CIOs that support HQ-based, branch office-based, and WFH-based knowledge workers across the globe.

    Also, I’m now wondering if AI might help to improve the related SysAdmin workflow automation requirement, further simplifying the much-needed governance policies, and thereby potentially increasing overall IT management productivity.

    Your thoughts?

    David