It was not that long ago that a wide variety of security and networking technologies first erupted in the market. Firewalls, anti-virus, IDS/IPS, web content management, site-to-site and user VPNs were offered by dozens of different vendors on dedicated appliances without a thought to centralized management or product integration. From this chaos came the next generation firewall (NGFW) that integrated these products into a single platform and management console. Now, with the rise of cloud computing and remote workforces, the future of SASE (Secure Access Service Edge) is looking promising as a unified platform that integrates networking and security functions for distributed enterprises.
NGFWs quickly dominated the market by offering the specific security features buyers were seeking, but also gave the promise of easily licensing additional features in the future. Deployment and configuration would be easy with little training required for users familiar with an ever-expanding but familiar management console.
This approach of integrating multiple functions into a single platform, along with the promise of continuous improvements, was popular with IT and security professionals and allowed the technology to expand rapidly. It allowed customers to purchase the necessary features at the time and have the option to add more functions as their security needs evolved. However, with the future of SASE, there are even higher expectations from customers, as they demand faster innovation, seamless integration, and better security.
Similar to the way that NGFWs sought to enhance security by condensing many features into a singular platform, SASE is simplifying IT infrastructure by pulling advanced networking and security into a single management system.
There is much to learn from the success of NGFWs that is now relevant to the SASE market.
- Jack of All Trades – With NGFWs the individual strength of a single feature wasn’t as important to users as the combined strength and ease of management of all features. This held up even if there were no short term plans for a customer to use other features. Similarly, SASE’s integration of security, networking and edge computing produce a result that is greater than the sum of its parts. This multi-layered approach presents an opportunity to simplify the complexities of today’s modern networking and security infrastructure.
- Integrated management appeals to all users – NGFW gave buyers the chance to simplify their lives by managing multiple functions in a single portal. Sales of NGFW rapidly expanded as decision makers were able to satisfy many current and future stakeholder requirements within a single platform. Like NGFW, SASE’s appeal stretches across a wide spectrum of users. With features that automate the management of critical IT components, SASE is uniquely positioned to bring the network operations center (NOC) and security operations center (SOC) into a cohesively managed function that provides benefits to both sides of the house.
- Complex buying process favors broad solutions – With any enterprise sale, technical and non-technical business needs must be addressed. Finance wants to minimize costs, operations wants something efficient and compliance is focused on the lens of checking regulatory requirement boxes. NGFW were able to appeal to a larger number of constituents and thus beat out competitors with its broad offering. SASE will experience a similar competitive advantage as solutions begin to take market share from entrenched network and security point solutions.
- Large organizations needed more than NGFW – Organizations with demanding performance, security, or integration needs were not initially good fits for NGFW and relied on best-in-class products and dedicated teams to manage each solution. As NGFW vendors increased their product development investments and grew platform capabilities, larger organizations began seeing them as a viable path for more security functions. Today, NGFWs are used by almost every enterprise in the world. SASE has experienced a similar trajectory of adoption. Currently, adoption is strongest in the SMB space but many large companies see the promise of the approach and are keeping an eye on the SASE trend. As product offerings from established security and networking vendors grow, so too will enterprise adoption.
However, much has changed since the NGFWs became standard across most organizations, which has raised questions about the future of SASE adoption.
- The rise of the CISO – When NGFW became common the buyer was almost always the CIO as few organizations had dedicated security teams. How will the budget for SASE components like SD-WAN and CASB be combined? Who will make the decision and who will influence the decision? The CISO will most likely end up as the decision-maker.
- ROI on Recurring Pricing Model – NGFWs generated solid ROIs when compared to the sum of costs of the integrated products. This was in part because the pricing models were similar – large upfront capital expenses with modest annual recurring subscriptions. With recurring subscriptions now the norm, ROI will be more difficult to achieve against legacy pricing models. Organizations must be open to the benefits of subscription/op-ex models or be convinced of the improved value.
- Software Ate Hardware – Early NGFW were dependent on custom engineered hardware and ASICs to deliver the performance required by the individual features. This created performance ceilings and shelf life for the devices. Additionally, it meant large capital expenditures for new deployments leading to high switching costs which kept customers locked in artificially. A software and cloud-centric approach that leverages ‘disposable’ hardware appliances means innovation occurs at a much faster pace as it is decoupled from hardware limitations. Users now benefit from continuously improving products without large capex expenses, while vendors become long-term winners through their speed of innovation.
- The Moat is Smaller – Cloud-only approaches to SASE present a lower vendor switching cost to customers. Automated migration tools common in other SaaS markets will eventually come to SASE. The on-premise hardware appliance was a much larger moat for vendors due to the time and hassle of replacement.
Like NGFWs, the future of SASE allows best-of-breed security and networking to be natively intertwined, delivered and managed as a single solution. However, unlike NGFW, SASE must deal with even greater customer expectations, changes to the buying process, and faster speed of innovation.
While the security industry is constantly evolving, it is interesting to see how some things continue to repeat themselves.