The victor in the evolving SASE market will deliver the highest quality user experience by solving the security service chaining problem while competing head-on with the legacy security solutions that dominate IT security spending today. They will build their solution on a platform that integrates software-defined networking, edge computing, and solves the expensive problems of managing distributed applications. In doing so they will deliver a low latency and highly secure experience while their competitors argue with buyers about the need to sacrifice performance for security.
Hybrid Cloud Is the Market
SASE combines the components of SD-WAN, SDP and edge computing with cloud-delivered security. While some vendors have begun assembling the required components to deliver robust SASE platforms, the race to produce a minimum viable product has many vendors narrowing the scope of their solution.
Today many vendors offer Secure Web Gateway (SWG) or Software Defined Perimeter (SDP) using agentless or proxy solutions that support only HTTP/S traffic. This is fine for those organizations that have fully migrated to the cloud, but that doesn’t address the vast majority of enterprise applications in the world that rely on Layer 3 connectivity between data centers and other on-premise resources. Wins are possible with cloud-only companies (the few and the small) and as bolt-ons to the real security solutions that will continue to take the largest share of IT spending.
Security solutions will ultimately be divided into two camps… Those that support “cloud-only” versus those that support the far more ubiquitous hybrid cloud environments.
Realize That Proxy Alone Is Not Enough
As the market begins wider scale adoption, SASE is going to compete against a stack of entrenched technologies that are tightly integrated and market hardened. When SDP goes up against VPN, it will have to support the Layer 3 connectivity offered by traditional VPN clients AND deliver the enhanced value that justifies replacing thousands of software endpoints. For SWG to replace existing legacy on-premise gateway security solutions it must address the on-premise/private cloud architectures still in use by nearly every large organization in the world.
Distributed Architectures Crush Centralized Security Services
In the battle between security and convenience, minimizing the impact on users usually wins. SASE aims to eliminate this zero sum decision by providing better security while also enhancing a user’s experience. Delivering a better user experience in SASE depends on the decentralization of security. Inspection and reputational security services are best delivered at the edge, but high compute services such as sandboxing are best delivered centrally. Security solutions such as SIEM benefit from low cost storage across hybrid cloud environments. Instead of addressing the needs of these services individually and dealing with the impact to users and complexity, a SASE architecture allows each service to move to its most efficient location.
This reorganization of service delivery allows SASE to provide a better overall security and user experience, but it can also address the ever increasing cost of computing in cloud-delivered security. SASE allows security intelligence to move closer to the sessions, instead of backhauling sessions to intelligence. When inspection is pushed to the edge, costs (and latency) are lowered as the compute burden is shifted closer to the data source and traffic bottlenecks are removed.
Ultimately, the challenge and promise of SASE resides in the management of distributed application architectures. And SASE is a perfect use case for distributed application architecture that span from the edge to public cloud. Managing these distributed architectures depends on automated edge computing solutions to operate efficiently. When you solve the challenges of edge deployment and management, you solve the industry’s larger problems of service chaining.
The Security and Networking Industries are Converging
Today, almost all SASE solutions are being built on large deployment footprints and existing customer relationships held by security and networking providers. To this point, Palo Alto’s recent acquisition of CloudGenix combined the forces of two industry heavyweights to add features and cross sell opportunities to their respective install bases. This merger is just one of many that the industry will see over the coming year.
The SASE solutions that seamlessly address both cloud and on-premise security will be the big, early winners in the space. History has repeatedly shown that the early market share leaders can build large moats quickly and efficiently. The rise of SASE will be no different and the tectonic plates have already begun to shift across the security industry in response.