SASE Maturation – Slowly but Surely
Oct 01, 2020
As research firm Gartner has reported, Secure Access Service Edge (SASE) is emerging as a game-changer for enterprise-level cybersecurity strategies. Rather than a “technology” per se, SASE is more accurately described as a mindset or approach, one that integrates a wide range of security functions, including SWG, CASB, ZTNA and FWaaS with WAN capabilities (i.e., SD-WAN). More specifically, the model can protect data, applications, devices and identities independent of physical location, with fully integrated and consistent services, solid management functionality and low latencies. In so doing, SASE transcends the “protect the castle” perspective of traditional – and increasingly outdated – approaches to cybersecurity. Moreover, the as-a-Service component of SASE can help enable Digital Transformation initiatives for companies where mobile and remote users are the norm. The model provides complete flexibility and allows anyone to choose the services they want in a cost-effective manner, with little to no technical skills or knowledge required.
Despite the tremendous potential, many organizations are falling short in their SASE deployments. One issue is lack of governance and coordination between the networking and security functions. The whole concept of SASE is based on the convergence of networking and security across the enterprise, and the organizational structure needed to enable that convergence has typically been lacking. At the executive level, CISOs have only recently started taking on boardroom level positions, rather than reporting to CIOs. When in a subordinate role, CISOs tend to adopt a traditional perimeter-centric perspective, which can limit the benefits of a SASE deployment. A successful SASE project, meanwhile, requires approaching data, applications and identities as being independent of physical boundaries. As the stature of the CISO role continues to grow, businesses will develop the cross-functional, cross-business unit governance maturity required to make SASE a reality.
Reluctance to change is another obstacle. Many businesses have invested millions in legacy technologies attached to centralized office locations. As such, SASE can be perceived as a direct threat not only to existing technology, to roles within the organization as well. That said, the pandemic is accelerating the demise of the central office location and driving transition to the Cloud. Since a true SASE model involves both enterprise networking and security technologies, adoption timelines will ultimately depend on the life cycle of the different components of those two worlds.
Lack of technology maturity also poses a challenge. Advanced Software-Defined Wide Area Networking (SD-WAN) or edge computing capabilities are essential building blocks to a SASE solution. Nonetheless, many integrators claim SASE benefits can be achieved by integrating existing network and security capabilities through VM service chaining along with competitive managed services. In fact, however, deploying SASE without those sophisticated building blocks in place puts the cart before the horse, as most potential customers must overcome legacy investments in order to fulfill the SASE vision. While red hot, the market for SD-WAN is still evolving, with over 50 active suppliers currently offering solutions. In this crowded landscape, differentiating among various feature sets can become a complex undertaking.
The good news is that basic SD-WAN functionality is becoming standard across all routing and next-generation firewall providers. Moreover, analysts expect that SD-WAN suppliers will gradually improve the depth of their strategic security partnerships. These trends enable a true SASE architecture, characterized by the complete integration of networking and security technology. As offerings are in flux, it is recommended to favor short-term SASE or SD-WAN plus Security integration projects.