SASE: Theory vs. Reality

SASE Secure Access Service Edge

It’s astonishing to see how quickly the industry has adopted the secure access service edge (SASE) as the future of networking and security.  It was a little more than a year ago when Gartner first introduced the SASE architecture and already it’s become the successor to SD-WAN. 

It’s no stretch to say that every major vendor has some kind of SASE play. And should be no surprise as to how similar they sound. They all talk about being the “future of networking and security.” They all “converge networking and security together.” And they all include “full-featured” SD-WAN with “advanced multipathing.” 

So what do you really need to know about SASE and what separates today’s SASE offering? 

To get into those details, take advantage of our spanking new SASE Jumpstart Kit. It’s a 60-minute, one-on-one crash course into everything you need to know about SASE led by, you guessed it, our lead SASE Expert, Steve Garson. Besides picking his brains about what separates SASE theory from SASE reality, you’ll get our new SASE RFP Template. It’s a 100+ question Excel spreadsheet for you to slice and dice SASE vendors to your liking. You can read more about the SASE Jumpstart Kit here. 

We will tell you this, though. The theory of SASE is vastly different from the reality of SASE. As we discussed in this new TechTarget story, SASE should be a global cloud service that connects and secures the complete enterprises —  sites, IoT devices, mobile users, cloud applications,  and cloud datacenter. The security services should include secure DNS, NGFW, SWG, CASB, ZTNA, and DLP. And SASE should use a cloud-native architecture for optimum agility and cost reductions while running over a private, global backbone for maximum performance. 

The reality is that except for one vendor, the SASE market doesn’t come close to meeting this vision today. Most companies are adapting their existing security or networking solutions to the SASE vision.

Today, you can expect all SASE solutions to offer: 

    • Networking and security integration but the richness and extent of that integration will vary. 
    • Support for remote users and sites, though today this might require deploying small SD-WAN devices at the home office.
    • Support for a global private backbone of their own or of third-parties, such as from Azure or AWS. The global Internet is too unpredictable to consistently deliver a low latency experience globally. 

The other stuff? That’s still roadmap materials for most. Just check out our SASE summaries to see what I mean. These are snapshots of how the vendors discuss their offerings in their own words. 

While vendors may not meet all of your SASE expectations today they should show at least plan for how their platforms will become full SASE-implementations. This means at least 

    • a cloud-native architecture
    • their own global backbone.
    • a single-pane-of-glass fully converging the configuration, troubleshooting, analysis, and reporting of their security and networking domains. 
    • identity-driven where all networking and security policies hang off of the user, not a device IP. 

Why are those important? What other items should you be considering? Good questions. That’s why we’ve created the SASE Jumpstart Kit. Sign up and let’s dig into those details. 

Share this post