In a year of overall weirdness and confusion, secure access service edge (SASE) has been one of the hottest topics in the telecoms industry. Gartner introduced and defined SASE over a year ago, and since then the SASE bandwagon is close to overflowing with vendors.
The short definition of SASE is it converges the functions of network and security point solutions into a unified, global cloud-native service, according to Gartner. The longer definition for SASE is that it's a new package of technologies that includes network security, FWaaS (firewall-as-a-service), zero-trust network access, DNS, cloud secure web gateway (SWG), and CASB (cloud access security brokers), among other features, for a hybrid cloud-based service model over a wide-area network (WAN).
Vendors love SASE, and, according to Cato Networks CMO Yishay Yovel, so do customers. By 2024, more than 60% of SD-WAN customers will have implemented a SASE architecture, compared with about 35% in 2020, according to Gartner's latest SASE forecast. According to a recent report by Dell'Oro Group, SASE is expected to grow at a CAGR of 116% from last year to 2024.
RELATED: SASE market to grow at 116% CAGR over 5 years
"When we speak to Gartner about how many inbound inquiries they are getting on different topics, SASE is now surpassing SD-WAN at the same point in its lifecycle," Yovel said. "Market education by big vendors and Gartner is a big thing as well. The reason everybody jumped on SASE is that it's not totally a pie in the sky thing. It's basically the features everybody knows packaged in a new architecture."
Yovel said Cato Networks built its SD-WAN offering from inception as a cloud-based platform with its own security and not as a point service or feature like other SD-WAN vendors are deploying. Companies with multiple SD-WAN solutions such as Cisco, which has Viptela, Meraki and IWAN offerings, have products on premise and in the cloud, and technologies with multiple management interfaces.
Because service providers and enterprises use SD-WAN vendors with point solutions instead of a cloud-based platform, they need to deploy multiple SD-WAN solutions from several SD-WAN companies.
"Our position is that SD-WAN is a feature not a product," he said. "It is a feature within the SASE framework. We thought this way before SASE was launched. We called it convergence at the time. What you're seeing now is this convergence happening in SD-WAN where companies are becoming a feature in someone else's strategy. "
Yovel cited Cisco buying Viptela, VMware buying VeloCloud and, more recently, Palo Alto Networks buying CloudGenix, HPE's deal for Silver Peak, and Juniper buying 128 Technology, as companies that are trying to fill-in SD-WAN or SASE gaps across security, network or cloud-based services.
"I think the consolidation is driven by two things," he said. "The first one is that SD-WAN is a feature and not a market. And the second is that SASE is a combination of SD-WAN and security. The players in the space coming from either side have to complement their portfolio if they don't have every thing. And that's the CloudGenix acquisition.
"Even 128 for that matter because Juniper didn't have an SD-WAN story. They have a security story and networking story. So they just complimented it with an SD-WAN technology. Silver Peak is more like networking buying networking. So I'm not sure exactly what HPE's strategy is because they also have SD-WAN with Aruba."
Here's a look at four key elements of SASE, according to Yovel.
SASE's timetable ramps up
Yovel said when Gartner came up with SASE last year it was a five-to-10 year cycle. Now it's a one-to-three-year cycle.
"Essentially, there are two factors," Yovel said. "One is vendors are jumping on the SASE bandwagon. The second is the customer interest is very high. I believe what we're seeing is that a lot of the SD-WAN conversations are turning into a SASE conversations with SD-WAN being the first step. The market velocity is very high."
Customers understand the cloud and SD-WAN
The SASE hype bubble is also being fueled by customers' understanding of the cloud, which has been driven by cloud providers such as Amazon Web Services, and SD-WAN
"Now you have an architecture that delivers all these features of SASE from the cloud," Yovel said. "This is a very big deal, and a lot of the big promise that goes with it. Now it can be scalable everywhere globally. You don't have to worry about sizing and capacity. It's just there where you need it. This is a very simple promise."
SASE is more than the features
Yovel said companies such as Fortinet deliver features of SASE, mainly security and SD-WAN, via appliances without the cloud-based architecture. Along the same lines, Zscaler doesn't have the networking piece of SASE. Vendors that don't have all of the SASE elements end up partnering with other companies for the missing pieces.
"That's another area that Gartner is driving towards with its predictions, which is ultimately a very high percentage of SASE buyers in the next few years will want a single architecture to deliver SASE," he said. "And until this is available they may choose two vendors, like a (VMware) VeloCloud and Zscaler.
"But strategically, some cloud-security companies, unless they extend to the network, and they tie everything together, can't be considered SASE. It's a long-term play. Right now there's potential to do it, but a lot of them are not doing SASE. I would say the company that is really making an effort right now is Palo Alto to really put the pieces together."
Follow the user
Yovel said SASE provides the ability to follow the user no matter where they are, which is particularly important for remote workers during Covid-19.
"You can be in the office behind an SD-WAN appliance and get optimization and security from the cloud," he said. "And you can go home and connect with the light client, and get the same optimization and security benefits. This is a benefit of architecture.
"The road warriors are people that are moving around. They have mobile licenses that extend access to the entire organization. And because SASE is all cloud-based, there is no scalability limitation or sizing limitations. Everything works really well together."