kras99 - stock.adobe.com

Evaluate various SASE approaches for deployment

Enterprises must choose between single- or multivendor SASE approaches, as well as DIY or managed service options. Experts suggest considering use cases to simplify SASE deployment.

When Gartner released its roadmap for Secure Access Service Edge -- or SASE -- in April 2021, it came at a time when organizations needed to enable secure network connectivity for hybrid work.

Fast forward over a year later, enterprises continue to enable the hybrid work model. Experts have observed that adoption of SASE -- an architecture that combines critical networking and security functions through software-defined WAN (SD-WAN) and security service edge, respectively, into a single simplified service -- is increasing in response.

The SASE market is on track to reach $6 billion by the end of 2022, said Mauricio Sanchez, research director of network security, SASE and SD-WAN at Dell'Oro Group, in a recent NetEvents webinar. Sanchez, along with three other panelists, discussed the state of SD-WAN and SASE during a roundtable discussion. Topics included SASE use cases and deployment options, such as single-vendor or multivendor SASE and DIY or managed service SASE.

SASE emerges

SASE developed at a time when modern approaches to networking became inefficient to handle new networking demands. Sanchez described legacy network architecture as a hardware-centric, hub-and-spoke model. This network design showed signs of obsolescence even before the expansion of hybrid work, Sanchez said.

As enterprises began to embrace cloud applications, expensive MPLS links became exhausted with traffic that traveled to multiple points of the network, Sanchez said. Organizations needed to invest more in their already expensive MPLS links to improve application performance. But, when remote users began to connect from outside office locations, they received poor application performance, despite the upgraded links.

Sanchez said this shift in networking demands set the stage for SASE, which he described as a combination of cloud-delivered network security services with SD-WAN capabilities in the network edge.

"They're coming together in service of this hybrid, very cloud-centric enterprise that now exists," Sanchez said.

Current SASE use cases

Organizations might find it difficult to choose which SASE vendor strategy to deploy. SASE is difficult to define because every vendor has different interpretations of the architecture, said Craig Connors, vice president and general manager of SASE business at VMware. He said organizations should identify their use cases to decide their architecture requirements.

"SASE is a framework to connect and secure your users, anywhere they are, to your apps, everywhere they are," Connors said.

He credited the shift to a distributed workforce as the reason behind increased SASE adoption. While the rise in remote work is a factor, Connors said many SASE drivers -- such as IoT edge, cloud app distribution and the increase in cyber attacks -- existed prior to the COVID-19 pandemic.

According to Parag Thakore, senior vice president of borderless WAN at Netskope, SASE can deliver consistent performance and security to various endpoints, such as branch offices, user devices, IoT applications and multi-cloud environments. But having several use cases can create challenges for enterprises as they decide which SASE functionalities to deploy.

Thakore said many enterprises typically want architectural convergence -- one software or policy that covers branch office locations and remote users, enables cellular connectivity and supports multi-cloud environments -- within their SASE framework.

Other organizations want a context-aware SASE framework, Thakore said. Being context-aware, which is a step above being application-aware, isn't just about applications, but also focuses on application, user and device risks, he said. It also considers cellular, security and edge compute requirements.

"Each use case has its own asks in terms of what's required," Thakore said.

Thakore said a successful SASE implementation starts with any use case, but the key is for vendors to provide customers with a path to migrate from one use case to another. Connors added that, because SASE has so many use cases, it can create deployment challenges. However, the added benefit is deployment can begin in different areas, depending on specific customer needs, and expand from there.

"The power of SASE is bringing together all of these use cases," Connors said.

Marc Cohn, leader of security test and certification at MEF, said he agreed SASE has several use cases, but there also needs to be a consensus for how to define SASE.

SASE deployment options

Both single-vendor and multivendor SASE approaches exist. According to Sanchez, some vendors approach SASE as a one-stop shop that converges networking and security functions into a single unified platform.

Thakore defined a successful SASE approach as one with fewer vendors that simplifies operations and reduces complexity to lower costs. However, he said the choice of SASE deployment should use a customer-centric approach. Enterprises have different requirements for which SASE approach suits their organization.

DIY SASE approach

Enterprises with existing contracts or multivendor environments can undertake a DIY approach. In this case, Thakore said organizations need to purchase individual products as part of the SASE architecture. They should also have tight partnerships and integration with networking and security vendors, he added.

Unified SASE approach

Customers who want more simplified operations can purchase a single SASE platform from one vendor. This provides them with simplified operations in a single SASE fabric, Thakore said. It can support IoT environments and enable remote user, branch office and multi-cloud connectivity.

According to Thakore, Netskope recently released a report that surveyed 3,500 CIOs worldwide. Approximately 81% of them said they were likely to purchase SASE from a single vendor; 75% of that 81% percent said they expect to make that transition within the next one to four years. Two-thirds of the 81% said SASE will also change how they structure networking and security teams.

Thakore said this indicated that the SASE market will head toward a single-vendor approach, but he said having flexibility and choice will be key for enterprises to decide which approach to deploy.

"Ask vendors, 'How is one plus one greater than two?'" Thakore said. "Make sure you're asking vendors the right questions for a successful SASE implementation."

Cohn said he sees things differently from Thakore. According to Cohn, MSPs can help enterprises address the complexity of managing a SASE architecture. Enterprises with DIY approaches might outsource management to MSPs that can provide security services. Cohn said this empowers enterprises to ask for more security functions, and in the long term, enterprises will choose multivendor approaches for a richer set of security functions delivered in the SASE environment.

Connors said he agreed with both. According to Connors, SASE trends will move toward a single-vendor approach in the future, but both single-vendor and multivendor approaches are currently in use.

Managed service SASE model

Research indicated that interest in SD-WAN managed service approaches has increased over time, Sanchez said. Experts believe the same could be true for SASE.

"There's a need for vendor-provided solutions and managed services," Cohn said.

According to Cohn, some factors hinder the adoption of managed services. One challenge is the fact that networking and security teams are separate at most organizations, and vendors must figure out how to market converged offerings to those groups.

Another challenge is the fact that enterprises, SMBs in particular, typically prefer to deploy cloud services. However, hardware and software vendors sometimes move to the MSP space, and Cohn said there could be some convergence in this area.

Cohn said large enterprises typically look for connectivity, security and multi-cloud access with SD-WAN. He added that MSPs can provide the connectivity and SD-WAN overlay, integrate security functions and help large enterprises address their multivendor environments.

SASE deployment in 2023

With SASE's growth projected to skyrocket, enterprises should take time to evaluate whether SASE is a viable option for their organization. Several use cases for SASE exist, along with many possible deployment options with single-vendor or multivendor SASE and DIY or managed service SASE.

Because the industry has yet to come to consensus about how to define SASE, choosing between deployment options might pose challenges for organizations, especially due to the array of use cases for the architecture. As enterprises head into 2023, they can consider their SASE use cases to decide which deployment option to use and which vendor -- or vendors -- best supports their overall goals.

Next Steps

5 trends for SD-WAN managed services

Dig Deeper on Network security

Unified Communications
Mobile Computing
Data Center
ITChannel
Close