Eugenio Marongiu - Fotolia


SASE options for the branch of one -- work from anywhere

More than ever, enterprises need to support individual employees that make up a branch of one. These setups require reliable connectivity, application performance and security.

Network and security intelligence is rapidly migrating to software and the cloud to improve application performance, reduce complexity and protect sensitive data. Secure Access Service Edge, or SASE, is gaining traction with enterprise IT leaders, and Doyle Research believes it will become the leading network and security architecture over the next five to seven years.

Tens of millions of employees now work at home -- and are likely to continue to do so at least some of the work week in a hybrid approach. These workers need secure, reliable low-latency connectivity to cloud and data center applications. Suppliers are now providing SASE-based offerings, including zero-trust access technology, for professionals who need to work from anywhere -- the branch of one.

The branch of one refers to employees who need enterprise-class reliability, security and application performance from any location -- their home, a WeWork space or any mobile site, such as a hotel or coffee shop. These requirements include home Wi-Fi, broadband and cellular technologies.

Products for the branch of one must be easy to deploy, scalable and cost-effective. They should be integrated over time with the organization's existing network and security architecture as it migrates to SASE.

SASE at home: Definition and status

SASE defines a broad range of integrated network and security technology, including software-defined WAN (SD-WAN), zero-trust network access (ZTNA), identity, cloud access security brokers, firewalls and data loss prevention.

The shift to work at home at scale requires new technology to secure and accelerate access to critical applications either in the cloud or at the data center. Legacy remote access and VPN designs aren't well suited for most employees and are difficult to support.

Organizations and their employees will need a variety of SASE options to support their work-from-anywhere programs. These options will include low-cost software-only offerings, integrated Wi-Fi packages and more expensive SD-WAN options with small appliances. Managed service providers will be able to offer complete packages that include bandwidth.

Doyle Research believes the branch of one is a significant and growing market opportunity as ZTNA replaces VPN and SASE adds new capabilities. In the next few years, the market could exceed $10 billion worldwide.

The branch of one layout
SASE can help enterprises support the branch of one, regardless of an employee's location.

Access requirements for the branch of one

Distributed employees -- those who aren't in a formal office setting -- need the same capabilities as when they are in the office. They need high-speed, low-latency access to all applications, whether they're based in IaaS, SaaS or data center environments. They must be protected against external threats, such as malware, phishing attacks and data loss.

The key requirements for branch of one access include the following.

Reliable connectivity

Employees deserve high-quality UX independent of their location and the location of an application. Internet broadband services vary widely in their quality and reliability. Home-based employees often suffer from network performance issues, such as latency, packet loss and jitter, resulting in slow application performance, lost productivity, and poor voice and video quality in important meetings.

SASE for the branch of one should provide multiple connectivity options, including dedicated corporate internet and optional wireless connectivity -- i.e., 4G and 5G -- for reliable, continuous operations.

The branch of one refers to employees who need enterprise-class reliability, security and application performance from any location.

Application prioritization and acceleration

SASE offerings should be able to identify and prioritize critical applications, including Microsoft 365, real-time audio and video, and other high-productivity applications. These applications should receive internet bandwidth before noncritical, nonwork applications.

SASE should provide high-performance connections to key IaaS and SaaS applications via edge-based on-ramps, which accelerate access to cloud-based applications. Offerings should automatically adjust to changing internet traffic conditions to provide excellent UX.

Deployment and operations

Designs for the branch of one challenge IT departments due to their remote locations and the sheer number of employees. SASE offerings must be easy to install by nontechnical workers and employ zero-touch provisioning techniques.

IT teams should be able to remotely install templates with appropriate application access and security. Another requirement is centralized management and orchestration combined with cloud-based intelligence that provides proactive troubleshooting.


Remote access technology needs to migrate from location-based termination points to zero-trust, identity-based strategies. Network security needs to focus on who the user is, what application is being used and what data is being accessed.

SASE will employ ZTNA technology to secure employee access from the branch of one. It will use centralized intelligence to inspect the network traffic and apply appropriate security services. SASE provides encrypted tunnels to the cloud and the ability to integrate with third-party security services.

Remote SASE suppliers and examples

A number of suppliers are moving rapidly to meet the needs for SASE at the branch of one. They include Ananda Networks, Aryaka, Cisco, Citrix, Cradlepoint, Elisity, Fortinet, HPE Aruba, Infiot, Juniper Networks, NetMotion, Palo Alto Networks, Versa Networks and Zscaler.

During 2020, many organizations deployed hundreds and even thousands of appliances or software clients to improve the productivity of their employees working at home.

Below are some deployment examples.

Cradlepoint NetCloud

During 2020, Cradlepoint provided LTE connectivity to a large financial institution for its call center employees to migrate to a work-from-home strategy. NetCloud provided secure, reliable connectivity with rapid installation.

Elisity Secure Access Anywhere

Elisity provided its Secure Access Anywhere to 1,800 users in a Kentucky-based physical therapy company with 300 clinics. The company deployed Elisity to provide secure access to patient data from any location -- home, mobile and office -- using zero-trust identity.


During 2020, a large U.S. insurance firm deployed VMware SD-WAN WFH products to 9,000 of its agents and other employees who now work remotely. The rollout was rapid and smooth, and the insurance firm reported significant improvements in home-based productivity.

Think long-term for the branch of one

We now know large numbers of knowledge workers can be highly productive while working from remote and home locations. IT organizations need a long-term strategy to provide secure, reliable access for the branch of one.

A number of suppliers are introducing new and improved SASE-based platforms for distributed employees. These offerings are uneven in their capabilities and often highlight certain capabilities -- e.g., security, SD-WAN or Wi-Fi -- rather than supplying a complete SASE suite with network and security.

These packages should be evaluated on their ability to deliver reliable connectivity, zero-trust security, excellent application performance and centralized management capabilities. They should deliver UX similar to that of in-office employees and be easily integrated with the ongoing convergence of network and security architectures.

Next Steps

VMware launches Anywhere Workspace to secure remote workers

Top 5 benefits of SASE to enhance network security

Dig Deeper on WAN technologies and services

Unified Communications
Mobile Computing
Data Center