One of the most notable emerging security architectures in 2020 was secure access service edge (SASE), a technology designed to bring SD-WAN and cybersecurity together on the same plane. Much of that recognition was driven by the coronavirus pandemic crisis, which forced enterprises to explore ways to deploy both zero-trust security principles and networking optimization for a burgeoning (and potentially permanent) remote workforce.
Yet, SASE, for all its promises, seemed to have very little traction in the enterprise, as evidenced by a new survey from NetMotion Software. The survey revealed that less than 12% of enterprises actually adopted SASE over the past 12 months, and a full one-third (33%) of the 750 senior IT professionals surveyed cannot even confidently define the technology. That proves troubling for some security vendors, which had expected the technology would really take off in 2020.
“COVID-19 accelerated the adoption of a distributed workforce and remote work, making it a driver for enterprises to look at remote access and cybersecurity in a different light,” said Dave Greenfield, director of technology evangelism at Cato Networks. “However, some enterprises may have not been fully aware of what SASE is and does, or held common misconceptions about SASE.”
One thing that can be said about the COVID-19 crisis is that misinformation became something of the norm, especially for those charged with adapting to the changes forced on businesses. And with misinformation came misconceptions, especially about technology. Despite misconceptions and misinformation, some SASE purveyors experienced growth in 2020, “We had an incredible 2020 marked by more than 200% growth in bookings and a $1B valuation,” Greenfield said. However, Cato’s results prove to be somewhat anomalous compared to the data offered by NetMotion. Perhaps the slow adoption rate that NetMotion reports is due to some common misconceptions, such as the following:
SASE is just a form of SD-WAN. Many IT pros are under the misconception that SASE is simply a new way to set up an SD-WAN, and that it requires extensive reworking of the existing network. The fact of the matter is that, although it is built on SD-WAN technology, it adds several additional services. “SASE is the convergence of networking and security that optimizes access performance, reduces operational complexity and enhances security posture on a global scale,” said Greenfield. “SASE is built on a cloud-native and cloud-based architecture, which is distributed globally across many points of presence (PoPs) and supports all edges of the network.” Simply put, SASE melds security with wide-area networking, while also incorporating multiple security services.
SASE only protects the network. This is, perhaps, one of the most critical misconceptions – that it is limited in the type of protection it offers. Those unfamiliar with the technology assume that SASE protects just the network via PoPs and edge connectivity. In other words, it is just network security for the SD-WAN. However, in truth, SASE incorporates numerous security services that also protect applications, accounts and other services. “SASE offers zero-trust network access (ZTNA), URLF (URL Filtering), anti-malware and many other services,” said Greenfield. “SASE rolls all of those security services together to protect users, endpoints, applications, connections and so forth, helping to protect a business from almost any type of attack.”
SASE is difficult to implement and scale. As with any technology that changes the connectivity of the network, many assume that SASE requires completely rearchitecting the existing network and disposing of existing equipment. However, SASE takes a somewhat different approach to deployment than the typical router paradigm; using the public internet to create a private network.
“SASE creates a global private backbone that connects to different points of presence. Properly designed implementations incorporate end-to-end route optimization for all WAN and cloud traffic, with self-healing incorporated into the fabric of SASE,” said Greenfield. “SASE offers a predictable experience over what could be considered an unpredictable public internet. It can replace global MPLS and other legacy backbones, further simplifying the network. SASE can be deployed gradually, allowing organizations to maintain legacy systems until they are ready to be replaced.” When it comes to SASE, scale and reliability are built into the backbone. Scale consists of just connecting to more POPs from the various edges of the network, allowing adopters to basically scale on demand.
While there is still much to learn about SASE, the technology seems to have gained a foothold in the quest to better secure the WAN, while also protecting all edges of the network. Enterprises today are leveraging numerous security technologies, ranging from VPNs to WAFS to identity protection and more. SASE may prove to be the way to consolidate all of those security services into a centrally managed offering that uses identity-driven security, while also extending the zero-trust model to every user, application and device.