Rise of Single-Vendor SASE and the Challenges of Integration
In 2021, just two years after Gartner introduced secure access service edge (SASE), the SASE market size was estimated to hit a whopping $3 billion. The SASE market is expected to reach the $6 billion mark by 2028. That’s a CAGR of 10.40%. The reason? Modern enterprises must extend their network reach and security to anywhere and everywhere–something SASE delivered seamlessly.
Enterprise applications and traffic are no longer confined to the centralized data center and branch offices. Applications are mostly a mixture of SaaS, cloud-based and on-premises. Besides, on average, employees now use several devices to access 40+ work-related and countless unsanctioned apps from different locations. Backhauling all cloud-bound traffic to the head office for security checks doesn’t make sense anymore.
With its future-proof, all-encompassing security approach, SASE had to gain traction. But that meant everyone wanted to jump on the bandwagon sooner than later. As a result, several SASE flavors emerged. Take disaggregated, multi-vendor SASE for example. It’s a daisy chain of loosely coupled point solutions. Of course, it is feature-rich but comes with complex, error-prone configurations and constant finger-pointing between vendors. It also won’t have a single pass engine—the traffic must go through several checkpoints, adding processing latency.
Enter secure service edge (SSE). It’s SASE minus the SD-WAN. It allows enterprises to bank on the network infrastructure they already have. The caveat is the age-old visibility gap between networking and security. If anything, it highlights how integral SD-WAN is to SASE.
The challenges of these diverse SASE interpretations have paved the way for the rise of single-vendor SASE. Recent reports indicated 48% year-over-year growth in the single-vendor SASE market as opposed to a 35% year-on-year growth in the multi-vendor approach to SASE.
Mergers and acquisitions seem likely to be the next trend for many independent SD-WAN and cloud-based network security (SSE) players. By doing so, they will be able to add the missing parts to create a whole–an integrated but single-vendor SASE.
Although already under implementation, this approach to SASE is yet to be fully developed. But the challenges of integration are already mounting.
Integrations Take Time and Effort
When two independent solutions merge the first step is often to integrate management consoles. That’s a quick way to check one of the vital SASE characteristics: A unified management console. But SASE converges more than just management consoles.
Mature SASE architectures purpose-built from the ground up, converge networks, PoPs (points of presence), policy repositories and data lakes, too. SASE is, in fact, just one solution, a single codebase, that delivers all these diverse capabilities. Integrating multiple codebases into a single cohesive network and security stack is daunting. Different services will be on different release and update schedules. Companies will have to update and test each aspect of integration whenever they introduce new functionality, enhance existing features or apply patches. Accidental misconfigurations will remain commonplace.
In contrast, convergence is one of SASE’s most attractive features. It wasn’t necessary to integrate any components because they were all built to work together seamlessly. It’ll be long before integrated, single-vendor SASE delivers true convergence at par with the more mature models. Until then, these implementations will essentially function as dual-vendor deployments with a consolidated management console.
Is it Really Security Everywhere?
Another emerging problem is that when two independent solutions come together, it’s likely one of them will be lacking in certain aspects. It could be that a proxy-based SSE covers remote users only. In that case, branch workers will either be outside the zero-trust loop, or branch traffic will have to be redirected to the cloud for inspection. That’s just one of the performance bottlenecks SASE overcomes.
We’re far from going completely remote and mobile and will likely stay hybrid for years. Enterprises still need a hardware-based form factor to protect branch traffic and a global backbone of PoPs to cater to remote and mobile users. Lacking in any of these aspects isn’t a feasible compromise for most enterprises.
Of course, companies likely set a roadmap and timeline to add missing functionality and tighten integrations at the time of M&A. But it’s up to the enterprises to inquire about the timelines and challenges to set clear expectations and make informed decisions.
Final Word
The move towards integrated, single-vendor SASE is a step in the right direction. Tighter integrations may take some time, but this approach is far better than complicated configurations and complex SLAs associated with multi-vendor SASE alternatives. As for enterprises about to start their SASE journey, asking the right questions is the key to choosing the right SASE implementation.
Understand your requirements upfront. Factor in your cost constraints, existing technology stack, work models – on-site, hybrid, or cloud-first – and whether you have IoT/OT (internet of things/operational technology) devices to protect. Evaluate your future expansion plans and growth prospects. Then feel free to make a choice that works for you. Because no matter what vendors would have you believe, diversity and options in the SASE landscape exist for a reason.
