Disruptive and transformational technology has always been a volatile playground for those in the channel. Nowhere is this truer than in the cloud technologies space, where change is constant and numerous vendors ply their wares. Yet there are cases where disruption can lead to opportunity, at least for those looking to get in on the ground floor of something new. Take for example the Secure Access Service Edge (SASE), a technology (or perhaps an ideology), whose time may be upon us.
Research powerhouse Gartner has lent credence to this up-and-coming technology, and has placed focus on what SASE may mean for an industry struggling to secure and simplify cloud networks.
Gartner's recent Hype Cycle for Enterprise Networking, 2019 report presents SASE as so strategic, that it deserves the label of "transformational". SASE has emerged to address the artifacts of traditional networking being incorporated into a cloud environment, where security has become a rigid, inflexible component. Simply put, as businesses seek to embrace the cloud, they have been confounded by how rigid networking has become, and how fragmented security has become between physical, virtual, and cloud resources. Issues that are the antithesis of what the cloud is meant to be. Many a solution provider has experienced first hand the complexities of securing the cloud and the heavy burden of making sure that cloud technologies work as expected.
"As a partner to a few different cloud service providers, we have had to deal with the unknown when trying to build hybrid clouds that maintain security, without compromising ease of use and functionality," said Raj Mehta, president and CEO of Plainview, NY-based RAJ Technologies. Mehta added, "The administrative overhead and high cost of integration definitely cuts into the bottom line, and MSPs and network integrators need a better way to tie those clouds and end-points together."
While there may be no slowing down cloud adoption by businesses, SASE may make clouds simpler, more secure, and easier to deploy and manage. After all, businesses have adopted cloud technologies based on the promise of how agile, elastic, and ubiquitous the cloud should be. For most businesses, the cloud is supposed to allow businesses to be more responsive to change, while preserving the ability to address their critical markets. Yet digital transformation and cloud enablement have been hindered by preconceived notions of how networks are designed.
Far too many solution providers have attempted to cloud-enable their customers' processes by stitching together SD-WAN devices, firewalls, IPS appliances, and numerous other solutions to build what eventually becomes a near impossible mish-mash of unmanageable technology that becomes more hassle than it is worth.
The SASE cloud architecture changes that dynamic into something that is both easily managed and secured. SASE transforms a cloud from what was once a collection of disassociated technologies forced to work together into a single network that connects and secures any enterprise resource; including physical, cloud and mobile, regardless of location.
Cato Networks, which Gartner named as a "sample vendor" in its report on the SASE category, offers insight into what a SASE cloud is all about. Cato attributes four main characteristics to a cloud built on a SASE ideology:
- Identity-driven: User and resource identity, not simply an IP address, determine the networking experience and level of access rights. Quality of service, route selection, applying risk-driven security controls - all are driven by the identity associated with every network connection. This approach reduces operational overhead by letting companies develop one set of networking and security policies for users regardless of device or location.
- Cloud-native architecture: The SASE architecture leverages key cloud capabilities including elasticity, adaptability, self-healing, and self-maintenance to provide a platform that amortizes costs across customers for maximum efficiencies, easily adapts to emerging business requirements, and is available anywhere.
- Supports all edges: SASE creates one network for all company resources - datacenters, branch offices, cloud resources, and mobile users. For example, SD-WAN appliances support physical edges while mobile clients and clientless browser access connect users on the go.
- Globally distributed: To ensure the full networking and security capabilities are available everywhere and deliver the best possible experience to all edges, the SASE cloud must be globally distributed. As such, Gartner notes, they must expand their footprint to deliver a low-latency service to enterprise edges.
While those characteristics do a good job of defining what SASE should be, solution providers need to be keenly aware of how SASE differs from other solutions, namely telco managed network services. Many network integrators have come to the false assumption that telco network managed services offer a unified and secure cloud network, which in fact is merely an illusion. Telco-managed network services still consist of integrated bundles of point services. Telcos do an excellent job of hiding the complexity of the offered network solution from the end customer; however, the latency, management overhead, and potential for disruption still exist within the fabric of connectivity.
What's more, many solution providers are finding that partnering with telcos introduces unexpected overhead costs, resulting from the underlying technology and support needs. That can make telco managed network services potentially more expensive than SASE cloud services.
According to Cato, SASE offers a single-pass, cloud-based, architecture, that uses a traffic-processing engine, which process traffic from any edge, sites, the cloud, and mobile users. SASE applies all network optimizations, security inspection, and policy enforcement with rich context before forwarding traffic to its destination. That in turn makes a SASE cloud much leaner - it is leaner, since all functions are converged together. It processes traffic faster, with less latency, while incorporating more context than other networking and security methods.
Cato aims to be at the forefront of that trend and is poised to further redefine the market. "Since Cato's founding, we've focused on converging networking and security into the cloud, creating one, global, cloud-native architecture that connects and secures all locations, cloud resources, and mobile users everywhere," said Shlomo Kramer, CEO and co-founder of Cato Networks.
Cato isn't the only vendor pursuing the SASE concept. Other cybersecurity and networking vendors have thrown their hats into the ring. Vendors such as Barracuda and Zscaler have come to recognize the value that SASE can offer.
Barracuda echoed that value in a recent announcement touting the latest capabilities of its CloudGen Firewall. The company was quick to acknowledge Gartner's assessment that "Customer demands for simplicity, scalability, flexibility, low latency and pervasive security force convergence of the WAN edge and network security markets, creating the secure access service edge (SASE), with a predominantly cloud-based, as-a-service delivery model."
With Release 8 of the CloudGen Firewall, Barracuda has added a range of automation capabilities to streamline deployment and provide visibility and control for successful implementations. "SD-WAN management can be complicated. Many SD-WAN products require days to deploy and can introduce vulnerabilities if not correctly configured," said Klaus Gheri, VP of network security at Barracuda. "Barracuda CloudGen Firewall provides an all-in-one SD-WAN solution that's integrated with public cloud infrastructure, providing organizations with the security and connectivity they need with automation that will make their lives easier."
Zscaler is also making the leap into unifying networking and security in the cloud via SASE ideologies. The company discussed the importance of SASE on a September 10 earnings call. "Gartner has recently published a groundbreaking research note titled The Future of Network Security is in the Cloud. In this paper, they introduced the concept of a Secure Access Service Edge (SASE). SASE goes well beyond the disruption of MPLS with SD-WAN or hardware appliances with cloud or applying zero-trust principles," said Jay Chaudhry, chairman and CEO of Zscaler. Recognizing the importance of SASE, Chaundhry added: "Zscaler platform was designed from the start for the world that Gartner has spelled out. As the world moves towards the SASE model, traditional network security vendors are embracing Zscaler's vision of cloud-based security after rejecting it for years."
With three vendors in agreement, it is obvious that Gartner is on to something and is accurate in its claim that SASE may be the future of networking and security in the cloud. What's more, Gartner has done its homework and has backed that assumption with solid research that indicates that network and cloud service providers should be ready for disruption. The question, however, still remains: can solution providers hop on the SASE bandwagon to redefine how they build secure cloud services and build a handsome profit while doing so?
Some say performance, others say money but it may be systems and processes that carry the day
Cheryl Cook responds to claims from competitor that legacy vendors aren't investing enough in innovation and how it plans to adapt to an evolving server market
Distributor's head count moves past 400 with latest buyout
Vendor appoints two co-CEOs as long-time leader steps down