rvlsoft - Fotolia

Vendors lining up behind SASE for cloud security

SD-WAN and network security vendors tailor their portfolios to deliver SASE, a cloud security architecture for the age of SaaS, public clouds and IoT.

If you haven't heard the term SASE from your security or network supplier, then you'll likely hear it soon. Coined by Gartner, the acronym refers to a technology trend aimed at delivering secure access to corporate data scattered across SaaS and cloud providers and, eventually, IoT applications.

SASE, which is pronounced "sassy," stands for Secure Access Service Edge. Its roots are in enterprises' struggle to protect data as it gets dispersed outside of the private data center. Stuffing on-premises hardware with firewalls, data protection software and network access controls has become an outdated architecture in today's decentralized corporate network.

Cloud security company Zscaler was among the first vendors to see the problem growing within corporations several years ago and to tailor its product portfolio to address it, said Gartner analyst Joe Skorupa. Other vendors followed, but they all lacked a catchy phrase and a defined architecture to sell to customers.

Gartner gave that to them in a research note published this summer, and many vendors -- big and small -- have latched onto SASE as the future for data security in the era of cloud computing, IoT and the proliferation of mobile devices.

"As much as I'd love to say we were 20 years ahead of the industry, I think a lot of folks were thinking about it," Skorupa said. "We happened to get the timing right, and [analyst] Neil [MacDonald] came up with a terrific term."

Gartner expects many vendors to compete in what it sees as the emerging SASE market. A sampling of the competitors includes Cato Networks, Cisco, Cloudflare, Fortinet, Palo Alto Networks and VMware. By the end of 2020, several vendors will have complete SASE portfolios, according to the research firm.

So, what is SASE?

SASE is an architecture that redefines the role of the private data center. No longer the sole guardian of corporate information, the data center becomes just one of several locations to store data across the WAN.

Other places with critical data could include AWS, Microsoft Azure, Salesforce and Workday. Within several years, many companies plan to store data in computers gathering information from IoT devices supported by carriers' next-generation 5G wireless networks.

To secure so much data in so many places, SASE delivers all the necessary technology from the cloud. Gartner has identified more than a dozen network and security services that vendors would offer, including a secure web gateway, a cloud access security broker, routing and path selection, and network encryption and decryption.

SASE also uses a zero-trust security model that applies strict identity and device verification to determine which network segment or computer a device has permission to access.

Determining which SASE services to apply to network traffic would occur at the packet level. A vendor's cloud would decrypt each packet, read it into memory, perform all the necessary services against it and then send it out of memory. 

SASE proponents claim that approach would allow for a single, cohesive customer interface for managing services through the creation and application of network and security policies.

Preparing for cloud security with SASE

Companies' software-defined WAN providers have probably already embraced SASE as an architectural direction. Indeed, most SD-WAN products have the path selection, policy-based routing and Layer 4 firewall that make them "pretty good" SASE edge devices, Skorupa said.

Nevertheless, companies today use lots of networking hardware and security appliances in the data center and the branch that they won't replace until the gears' depreciation value declines to zero. At that point, network and security teams need to work together to choose a cloud-based replacement .

The winners and losers from the vendor perspective are going to be clear within 36 months.
Joe SkorupaAnalyst, Gartner

The joint teams should also collaborate on choosing new cloud-based services, Gartner recommends. To reduce complexity in managing and integrating multiple services, most, if not all of them, should come from a single vendor.

"You go to a vendor that can deliver that broad set of services to you in a single offering," Skorupa said.

Gartner predicts companies will gradually move to SASE over the next 10 years but will start choosing vendors to help with the transition much sooner.

Therefore, vendors have already started preparing for those potential customers. Many SD-WAN vendors have basic firewalls today while offering application identification, policy enforcement, content filtering and endpoint security as options. Security vendors, such as Fortinet, have added SD-WAN to their portfolios.

"The winners and losers from the vendor perspective are going to be clear within 36 months," Skorupa said. "If you haven't laid out your roadmap, and really gotten your installed base lined up and committed to you in the next 36 months, then for most folks, it's going to be too late."

Next Steps

A deep dive into Fortinet's SASE platform

Dig Deeper on Cloud and data center networking