With the COVID-19 pandemic, organizations found themselves facing brand new problems with security and the cloud— namely, the trouble of securely moving away from data centers and into the cloud, all while protecting the ‘edge’ of their networks in a secure manner. (By edge, I mean the boundary of wherever your network ends — wherever the employees are). The old paradigm of networking in company-specific data centers tied to offices is no longer viable in today’s cloud-based, IoT-heavy, distributed workforce, and as such, SASE was born.
What is SASE
SASE is a framework for a network architecture that bundles cloud-native security technologies and Wide Area Network (WAN) capabilities. Put more simply, it’s the intersection of networking and security in a cloud-based environment. It is not a single technology, but a conglomerate of many different technologies, such as Software-defined WAN (SD-WAN), Cloud Access Security Broker (CASB), NGFW and Firewall-as-a-Service (FWaaS), Zero Trust Network Access (ZTNA), and Secure Web Gateways (SWG).
You can learn more about the different components of SASE here.
Where is SASE going
Gartner’s projections of top trends in infrastructure and operations (IO) puts SASE at the top of the list for a significant impact in 2023. With a total worldwide end-user spending of up to $9.2 billion dollars forecasted, we can see a growing trend of SASE adaptation; up 39% from 2022. There is a significant market for single-vendor SASEs, and while the market is still immature, there are a number of options for single-vendor SASEs.
Dell’Oro group, a market research firm, forecasts that the SASE market will triple by 2026, topping $13 billion. Gartner is even more bullish, predicting that the SASE market will grow at a 36% compound annual growth rate (CAGR) between 2020 and 2025, reaching $14.7 billion by 2025.
Also of note from the Gartner report is a prediction that by 2024, 40% of organizations will have strategies in place to adopt SASE, up from a mere 1% in 2018.
Lastly, there is a movement to standardize SASE. A nonprofit called MEF seeks to lead the way in SASE standardization. From the MEF website, we can see the purpose of the standardization is as follows:
‘MEF’s industry-first SASE standard defines a Secure Access Service Edge (SASE) Service framework and specifies service attributes that need to be agreed upon between a service provider and a subscriber for SASE services, including security functions, policies, and connectivity services. The standard aligns stakeholders on common terminology and service attributes when buying, selling, and delivering SASE services, and makes it easier to interface policy with security functions for cloud-based cybersecurity from anywhere.’ — https://tinyurl.com/226d8pw2
You can find MEF’s standardization document here.
Why does this matter?
The old paradigm of networking for in-house data centers and in-office employees are dying. In the mad rush to adopt cloud-based services, adequate security tooling is ever more important to protect company assets. Tool consolidation is also becoming an ever more appealing option for organizations, as the ‘bits-and-pieces approach to tooling covered by SASE is quickly becoming overwhelming for customers. With reduced complexity and security being available no matter where the user is, SASE streamlines networking and security for a remote-first world.
SASE, while still in a nascent stage as far as standardization of services, is projected by Gartner and many others to be the networking solution of the future. With significant money to be made, and single-store solutions paving the way for adaptation, SASE deserves a second look from anyone as a promising emerging technology.