A Sassy New Look For Security!
Following on from a recent webinar that we ran with Netskope on ZTNA and remote working, I thought it might be helpful to provide, initially, a backgrounder into SASE (SASSY), with a view to a follow-up piece on ZTNA (so look out for that one in a couple of weeks).
As a starting point, I thought it would make sense to define what we mean by SASE (Secure Access Service Edge). It’s a term, like most of these things, coined by Gartner in their 2019 Networking Hype Cycle report, and they term it to mean:
“A network architecture that combines WAN capabilities with cloud-native security functions like secure web gateways, cloud access security brokers, firewalls, and zero-trust network access.”
I think unlike a lot of the new classifications that the likes of Gartner release, SASE offers a much-needed consolidation of things that already exist, and IMO is one of the most likely to boom as predicted.
Why Will SASE Boom?
I believe that there are several reasons why the market will take to SASE, but in the main, it comes down to the complexity and sprawl of traditional architectures; both of which combine to make it costly to own and manage, and difficult to scale.
Add to this the new and growing diversity of applications in use, the drive towards hybrid Cloud and the lack of API level visibility within traditional security platforms and the whole model breaks. Keeping your data in check and enforcing policy becomes a tough ask due to a lack of coverage, including visibility and control, as data is created and stored virtually everywhere.
The enterprise perimeter is no longer a location; it needs to be a set of dynamic edge capabilities delivered as a service. It makes sense to deliver these services from the Cloud; this is why SASE will be the direction of travel for most organisations in the future.
What will it mean for the future
I think there are a couple of aspects to consider when we think about the future, firstly from a technology standpoint and secondly from a market perspective.
Technology-wise, there’s already a drive towards XaaS delivery models as well as software-defined architectures. SASE lends itself to this approach well, so I’m expecting some of the more traditional vendors to try to expand their delivery models to a more software orientated approach, as well as their commercial models to meet these demands. Partnerships with the Cloud vendors will also come more to the fore as vendors try to become more integrated into Cloud deployments.
I believe that vendors like Guardicore will become more and more relevant from a micro-segmentation perspective as infrastructure security will begin to focus more on securing critical data assets, rather than securing the perimeter.
From a market standpoint, I think it’s inevitable that there will be some consolidation. For the more established vendors, this will likely be in the form of M&A as they look to close capability gaps. MacAfee’s purchase of SkyHigh, and more recently, Palo Alto’s acquisition of CloudGenix, would support this theory. On the basis that the most logical place to deliver SASE from is the Cloud, it would follow for me that the likes of Amazon, Google and Microsoft look at acquisition too to expand their portfolios.
That said, in the current economic climate, M&A may not be an option so I would expect to see a push towards some more strategic alliances to enable end-to-end solutions. If that doesn’t materialise, the channel will most likely deliver this type of innovation.
New entrants into the market will look to start from a XaaS and software-defined perspective, to remove a lot of the barriers to entry into the market, avoiding the inflexibility of the traditional vendors.
One of the big losers here could be the Telcos in some of the bundles that they offer today. The bundles they provide to clients that encompass security and networking could well be left on the shelf as the cost to deliver dedicated SASE platforms will likely be cheaper than the management costs incurred by the Telcos. We have already in some cases experienced some of the Telco’s to offer SASE to their clients but at the same high management costs, long-term the market won’t tolerate that IMO.
Who Will Prevail?
In my first role, the organisation I worked for had a big focus on bringing new security vendors to the UK, so the convergence of old world net/sec vendors and new Cloud platforms is an interesting dynamic as the market re-shapes itself.
The household names in their disciplines don’t have the capabilities needed to meet all of the needs – developing that in-house is a long process which to me means there will be some M&A in this space, so again, something interesting to watch.
The evolution of technology is always of interest. In this case, I’m particularly interested in how AI/ML and data science in general, will come into play to automate policy enforcement. As that development progresses, the providers/integrators/telcos etc. that deliver these solutions will need to find new ways to demonstrate their value – if enforcement can be automated and optimised; the operational burden of providing service reduces.
From a business perspective, at Nephos, we look to embrace this sort of approach, to deliver fully integrated services and maintain a lower cost point for customers while at the same time driving better decisions. The real winners will be those that embrace the new to drive positive change.
ICYMI – If you’d like to catch up on our recent webinar on SASE and ZTNA, you can catch up online