Listen to post:
Understanding SASE is tricky because it has no “new cool feature.” Rather, SASE is an architectural shift that fundamentally changes how common networking and security capabilities are delivered to users, locations, and applications globally. It is, primarily, a promise for a simple, agile, and holistic way of delivering secure and optimized access to everyone, everywhere, and on any device.
When Gartner introduced SASE in the 2019 report, The Future of Network Security is in the Cloud, the analyst firm highlighted convergence of network and network security services as the main architectural attribute of SASE. According to Gartner, “This market converges network (for example, software-defined WAN [SD-WAN]) and network security services (such as SWG, CASB and firewall as a service [FWaaS]). We refer to it as the secure access service edge and it is primarily delivered as a cloud-based service.”
Cobbling together multiple products wasn’t a converged approach from both technology and management perspectives. Many vendors got the message and started to create their single-vendor solutions. Some developed missing components, such as adding SD-WAN capability to a firewall appliance. Others acquired pieces such as SD-WAN, CASB, or Remote Browser Isolation (RBI) to build on to existing solutions. According to Gartner ® Market Opportunity Map: Secure Access Service Edge, Worlwide1 report, by 2023, no less than 10 vendors will offer a one-stop-shop SASE solution.
Cato is a big proponent of “convergence” as a key requirement for fulfilling the SASE promise. The direction of many SASE vendors is towards a “one stop shop.” Does “convergence” equal “one-stop shop” and should you care?The Total Economic Impact™ of Cato’s SASE Cloud | Read Report
SASE: Platform (“convergence”) does not mean Portfolio (owned by a “one stop shop”)
The answer to that question was addressed in a recent research paper from Gartner titled “Predicts 2022: Consolidated Security Platforms Are the Future”2 There Gartner makes a key distinction between Portfolio and Platform security companies. According to Gartner:
“Vendors are taking two clear approaches to consolidation:
- Platform Approach
- Leverage interdependencies and commonalities among adjacent systems
- Integrating consoles for common functions
- Support for organizational business objectives at least as effectively as best-of-breed
- Integration and operational simplicity mean security objectives are also met.
- Portfolio Approach
- Leveraged set of unintegrated or lightly integrated products in a buying package
- Multiple consoles with little to no integration and synergy
- Legacy approach in a vendor wrapper
- Will not fulfill any of the promised advantages of consolidation.
Differentiating between these approaches is key to the efficiency of the suite, and vendor marketing will always say they are a platform. As you evaluate products, you must look at how integrated the consoles are for the management and monitoring of the consolidated platform. Also, assess how security elements (such as data definitions, malware engines) and more can be reused without being redefined, or can apply across multiple areas seamlessly. Multiple consoles and multiple definitions are warnings that this is a portfolio approach that should be carefully evaluated.”
SASE Platforms Require Cloud-based Delivery
Convergence of networking and security is, however, just one step towards fulfilling the SASE promise. Cloud-based delivery is the key ingredient for achieving the operational and security benefits of SASE. According to Gartner:
“As the platforms shift to the cloud for management, analysis and even delivery, the ability to leverage the shared responsibility model for security brings enormous benefits to the consumer. However, this extends the risk surface to the vendor and requires further due diligence in third-party vendor management. The benefits include:
- Lack of physical technical debt; there is no hardware to amortize before shifting vendors or technology.
- The end-customer’s data center footprint is reduced or eliminated for key technologies.
- Operational tasks (e.g., patching, upgrades, performance scaling and maintenance) are performed by the cloud provider. The system is maintained and monitored around the clock, and the staffing of the provider supplements that of the end customer.
- Controls are placed close to the hybrid modern workforce and to the distributed modern data; the path is not forced through an arbitrary, customer-owned location for filtering.
- Despite being large targets, cloud-native security vendors have the scale and focus to secure, manage, and monitor their infrastructure better than most individual organizations.”
Gartner analysts Neil MacDonald and Charlie Winckless in the report predict that “[B]y 2025, 80% of enterprises will have adopted a strategy to unify web, cloud services and private application access from a single vendor’s SSE [secure service edge] platform.” One of their key findings that led to this strategic planning assumption is:
“Single-vendor solutions provide significant operational efficiency and security efficacy, compared with best-of-breed, including reduced agent bloat, tighter integration, fewer consoles to use, and fewer locations where data must be decrypted, inspected, and recrypted.”
The report further states:
“The shift to remote work and the adoption of public cloud services was well underway already, but it has been further accelerated by COVID-19. SSE allows the organization to support anywhere, anytime workers using a cloud-centric approach for the enforcement of security policy. SSE offers immediate opportunities to reduce complexity, costs and the number of vendors.”
Cato: The SASE Platform powered by a Global Backbone
How does Cato measure up to this vision of the future? Cato was built from the ground up as a cloud-native service, built on one global backbone, to deliver one security stack, managed from a single console, and enforcing one comprehensive networking and security policy on all users, locations, and applications—and it’s all available today from this single vendor.
We welcome you to test drive the simple, agile, and holistic Cato SASE Cloud. We promise an eye-opening experience.
Security Service Edge (SSE): It’s SASE without the “A” (blog post)
How to Secure Remote Access (blog post)
The Future of Security: Do All Roads Lead to SASE? (webinar)
8 Ways SASE Answers Your Future IT & Security Needs (eBook)
1 Gartner, “Market Opportunity Map: Secure Access Service Edge, Worldwide ” Joe Skorupa, Nat Smith, and Even Zeng. July 16, 2021
GARTNER is registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.