Secure Access Service Edge (SASE) as Described in Gartner’s Hype Cycle for Network Security, 2020

Dave Greenfield

In its recent Hype Cycle for Network Security, 2020* Gartner recognized Cato Networks as a Sample Vendor in the Secure Access Service Edge (SASE) category. Below is the verbatim text of the SASE section.

“Secure Access Service Edge (SASE)

Analysis By: Joe Skorupa; Neil MacDonald

Definition: Secure access service edge (SASE, pronounced “sassy”) delivers multiple capabilities such as SD-WAN, SWG, CASB, NGFW and zero trust network access (ZTNA).

SASE supports branch office and remote worker access. SASE is delivered as a service, and based upon the identity of the device/entity, combined with real-time context and security/compliance policies. Identities can be associated with people, devices, IoT or edge computing locations.

Position and Adoption Speed Justification: SASE is driven by enterprise digital business transformation: the adoption of cloud-based services by distributed and mobile workforces; edge computing and business continuity plans that must include flexible, anywhere, anytime, secure remote access. While the term originated in 2019, the architecture has been deployed by early adopters as early as 2017. By 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018.

By 2023, 20% of enterprises will have adopted SWG, CASB, ZTNA and branch FWaaS capabilities from the same vendor, up from less than 5% in 2019. However, today most implementations involve two vendors (SD-WAN + Network Security), although single vendor solutions are appearing. Dual vendor deployments that have deep cross-vendor integration are highly functional and largely eliminate the need to deploy anything more than a L4 stateful firewall in the branch office. This will drive a new wave of consolidation as vendors struggle to invest to compete in this highly disruptive, rapidly evolving landscape.

SASE is in the early stages of market development but is being actively marketed and developed by the vendor community. Although the term is relatively new, the architectural approach (cloud if you can, on-premises if you must) has been deployed for at least two years. The inversion of networking and network security patterns as users, devices and services leave the traditional enterprise perimeter will transform the competitive landscape for network and network security as a service over the next decade, although the winners and losers will be apparent by 2022. True SASE services are cloud-native — dynamically scalable, globally accessible, typically microservices-based and multitenant. The breadth of services required to fulfill the broad use cases means very few vendors will offer a complete solution in 2020, although many already deliver a broad set of capabilities. Multiple incumbent networking and network security vendors are developing new or enhancing existing cloud-delivery-based capabilities.

User Advice: There have been more than a dozen SASE announcements over the past 12 months by vendors seeking to stake out their position in this extremely competitive market. There will be a great deal of slideware and marketecture, especially from incumbents that are ill-prepared for the cloud-based delivery as a service model and the investments required for distributed PoPs. This is a case where software architecture and implementation matters

When evaluating SASE offering, be sure to:

  1. Involve your CISO and lead network architect when evaluating offerings and roadmaps from incumbent and emerging vendors as SASE cuts across traditional technology boundaries.
  2. Leverage a WAN refresh, firewall refresh, VPN refresh or SD-WAN deployment to drive the redesign of your network and network security architectures.
  3. Strive for not more than two vendors to deliver all core services.
  4. Use cost-cutting initiatives in 2020 from MPLS offload to fund branch office and workforce transformation via adoption of SASE.
  5. Understand what capabilities you require in terms of networking and security, including latency, throughput, geographic coverage and endpoint types.
  6. Combine branch office and secure remote access in a single implementation, even if the transition will occur over an extended period. Gartner, Inc. | G00441653 Page 9 of 44
  7. Avoid vendors that propose to deliver the broad set of services by linking a large number of products via virtual machine service chaining.
  8. Prioritize use cases where SASE drives measurable business value. Mobile workforce, contractor access and edge computing applications that are latency sensitive are three likely opportunities.

Some buyers will implement a well-integrated dual vendor best-of-breed strategy while others will select a single vendor approach. Expect resistance from team members that are wedded to appliance-based deployments.

Business Impact: SASE will enable I&O and security teams to deliver the rich set of secure networking and security services in a consistent and integrated manner to support the needs of digital business transformation, edge computing and workforce mobility. This will enable new digital business use cases (such as digital ecosystem and mobile workforce enablement) with increased ease of use, while at the same time reducing costs and complexity via vendor consolidation and dedicated circuit offload.

COVID-19 has highlighted the need for business continuity plans that include flexible, anywhere, anytime, secure remote access, at scale, even from untrusted devices. SASE’s cloud-delivered set of services, including zero trust network access, is driving rapid adoption of SASE.

Benefit Rating: Transformational

Market Penetration: 1% to 5% of target audience

Maturity: Emerging”

 

SASE Hype Cycle Phases, Benefit Rating and Maturity Levels According to Gartner

Hype Cycle Phases

Gartner describes Secure Access Service Edge (SASE) as being in the “Peak of Inflated Expectations” phase of the Hype Cycle. This is the second of five phases in a technology’s development. According to Gartner, this phase is described as follows: “During this phase of overenthusiasm and unrealistic projections, a flurry of well-publicized activity by technology leaders results in some successes, but more failures, as the technology is pushed to its limits. The only enterprises making money are conference organizers and magazine publishers.”

Technologies proceed through three additional phases until being removed from the Hype Cycle.
By way of comparison, SD-WAN is in the “Slope of Enlightenment,” the second to final phase of the Hype Cycle. Gartner describes this technology “Focused experimentation and solid hard work by an increasingly diverse range of organizations lead to a true understanding of the technology’s applicability, risks and benefits. Commercial off-the-shelf methodologies and tools ease the development process.”

Benefit Rating

Gartner identifies Secure Access Security Edge (SASE) as having a Benefit Rating of “Transformational.” Gartner defines a transformational benefit rating as a technology that “Enables new ways of doing business across industries that will result in major shifts in industry dynamics.” Transformational is the highest of Gartner’s four Benefit Rating. By way of comparison, the Benefit Rating for SD-WAN was “High,” which Gartner defines “Enables new ways of performing horizontal or vertical processes that will result in significantly increased revenue or cost savings for an enterprise.”

Maturity

Gartner defines Secure Access Service Edge (SASE) as having a maturity level of “Emerging,” where there’s “commercialization by vendors” and “pilots and deployments by industry leaders.” The Emerging maturity level is the second in seven stages of technology maturity.

By contrast, SD-WAN’s maturity level is “Early mainstream,” where there is “Proven technology” and “Vendors, technology and adoption rapidly evolving.”

*Gartner, “Hype Cycle for Network Security, 2020” Pete Shoard, June 30, 2020

Gartner Disclaimer
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not