The Secure Access Service Edge (SASE) as Described in Gartner’s Hype Cycle for Enterprise Networking, 2019October 2, 2019
In its recent Hype Cycle for Enterprise Networking, 2019, Gartner recognized Cato Networks as a “Sample Vendor” in the Secure Access Service Edge (SASE) category. Below is the verbatim text of the SASE section from the Gartner report.
To better understand SASE, check out this summary on Secure Access Service Edge (SASE) or read this whitepaper on why The Network for the Digital Business Starts with the Secure Access Service Edge (SASE) to understand how Cato meets SASE requirements.
Secure Access Service Edge
“Analysis By: Joe Skorupa; Neil MacDonald
Definition: The secure access service edge (SASE) are emerging converged offerings combining WAN capabilities with network security functions (such as secure web gateway, CASB and SDP) to support the needs of digital enterprises. These needs are radically changing due to the adoption of cloud-based services and edge computing. These capabilities are delivered as a service based upon the identity of the entity, real time context and security/compliance policies. Identities can be associated with people, devices, IoT or edge computing locations.
Position and Adoption Speed Justification: SASE (pronounced “sassy”) is in the early stages of development. Its evolution and demand are being driven by the needs of digital business transformation due to the adoption of cloud-based services by distributed and mobile workforces and the adoption of edge computing. The legacy data center should no longer be considered the center of network architectures. Users, sensitive data, applications and access requirements will be everywhere. The new center of secure access networking design is the identity — of the user, device, IoT/OT systems and edge computing locations and their needs for secure access services to cloud-based services directly including an enterprise’s applications running in IaaS. This inversion of networking and network security patterns will transform the competitive landscape over the next decade and create significant opportunities for enterprises to reduce complexity and allow their IT staff to eliminate mundane aspects of the network and network security operations.
Multiple incumbent vendors from the networking and network security are developing new cloud-based offerings or are enhancing existing cloud delivery based. The breadth of services required to fulfill the broad use cases means very few vendors will offer a complete solution in 2019, although many already deliver a broad set of capabilities. SASE services will converge a number of disparate network and network security services including SD-WAN, secure web gateway, CASB, software defined perimeter (zero trust network access), DNS protection and firewall as a service. It isn’t sufficient to offer a SASE service built solely on a hyperscale provider’s limited number of points of presence. To compete effectively and meet requirements for low latency, significant investments in geographically disperse points of presence will be necessary. Some agent-based capabilities will be necessary for policy-based access for user-facing devices and some on-premises based capabilities will be required for networking functions such as QoS and path selection. However, these will be centrally managed from a cloud-based service. SASE offerings that rely on an on-premises, box-oriented delivery model or that rely on a limited number of cloud points of presence will be unable to meet the requirements of an increasingly mobile workforce and emerging latency sensitive applications. This will drive a new wave of consolidation as vendors struggle to invest to compete in this highly disruptive, rapidly evolving landscape.
User Advice: Gartner expects a number of SASE announcements over the next several months as vendors merge or partner to compete in this emerging market. Most SASE offerings will be purpose built for scale-out, cloud-native and cloud-based delivery and optimized to deliver very low latency services. Keep in mind that in the early days of this transition there will be a great deal of slide-ware and marketecture, especially from incumbents that are ill-prepared for the cloud-based delivery model from distributed POPs. This is a case where software architecture and implementation matters. Additionally, be wary of vendors that propose to deliver the broad sent of required services by linking a large number of products via virtual machine service chaining, especially when the products come from a number of acquisitions. This approach may speed time to market but will result in inconsistent services, poor manageability and high latency.
In many cases, branch office SASE adoption will be driven by network and network security equipment refresh cycles and associated MPLS offload projects. However, other use cases will drive earlier adoption. I&O leaders should identify use cases where SASE capabilities will drive measurable business value. Mobile workforce, contractor access and edge computing applications that are latency sensitive are three likely opportunities. For example, secure access consolidation across CASB, SWG and software defined perimeter solutions, providing a unified way for users to connect to SaaS applications, internet websites and private applications (whether hosted on-premises or in public cloud IaaS) based on context and policy.
Because the technology transition to SASE cuts across traditional organizational boundaries, it is important to involve your CISO and lead network architect when evaluating offerings and roadmaps from incumbent and emerging vendors. Expect resistance from team members that are wedded to appliance-based deployments.
Business Impact: SASE will enable I&O and security teams to deliver the rich set of secure networking and security services in a consistent and integrated manner to support the needs of digital business transformation, edge computing and workforce mobility. This will enable new digital business use cases (such as digital ecosystem and mobile workforce enablement) with increased ease of use, while at the same time reducing costs and complexity via vendor consolidation and dedicated circuit offload.
Benefit Rating: Transformational
Market Penetration: Less than 1% of target audience
SASE Hype Cycle Phases, Benefit Rating and Maturity Levels According to Gartner
Hype Cycle Phase
Gartner describes Secure Access Service Edge as being in the “Innovation Trigger” phrase of the Hype Cycle. This is the initial phase of a technology, which Gartner defines as “A breakthrough, public demonstration, product launch or other event generates significant press and industry interest.” Technologies proceed through four additional phases until being removed from the Hype Cycle.
By way of comparison, SD-WAN is in the “Slope of Enlightenment,” the second to final phase of the Hype Cycle. Gartner describes this technology “Focused experimentation and solid hard work by an increasingly diverse range of organizations lead to a true understanding of the technology’s applicability, risks and benefits. Commercial off-the-shelf methodologies and tools ease the development process.”
Gartner identifies SASE as having a Benefit Rating of “Transformational.” Gartner defines a transformational benefit rating as a technology that “Enables new ways of doing business across industries that will result in major shifts in industry dynamics.”
Gartner defines SASE as having a maturity level of “Emerging.” Gartner defines emerging as markets where there’s “Commercialization by vendors” and ”Pilots and deployments by industry leaders.”
* “Hype Cycle for Enterprise Networking, 2019,” Andrew Lerner and Danellie Young, 9 July 2019
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.