Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Rik Turner
Rik Turner
Connect Directly
E-Mail vvv

Introducing 'Secure Access Service Edge'

The industry's latest buzzword is largely a repackaging exercise that bundles a collection of capabilities together and offers them as a cloud-delivered service.

A new buzzword invading the marketing materials of cybersecurity vendors is Standing for Secure Access Service Edge (SASE). The term, coined by Gartner, refers to a technology trend in support of cloud-based applications and remote working, in which networking and security functionality converge in a single offering.

Omdia has its reservations about SASE as a product category, but we recognize that numerous vendors have adopted this parlance to describe all or part of their network security offerings.

The idea of SASE is attractive: that a single vendor, operating from the cloud, can offer an enterprise all its requirements for branch and remote employee networking, plus all the functionality to deliver that connectivity securely. On the networking side, this mainly covers functionality delivered by most software-defined wide area networking (SD-WAN) platforms, including:

  • Dynamic WAN link management
  • Multipath application steering and failover
  • Quality of service
  • Network-layer visibility and path monitoring

Meanwhile, in terms of security, a range of capabilities should be present, namely:

  • Application-aware firewall (NGFW-like functionality)
  • Secure web gateway (web traffic proxying)
  • Cloud access security broker (CASB, delivering policy-based SaaS access management)
  • Access control (VPN or zero-trust access)

An argument can be made for other subgroups here, such as data loss prevention (DLP), which many CASBs now include as a matter of course, as well as capabilities such as mobile device management (MDM) and decryption and inspection of encrypted traffic.

As such, it becomes clear that SASE is essentially a repackaging exercise, bundling a collection of capabilities together and offering them as a cloud-delivered service, almost certainly as a shopping list from which the customer can pick and mix individual features. While delivering traditionally on-premises-based networking and security capabilities from the cloud is significant, mode of delivery alone does not make SASE a new class of technology. As such, the term is reminiscent of UTM (unified threat management), an early 2000s-era term for multifunction security appliances sold for small businesses and branch offices. While SASE may serve to encapsulate an idea, it is an exercise in marketing rather than an advance in technology.

Reactions Vary from Enthusiasm to Skepticism
SASE is largely about mode of delivery and product marketing, which explains why it is so easy for different types of vendors to adopt SASE and apply it to their offerings. Omdia identifies at least three groups of vendors that have applied the SASE marketing concept to position their product offerings:

  • Type 1. There are the top-tier cybersecurity, networking, and data center specialists, such as Palo Alto Networks, Akamai, VMware, and Zscaler, that have latched onto SASE as a "market" into which they can sell a subset of their overall portfolios. Several SD-WAN vendors are also in this group.

  • Type 2. Those CASB vendors that were not acquired during the great landgrab in that space (Netskope, Bitglass, and CipherCloud) have generally embraced the term, albeit with differing degrees of enthusiasm.

  • Type 3. Then there is a group of vendors that had been struggling to find an appropriate acronym for what they do. They can complement, or obviate the need for, an SD-WAN: OPAQ, NetFoundry, and Cato Networks are in this category. SASE provides a convenient peg on which to hang their respective hats.

For all this enthusiasm, however, SASE is not without its critics. Omdia's Clifford Grossner has described it as "simply edge computing, connectivity, and security with integrated management," and questioned whether enterprises would want to buy all this from a single supplier, since it means placing a sizable bet on just one technology provider.

There are those who have criticized the absence of analytics or machine learning for purposes of automating functionality from the basic set of capabilities. And while some in the vendor community have hailed SASE as "the future of SD-WAN," others point to the evolution of SD-branch as the more likely route.

SASE Should Eventually Cede to Multimodal Solutions
There is little question that SASE is presently at or near the apex of its hype cycle. Omdia bases this both on anecdotal references to the term/acronym as well as recent market events. Of note are Palo Alto Networks' recent $420 million acquisition of CloudGenix, largely driven by SD-WAN technology to bolster its Prisma SASE offering, as well as recently repositioned SASE vendor Cato Networks landing a new $77 million Series D round of venture capital funding. Clearly, vendors and investors alike see SASE-aligned solutions as an area of opportunity.

Perhaps the most helpful benefit SASE provides the marketplace is an easy-to-understand shorthand to describe a cloud-delivered solution set combining integrated networking and security functions. What was recently a somewhat obscure, hard-to-define concept for individual vendors to articulate suddenly becomes much faster to convey and easier to understand, particularly for those learning about the associated solution sets for the first time. This alone will unquestionably help facilitate adoption of SASE-aligned product offerings.

Despite the many benefits of cloud-delivered IT, SASE is merely the latest waypoint of an ongoing journey that will see continued evolution in the way cybersecurity technology is delivered. The rise of microservices-based and serverless architectures will again require security to be delivered through alternative means, likely as componentized functions within modular application architectures. The ongoing proliferation of Internet of Things (IoT) devices, most notably on the network edge, will drive growing need for IoT security functionality, delivered from the network edge in order to reduce IoT application latency and ensure bandwidth efficiency. Undoubtedly, other technologies that Omdia expects will become prominent in the coming decade — such as 5G, autonomous systems, and quantum computing — will further disrupt and change the way in which cybersecurity solutions are delivered.

Multimodal Requirements
Ultimately, Omdia sees most cybersecurity technology segments evolving toward a multimodal delivery paradigm. As digital transformation takes hold, enterprises will come to demand fluidity in how their cybersecurity technology is delivered, based on evolving business needs (a new branch office opens; another company becomes a subsidiary; a division is spun off and requires access to some applications during the transition; even perhaps a new strain of virus forces an entire business unit to work from home indefinitely…).

An increasing pace of change within enterprise IT means today's need for cloud-delivered security may fluidly evolve into tomorrow's need for security delivered on the edge or as componentized functions, and just as quickly revert back again. Enterprises can expect multimodal offerings that can be dynamically provided in a variety of delivery modes, with pricing and licensing to accommodate change on demand.  

Related Content: 

Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event. 

Rik is a principal analyst in Omdia's IT security and technology team, specializing in cybersecurity technology trends, IT security, compliance, and call recording.  He provides analysis and insight on market evolution and helps end users determine what type of ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[email protected],
User Rank: Strategist
7/9/2020 | 1:44:16 AM
RE: Performance factor in SASE?
Good article. Aside from the obvious solution packaging/marketng benefits, one of the major claims made about SASE is that, when done right, you should get a performance boost by essentially decrypting once and performing many security functions in an integrated/concatenated fashion. What do you think about that aspect in terms of the "virtue" of SASE as an architecture?
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-30
NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can ac...
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.
PUBLISHED: 2020-10-30
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is ...