What's in a name? How to navigate the crowded SASE marketplace
According to Dell’Oro Group, there are more than 30 SASE vendors. That number is likely to go up consistently for the foreseeable future. Despite this growth, not all these providers are delivering the same basic foundational elements to customers. At best, these providers don’t realize that they’re not offering a true SASE solution, and at worst, they’re falsely advertising SASE capabilities to expand their customer bases.
For example, would a company that strictly sells bread say that they offer cakes? While bread and cakes do share some of the same ingredients and both end products require a baking process, it would be disingenuous for the bread company to say that it sells cakes. This is the issue we’re currently battling against in the quickly evolving SASE space.
Just like you wouldn’t put birthday candles in a loaf of bread for your child’s fifth birthday party, you wouldn’t want to rely on an SSE product or something else as your SASE solution. The question is: why are so many IT leaders implementing products that are masquerading as SASE solutions?
At the core, the answer comes down to two things: desperation and complexity.
Desperation Has Led to Some Bad Decisions
It’s no secret that the pandemic forced a lot of IT leaders into panic mode. One day everything was fine, and then, out of nowhere, they were told they had a week, give or take, to migrate their entire workforces over to the cloud. Naturally, this caused IT teams to quickly look for solutions that could help them with this unprecedented request. SASE, by definition, was the precise solution they were looking for, but, as we know, there were no out-of-the-box SASE solutions that someone could implement at that time, so they went with options that had marketed themselves as "SASE solutions."
Some IT leaders stayed with their legacy providers that made promises of SASE, while others took the leap with new providers that slapped a SASE label on their existing products in hopes of attracting people for this specific scenario. Looking back, I’m sure there are a lot of people that regret those decisions they made while under extreme duress.
Network and Security Architectures are Complex
Whether or not a given business went with a new provider, what happened in many cases was that they dug themselves into a hole they couldn’t climb out of. Due to the complexity of today’s network and security architectures, the more things you add to the mix, the more you need to manage. If something goes wrong and you have dozens of solutions to sift through to find the problem, your customers are the ones who suffer most. When you have a rotting foundation, adding another brick to the building is not going to solve all your problems. You need to rethink your approach at the ground level, so that when change happens around you, you can seamlessly adapt.
Furthermore, those that trusted their legacy providers to help them navigate these turbulent times fell woefully behind as cyberattacks got more sophisticated and increased in frequency. Worst of all, since things were so complex to manage, IT leaders often ended up sticking with those same legacy providers because they feared the prospect of managing something new.
You Can’t Teach an Old Dog New Tricks
Legacy providers have always been about getting the most out of outdated products and approaches. They’re notorious for being slow to innovate, so why would IT leaders trust them to deliver an adequate solution for their modern businesses? Just look at all the data breaches and network outages recently. According to Statista, in 2022, the number of data compromises in the United States stood at 1802 cases. Meanwhile, over 422 million individuals were affected by data compromises, including data breaches, leakage, and exposure. Additionally, in 2022, network intelligence company ThousandEyes recorded more than 15,000 network outages using its network-agnostic data that provided insights across the Internet and into the cloud.
With all the technology and advancements we have, these incidents shouldn’t be happening at the scale that they are. A major culprit is businesses relying on "SASE solutions" from providers that aren’t equipped to deliver on the SASE promise.
Shifting Focus
While the pandemic caused people to scramble for solutions quickly, IT leaders would be wise to be more diligent about SASE solutions moving forward. Rather than being influenced by the SASE acronym, it’s critical to peek under the hood to see what you’re actually getting before you purchase it. Companies should prioritize solutions that are committed to solving a range of next-generation customer problems.
As a business, you don’t know what’s going to happen next. To give your organization the best chance for success, you want to align with partners that understand this and live this in their own businesses through constant innovation.
Observability
One of the biggest benefits to a true SASE solution is observability. This is why having the elements of SASE differs from having a full-fledged SASE solution. If you have SD-WAN, firewall-as-a-service (FWaaS), cloud access security broker (CASB), data loss prevention (DLP), secure web gateway (SWG), and zero-trust network access (ZTNA), but they’re not unified through a single cloud-based service or platform, it’s not SASE in the purest sense. As I mentioned earlier, network and security architectures are complex, so if you have all these different elements in a silo, and data and information isn’t being shared between them, it’s going to be a nightmare to manage. If you’re in this position, that’s a telltale sign that you don’t have a true SASE solution. A proper SASE solution with the right architecture should both simplify and bolster network and security. Again, it’s not about adding more elements to the mix, but bringing them together, that is the secret sauce of SASE.
Artificial Intelligence and Machine Learning
While AI is the hottest buzzword in tech right now, mostly due to the explosion of OpenAI’s ChatGPT, AI in network and security is more understated but no less important for future success in the enterprise. The same goes for Machine Learning. As teams shrink, more CISOs resign, and enterprise network and security evolve, AI and ML will play a critical foundational role in next-generation solutions. To combat the most sophisticated network and security attacks, enterprises need technologies underpinned by AI and ML to remain afloat. With the ability to automate tasks, upgrade threat detection, enhance decision-making, and drive efficiency, AI and ML are continuously learning and improving in a way that legacy technology simply can’t replicate. SASE providers that aren’t deeply exploring these technologies may have adequate SASE solutions today, but they will not be able to withstand the challenges of tomorrow.
Looking Ahead
When you’re under mounting pressure to deliver for your organization, decision-making can be grueling and overwhelming. While we’re not currently facing the unprecedented hurdle that we all faced in March 2020, we are certainly facing an economic challenge that makes this period difficult in its own right. Although there may be a strong impulse to stick with your current provider or jump at the first affordable SASE solution to solve all your network and security problems, this decision is too important to leave to chance. It’s imperative that you do your homework, talk to people you trust, and, most importantly, demand that prospective solutions providers are transparent in answering your questions and check all the key boxes that will set you up for future success. SASE can be extremely complex to understand at first, but knowing the right questions to ask and the core principles you should be seeking will make the selection process a lot easier. If you put in the necessary time now to find the solution that’s right for your business -- no matter what happens -- you’ll ensure that you’re not scrambling the next time a major obstacle presents itself.
Image credit: mc_stockphoto.hotmail.com/depositphotos.com
Renuka Nadkarni is Chief Product Officer, Aryaka.