Making the Right Selection: Single-Vendor SASE or Unified SASE?

Making the Right Selection: Single-Vendor SASE or Unified SASE?

Making the Right Selection: Single-Vendor SASE or Unified SASE?

Source: Versa Networks

Since the initial introduction of the Secure Access Service Edge (SASE) network security model by Gartner in 2019, the SASE market has seen unprecedented growth, innovation, competitiveness, and adoption by the enterprise sector.  More specifically, Gartner’s recent analysis predicts that by 2025, upwards of 80% of enterprises will have an enterprise security strategy with SASE as a foundation, and 50% of new SD-WAN purchases will be part of a SASE offering.

Evolution of SASE Solutions

As with all rapid technological innovation, it has been accompanied by the traditional evolution and disruption of solution offerings to meet the many diverse needs of enterprise customers.  Recognizing this trend, in 2021 Gartner introduced a reduced feature set solution category, Security Service Edge (SSE), that sought to provide the primary benefits of a cloud delivered network security model without the necessary implementation of the SD-WAN component to better optimize and facilitate the SASE solution.   While this model has its advantages, such as a more streamlined, and expediently consumable, reduced set of technologies and services, it is not without some significant trade-offs and challenges to the more unified SASE model.  Now, modern day fall 2022, brings the next evolution of the Gartner SASE/SSE model that is worthy of some discussion, the introduction of the ‘single-vendor’ SASE solution category.

Single Vendor SASE

The past few years have seen an exponential growth in SASE/SSE market participants. From the traditional incumbent industry veterans of network security to innovative disruptors who are agile enough to rapidly develop or converge core SASE features to deliver a compelling alternative value proposition.  Ideally, the more feature complete, converged, and integrated, the more robust, cost effective, and compelling the SASE offering. As such, a common market approach has been to focus on core competencies, such as firewall-as-a-service (FWaaS), cloud access security broker (CASB), secure web gateway (SWG), or software-defined WAN (SD-WAN), while supplementing the solution with additional SASE features through strategic partnerships, or acquisitions.

This has predictably encouraged vendor consolidation, such as the recent acquisitions of Infiot by Netskope, or CloudGenix by Palo Alto, thereby supplementing their SSE offerings with SD-WAN for a more unified SASE approach.  Which brings us back to the single-vendor SASE solution category; what constitutes a single-vendor solution?

What’s the Difference?

Gartner defines Single-Vendor SASE as ‘delivering multiple converged network and security as-a-service capabilities, such as software-defined WAN (SD-WAN), secure web gateway (SWG), cloud access security broker (CASB), network firewalling and zero trust network access (ZTNA) – using a cloud-centric architecture.’ Also noting that the ‘market for well-architected single-vendor SASE offerings is immature but developing quickly.’ and while ‘multiple providers now have a single-vendor SASE offering; few offer the required breadth and depth of functionality with integration across all components, single management plane, and unified data model and data lake.’

This is a key point of clarification when discussing single-vendor SASE offerings by Gartner’s definition.  For additional context, it is helpful to introduce to this discussion the alternative categorization of Unified SASE as proposed by other industry sources. For instance, Dell’Oro Group defines unified SASE, which is the recognized future of the SASE market, as ‘networking and security services integrated in a single platform with all SASE components coming from the same vendor; and implementing a single policy repository that spans network and security policy.’

This is a much more comprehensive, concise, and instructive working definition of a SASE offering that is unified and integrated in functionality, sourced from a single vendor.  Simply put, unified SASE is necessarily single-vendor, but not all single-vendor SASE is necessarily unified.  Most existing single-vendor SASE offerings are immature and lack the fundamental integration which has been the benchmark of a truly unified SASE solution of network and security as-a-service capabilities. Many such single-vendor SASE solutions are still very much disaggregated services or components under a single vendor product portfolio, SKU, or brand name.  They are essentially bundled products and services to facilitate marketing, and ease of purchasing decisions, not fully integrated constituent services of a more holistic unified SASE model.

What Are the Benefits of a Unified SASE?

With that perspective in mind, what are the benefits of a truly unified SASE offering? What value can enterprise customers reasonably expect when adopting a mature unified SASE solution? Here are the primary benefits of implementing a truly unified SASE solution from a single vendor:

  • Unified management and data model facilitated by a data lake. This enables a unified management plane implementation for the more efficient development and deployment of network and security policies reducing operational overhead and improving administrator experience.
  • Consistent network and security policies. A unified security plane ensures consistent security policies from a single authoritative source, enforcing compliance and improving security poster across the ecosystem of users and devices.
  • Improved security user experience. Unified policies ensure a consistent and predictable user experience regardless of user environment or locations, whether corporate campus, branch office or work-from-home (WFH).
  • Increased flexibility, scalability, and ease of use. The unified management and configuration model provides the crucial IT agility to quickly adapt to the evolving business demands of a modern cloud-based enterprise.
  • Improved visibility and security effectiveness. Unified data, security, and management planes facilitate single-pane-of-glass view with rich data integration for enhanced security readiness, risk awareness, response, and threat hunting.

How Do I Qualify Unified from Single-Vendor?

How can enterprise SASE customers successfully navigate the market confusion and avoid the costly mistake of adopting a solution that may be single-vendor, but may not be the truly unified SASE solution most are seeking to adopt?  There are a few easy-to-follow steps that prospective SASE customers can follow to properly qualify a SASE offering that better meets their needs.  Enterprises just beginning their SASE journey would be well-advised to assess any proposed single-vendor SASE offerings under consideration with the following qualifying questions:

  • Does the solution support a unified management and data model (data lake)?
  • Does the solution provide a unified security plane to support authoritative global policy development and deployment?
  • Does the solution offer a single integrated technology stack, or is it simply a bundling of disaggregated components with poor or no integration into a single product SKU?
  • Does the vendor provide a single point of contact support model across the solution, or does the support model differ by solution or component?
  • Does the solution provide a single-pane-of-glass for the implementation, management and monitoring of all components and services with advanced features, such as a robust analytics engine?
  • Does the solution include integrated SD-WAN to ensure optimized user/security experience, and resilient application traffic management?

The SASE market is sure to continue its rapid pace of growth and expansion with the consolidation of offerings, convergence of network and security services, and innovative disruption for the foreseeable future.   Likewise, enterprises will continue to benefit from this evolutionary SASE model as business needs change and adapt to meet the challenges of an evolving cybersecurity threat landscape, regulatory burdens, global pandemics, or whatever else may emerge.  Although, prospective enterprise SASE customers may find the all-too frequent introduction of new terminology, acronyms, buzzwords, and even solution categories, somewhat confusing and difficult to stay on top of, it needn’t be.  With some basic education and understanding of fundamental concepts regarding SASE, enterprise customers will be better prepared and well-equipped with the knowledge necessary to successfully continue their SASE journey.

Source: Versa Networks