A short article on SASE, what it is, where it will be useful (the good), its shortcoming (the bad) and what to avoid (the ugly)

What is it?

I remember the old days when all our data and applications were hosted at our own data centres. But then came Cloud and X-as-a-Service (x being Infrastructure, platform, software). They took our data and apps and distributed them all around the globe. Our users also started to be far more mobile and working away from the office became the norm. This resulted in a shift from having data centres to centres of data everywhere, and with that came an inversion of access patterns. We now face the enormous challenge of improving user experience – i.e. faster access to apps – while ensuring access and data security.

SASE aims to address this challenge by introducing a new concept through which network services and security services are Cloud delivered. You can argue that the technologies and services offered are not new, and that is true, but SASE brings together these disparate offerings under a common architecture. It also fundamentally changes our standard connectivity patterns; we no longer directly network users and branches to our data centres and onto the cloud, we connect them straight to the SASE cloud.

This architecture allows for centralised and identity-based management of our network and security policies.

The Good

Imagine being able to deliver business agility through simplification of your network and security architecture, consolidation of vendors, and native integration of the various point solutions you have today. Imagine being able to better manage organisational and IT risk through centralised management of policies. Imagine reducing your operating costs and improving user experience while embarking on the zero-trust journey. What if you could securely enable hundreds or even thousands of employees to work remotely in a matter of hours or days? These are the possibilities promised by SASE.

The Bad

It only took weeks after the introduction of SASE by Gartner for the Titans of the Cybersecurity world to announce SASE offerings. Palo Alto Networks, Zscaler, Cisco, Akamai have all published SASE based architectures and go to market strategies. In my humble opinion, however, not a single vendor offers the entire stack. It is not possible to call any of these vendors and ask for an end to end SASE solution. There is still a real need for integration between some components. It is also important to not see SASE as the silver bullet to all your challenges. Gartner places SASE on the Innovation Trigger zone of their hype cycle and that means the peak of inflated expectations and more importantly, the trough of disillusionment are yet to come.

The Ugly

There is nothing ugly about the concept and its supporting architecture. What will be ugly however is the risk of over-promising and under-delivering by vendors and service integrators alike. It is important businesses understand that SASE is an architectural vision and getting to that vision requires you embarking on a journey. SASE also dares to bring identity, networking, and security teams together, a task at which many have failed.