How SASE is set to determine the future

We take a look at the SASE environment and what challenges and benefits lie ahead in the adoption of secure access service edge

This article can also be found in the Premium Editorial Download: Computer Weekly: What is Log4Shell - and why the panic?

Digital transformation has become the watchword for many organisations in recent years. It’s a nebulous term, meaning different things to different people. In some cases, it’s been a full root-and-branch revamp of an entire infrastructure, defining business processes, changing organisational structure and completely upgrading technology; in other cases, there have just been tweaks here and there.

For any business that really wants a transformative approach, secure access service edge (SASE) will be key. When Gartner introduced the term in 2019, it was a seen as a convenient shorthand term for the integration of security and networking services. In particular, it offers support for multiple suppliers – something particularly important in today’s modern enterprise. However, although superficially this sounds attractive, there are difficulties in the management of SASE implementations.

Because of its genesis as the brainchild of a research group, some observers think the whole concept of SASE is marketing hype – yet another buzzword for the technology lexicon – but the increasing number of suppliers that have followed the SASE path has demonstrated that it is an innovation that has genuine support.

Take-up of SASE has been accelerated by the pandemic and by organisations rushing to establish new ways of working, in particular ensuring that employees who wanted to work from home could do so. Yet there have been obvious concerns along the way. At the forefront of CIOs’ minds has been a need to provide ready access to corporate files while, at the same time, offering the same levels of security that employees would get while working at the office.

This is where SASE comes in – it’s the reason why there is so much heightened interest in the technology right now. And this has been backed up by the statistics. According to research commissioned by Versa Networks, the adoption of SASE worldwide has increased dramatically during the pandemic. The survey found that 34% of businesses are already adopting it, and a further 30% plan to do so within the next 12 months.

There are several challenges that companies have had to overcome. For example, the pandemic has pushed video-conferencing and remote collaboration to the top of the agenda but, according to the Versa survey, these are the two areas that have caused the biggest concern to CIOs.

Confusion over definition of SASE

So there is little wonder that businesses are looking more closely at SASE as the means to drive change. But there is one complication – the terminology. To put it simply, it is important to understand what is meant by SASE. This may sound like a strange thing to say given the high degree of interest in the technology, but it is equally clear that there is a significant amount of confusion out there. 

Despite the numbers of people already turning to SASE, the Versa survey found that most of the technical professionals surveyed, a whopping 69%, could not accurately define SASE.

However, despite this confusion, the top reason for adopting SASE is clear – to improve the security of devices and applications used by remote workers, particularly in the cloud, and it is this overriding desire that has driven its take-up. Perhaps some of the confusion has arisen because SASE is closely entwined with software-defined wide area networks (SD-WANs) and some users have been were unclear about where each technology fits.

SD-WAN is certainly a component of SASE, but it offers a more localised service, aimed at particular points in the network. While it would be possible to build a corporate-wide SD-WAN system, it would be excessively expensive and would be a headache to administer. SASE is a more comprehensive technology – a way of working that is based on using the cloud allied to specific security controls.

So it seems that we have reached a critical juncture in the roll-out of SASE. The pandemic appears to have passed its peak and we are slowly returning to our offices, but the infrastructure that has been put in place is set to continue. That, in itself, suggests that SASE is no flash in the pan. An indication of this can be seen in the number of suppliers that are launching into the SASE arena. There were initially a few players in the SASE world – Cato, Cisco, Netskope, Versa, Palo Alto and a few others – but this is a list that is certain to grow.

VMware initiatives

At VMworld in October 2021, VMware announced a series of initiatives in which SASE played a prominent role, in particular how it will fit into a multicloud environment. But VMware has taken its commitment to SASE one stage further. At the end of October, it announced a collaboration with Amazon subsidiary eero that would help the many millions of employees who are regularly working from home.

The partnership is in the US initially, but given the way that home working has taken off during the pandemic, it is likely to be adopted elsewhere, too. The two companies will be working together to pair eero’s 6 series mesh Wi-Fi systems with VMware’s SASE Work from Home technology to provide safe access. 

And VMware is not alone. Citrix is another supplier that is boosting its SASE credentials. In October, the company launched its secure private access service, a zero-trust network access (ZTNA) service that protects access to apps and data from a variety of devices. This means employees can have secure access to corporate systems wherever they are working. As the name suggests, this means the use of zero-trust principles to provide access across multicloud deployments.

Citrix’s new offering emerged as the company responded to its own survey on digital transformation and how enterprises can handle changes in working practices. According to Citrix’s research, 86% of respondents thought it was “extremely important” or “very important” to create a seamless employee experience, and 79% thought the pandemic had given them an opportunity – another reminder of the impact Covid has had.

Read more about SASE

A sign of the growing importance of SASE is the speed at which suppliers are putting in place training courses for the technology. As the Versa survey showed, there is a lot of misunderstanding about what SASE is – so there is a definitely a shortage when it comes to talking about people with high levels of skills.

It is particularly important that SASE covers first principles in a non-partisan way, given that it is a technology aimed at pulling together multiple suppliers. As we have seen, it is definitely part of the VMware strategy.

One of the first companies to get on track with a training course was Cato Networks, which launched its initial SASE course in November 2020 but supplemented the Level 1 certificate with a Level 2 follow-up in September this year. No other company is yet producing the two-tier structure that Cato has introduced, but plenty more suppliers are recognising the need for some core certification.

However, there is a specific problem when individual companies put training packages together – much of the teaching focuses on how to use individual products, which can be seen in the way that the well-known Cisco networking qualification CCNA is geared as a set of instructions for Cisco’s own products, although it does cover networking principles as well.

Zero-trust approach

Also, the rise of SASE, which makes use of a zero-trust approach to security, fits in perfectly with suppliers that have adopted this as a firm tenet. Cato is not alone in offering SASE certification, however – Cisco is taking great strides in that direction, too. The company has a pedigree with its CCNA and CCIE certification and is building on that to offer hands-on training. Other companies building on the new-found interest and offering training courses include Versa, Netskope and Palo Alto.

If there is a shortage of security skills in the industry, then there will clearly be a lack of specialists in SASE.

It is still early days, but we can expect to see more ventures like the VMware/eero partnership being rolled out. There are several signs that the transformation that has taken place recently will continue and more attention will be paid to the ways in which employees continue to work from home.

But SASE will be about more than home working. A technology that brings together cloud and zero-trust security in such an effective manner will continue to attract adherents across the spectrum and will be a way forward. There will be challenges in building the skills to support such a move – there is already a shortage of cloud specialists and cyber security specialists, and combining the two has taken things to a new level. 

However, we can certainly expect to see companies pull out all the stops in future and SASE is set to play an increasingly important role in the months to come.

Read more on Software-defined networking (SDN)