As observed before in this blog, few of Gartner’s ‘inventions’ have caught on as quickly as SASE – Secure Access Service Edge.
From traditional firewall vendors to declared SASE specialists, umpteen and then some vendors have jumped on the “sassy” bandwagon. Now Gartner has mapped out the SASE convergency strategy for 2021 with a recently published revised roadmap.
The entire document is available for free download from Cato Networks’ site:
To summarise Gartner’s document: the analyst company suggests that the combination of work from anywhere, cloud migration and digital transformation is creating a very different landscape to manage. It states that, in order to protect anywhere, anytime access to digital capabilities, security must become software-defined and cloud-delivered, forcing changes in security architecture and vendor selection. This is quite a statement…
Moreover. Gartner believes that perimeter-based approaches to securing anywhere, anytime access has resulted in a patchwork of vendors, policies, and consoles, creating complexity for security administrators and users. That much is certainly difficult to argue against. Gartner further states that enterprises that consider existing skill sets, vendors and products, and timing of hardware refresh cycles as migration factors will reduce their SASE adoption time frame by half. A 50% saving is another massive statement to make.
Unsurprisingly, given the global WFH initiative, Gartner sees branch office transformation projects (including SD-WAN, MPLS offload, internet-only branch and associated cost savings as being increasingly part of the SASE project scope. What, I guess, makes SASE a compelling direction for vendors is that it has equal appeal to security and network optimisation companies.
All well and good, but what do companies do about implementing said Gartner directives.
In the short term, Gartner suggests the deployment of zero trust network access (ZTNA) to augment or replace legacy VPN for remote users, especially for high-risk use cases. This should be combined with a multiyear phase out of on-prem perimeter and branch hardware, in favour of cloud-based delivery of SASE capabilities. At the same time, Gartner suggests consolidating vendors and cutting complexity and costs, as contracts renew for products and services such as secure web gateways, cloud access security brokers and VPNs. Consolidation makes sense in most cases, and certainly in this one. Meantime, the analyst urges companies to actively engage with initiatives for branch office transformation and MPLS offload in order to integrate cloud-based security edge services into the scope of project planning.
So, just a few simple initial tasks 😊 – ultimately, consolidation and simplification seem to be the bywords however – and it does make sense. Longer term, Gartner recommends further consolidation of SASE offerings to a single vendor, or at least vendors with an explicit partnership, where both have the same end game in other words. It also recommends implementing ZTNA for all users regardless of location, including when in the office or branch – something that is increasingly relevant to all workforces globally. Gartner also recommends choosing SASE offerings that allow control of where inspection takes place, how traffic is routed, what is logged, and where logs are stored to meet privacy and compliance requirements – in other words, be in control of your own destiny! So, how to do this – create a dedicated team of security and networking experts with a shared responsibility for secure access engineering spanning on-premises, remote workers, branch offices and edge locations is Gartner’s suggestion.
Gartner concludes by noting that SASE is a pragmatic and compelling model that can be partially or fully implemented today. I’ll take that as a recommendation!