Only 12% of worldwide enterprises fully embrace SASE

Pitched as the logical extension of software-defined wide area networks (SD-WANs) and as a more effective way of ensuring the security of increased numbers of remote workforces than virtual private networks (VPNs), secure access service edge (SASE) has failed to live up to its billing, says a survey from NetMotion.

The secure remote access solutions provider found that pandemic-driven remote work has not led to wholesale SASE and software-defined perimeter (SDP) adoption and that enterprise VPNs still remain the most widely trusted technology to serve distributed workforces.

NetMotion’s inaugural Secure access service edge global survey canvassed the views of 750 IT leaders, including CIOs, CTOs, IT and network directors, as well as security analysts across the legal, finance, public safety, transportation, healthcare and government sectors in Australia, Germany, Japan, the UK and the US. The goal was to quantify and qualify the hype around SASE while ascertaining the popularity of various network and security technology deployed by organisations around the world.

The seemingly worrying top-line finding was that although many public and private sector organisations have elements of SASE in their IT stack as the unexpected growth of remote working greatly accelerated conversations around secure remote access systems, only 12% worldwide currently have what the company called a “comprehensive” SASE architecture.

The survey also found that two-thirds (67%) of all respondents reported confidence in their understanding of the comprehensive SASE framework, with the UK (81%) showing most confidence, along with Australia (78%). However, just over a quarter of organisations (26%) had not embraced the SASE philosophy at all, nor do they have immediate plans to, while just over one-third (35%) have embraced it in less than half of their technology stack.

The utilities and energy sectors reported the highest share of complete SASE adoption (17%), with legal (14%), finance (12%) and healthcare (11%) following closely behind. IT teams were found to be taking the lead in SASE implementation (52%), while security teams (21%) and network teams (18%) were also responsible at some organisations.

Looking at deployed SASE technologies, VPN was the most widely deployed SASE system (54%), followed by WAN optimisation (49%), cloud secure web gateways (46%), firewall-as-a-service (39%) and SD-WAN (29%). Zero-trust network access (ZTNA)/SDP, and edge content filtering were the least widely deployed SASE solutions (15%).

Filtering content at the edge is most prevalent in the US (23%), perhaps driven by the need to ensure compliance and security amidst the growth in remote working. Only just over half (56%) of firms have begun to adopt a zero-trust posture while 24% do not plan to, suggesting, said NetMotion, that IT leaders either don’t understand zero trust as well as they claim to, or are overestimating their own capabilities.

Aiming to investigate the main factors inhibiting greater SASE adoption, NetMotion found that only 4% of organisations have migrated fully to the cloud, with just over half (51%) having most of their apps and services there. Also, over 15% of organisations still had at least three-quarters of their resources hosted on-premise, a proportion that grew to 39% for government entities and 16% of public safety agencies. By contrast, financial and legal firms were the most likely to have pushed at least three-quarters of their resources to the cloud. 

With organisations slow to adopt a comprehensive SASE stack, NetMotion said it was no surprise that the data also revealed a continued reliance on enterprise VPNs. In fact, over 50% of respondents reported that their organisation relied most heavily on VPN for secure remote access during the pandemic.

VPNs proved most popular among law firms (56%) and financial service organisations (49%), while 56% of private sector organisations reported using VPNs for their employees. Public sector leaders, on the other hand, reported only 29% VPN adoption, instead prioritising cloud secure web gateways (37%) and firewall-as-a-service (42%).

The results, NetMotion concluded, suggested that modernising legacy technologies, such as VPNs, firewalls and secure web gateways (SWGs), was a more attractive initiative to IT leaders than the adoption and implementation of new technology, such as control access security brokers (CASB), ZTNA and edge content filtering, especially as most organisations had goals of scaling existing tools rather than attempting a forklift upgrade.

“While SASE is likely to represent the future of network availability, optimisation and cyber security, our survey revealed that the perception of accelerated adoption is much greater than the current reality, which is that the vast majority of enterprises are not yet close to fully embracing this framework,” said Christopher Kenessey, NetMotion CEO and president.

“Our survey makes it clear that we’re only at the very beginning of the SASE evolution, and that many organisations don’t yet fully appreciate the benefits of going all-in on this approach.”