In This Article

It can be hard to know where to start when it comes to secure access service edge (SASE). 

Soon after Gartner coined the term, vendors repositioned themselves to be a part of the SASE conversation. Each focused on components of SASE that played to their wheelhouses -- web application firewalls, SD-WAN, cloud access security broker, etc. 

While we now have a better sense of just what SASE is, IT leaders still have little to go on when comparing SASE solutions. 

Some of the world's largest organizations are examining SASE solutions in our Advanced Technology Center. Here are five evaluation criteria that are helping them narrow down solutions to find an appropriate fit. 

1. Operational simplicity 

The SASE vendors that are having the most success in the market have shifted away from the technical features of SASE. Instead, they're focusing on how their solutions can simplify IT operations. There are four areas you can examine to determine just how much a SASE solution will simplify ITOps.

  • Rapid turn-up: How easy is it for IT to quickly provision policies for hundreds or thousands of users or locations?
  • Extensible licensing: Does the vendor provide an easy way to scale service consumption up or down as needed to accommodate peaks in demand?
  • Policy flexibility: Can IT quickly and consistently apply business policies at all locations?
  • Visibility and analytics: Can IT easily visualize sessions traversing the SASE service and change policy handling?

2. Remote access as a service

Remote access VPN solutions have been around for a long time, but they were never intended to be used at scale. 

With the COVID-19 pandemic, a surge of employees started using remote access VPN systems simultaneously. Some organizations had extra capacity in their concentrators, but others had to install more.

To address this, some SASE vendors have included a remote access-as-a-service capability. These vendors handle scaling by adding more cloud compute capacity, eliminating the need to add concentrator appliances. Organizations simply purchase additional client licenses, and capacity is instantly available.

The inclusion of a remote access-as-a-service capability is a critical difference between solutions. 

3. Cloud access security broker 

Like remote access VPN, a cloud access security broker (CASB) function is not new. CASB has been a part of most enterprise security strategies and is critical to implementing policy that connects users to cloud services. 

A CASB acts as an intermediary between users and the cloud, allowing IT to set access policies to cloud applications just as they would to applications that live on premises.

Because SASE services inherently provide optimized access to cloud applications, it's important that a vendor have a very strong CASB capability. This includes the ability to apply policies related to authentication, authorization and accounting, single-sign-on, encryption, logging and malware detection.

4. Advanced security capabilities

If organizations are to trust routing traffic through a SASE service, a SASE solution must deliver the same advanced security tools and capabilities as an on-premises security stack. 

Many solutions in the market meet the technical definition of what it means to be SASE, but their advanced security capabilities can differ significantly. 

Some capabilities to consider when examining SASE solutions include:

  • Intrusion prevention systems
  • Firewall as a service
  • Malware prevention
  • Data loss prevention
  • Obfuscation and privacy
  • Web filtering
  • Secure web gateway
  • DNS protection

5. Analytics, visibility and telemetry

SASE solutions require organizations to hand over the measurement of user experience and security policy enforcement to a vendor. A good SASE solution includes a robust set of analytics-driven capabilities that give organizations visibility into the user experience and provide telemetry on how well security capabilities are protecting against threats.

Not only is this information necessary for effective IT operations, but it also helps build confidence in a SASE solution. It assures IT that they still have the visibility into performance and security that they're used to. 


These evaluation criteria are helping our customers make the right decisions for their organizations today. However, SASE continues to evolve rapidly. Non-traditional players are entering the market and traditional vendors are expanding their offerings. 

As SASE evolves, we'll continue to share insights based on our work with customers in our Advanced Technology Center where we're helping them prove out SASE solutions based on their business requirements. 

You can also check out our  SASE briefing. This briefing is designed to help you better understand all the criteria to consider when evaluating SASE solutions.

If you're ready to get hands on with SASE, we have virtual, on-demand labs for Cisco Umbrella, Netskope, Palo Alto Networks Prisma Access and  Zscaler Internet Access

Explore more in a hands-on environment