The need for unity 

When Gartner coined secure access service edge (SASE) in 2019, the concept immediately sparked excitement due to the architecture's potential to integrate network traffic and security policies. SASE promised ubiquitous threat and data protection as well as ultra-fast, direct network-to-cloud connectivity.  

Following the introduction of SASE to the market, many vendors quickly expanded their offerings through acquisitions so they could claim that their solutions aligned with SASE criteria. Unfortunately, components of solutions didn't necessarily work together.

Although solutions can check all the SASE boxes, it's important to distinguish between single-vendor and unified offerings.

Think of it like two teams in different departments of your company under separate management working on the same project.

Project direction trickles down through individual managers without a form of direct communication. Teams don't use collaboration tools such as SharePoint which means sharing work requires additional overhead and manual intervention. Changes made by one team don't automatically update for the other. Even though teams are working on the same project, they're not working together. 

As SASE grew in popularity, the same problem began to emerge. A solution might mature networking or security capabilities but didn't necessarily bring the two sides of SASE together to simplify management and enhance performance. 

Only now are we beginning to see offerings that truly connect the many components of SASE to deliver a unified solution. 

The rise of single-vendor SASE 

In 2023, Gartner spotlighted single-vendor SASE solutions. The research and consulting firm characterizes single-vendor SASE as a vendor owning or directly controlling core product capabilities of connectivity and security such as:

  • Wide area networking (WAN)
  • Remote access
  • Zero trust network access (ZTNA)
  • Secure web gateways (SWG)
  • Cloud access security brokers (CASB)
  • Data loss prevention (DLP)
  • Digital experience management (DEM)

Gartner forecasts a significant increase in the number of vendors with single-vendor SASE offerings, emphasizing the market's evolution. 

However, it's crucial to note that the market for single-vendor SASE is evolving rapidly. While some vendors are beginning to showcase portions of a unified solution, many still use multiple products and consoles. 

Several use cases were considered in Gartner's single-vendor SASE assessment. No two use cases had the same top vendor or the same bottom vendor in their rankings, thus highlighting the varied maturity of the vendors in this space today.  

It is clear that single-vendor SASE is not always unified SASE. 

WWT's perspective: 3 camps in the current SASE market 

At WWT, we see the SASE market diverging into three distinct categories: Multi-vendor, single-vendor and unified. We'll discuss each of these approaches, the benefits and considerations of each, as well as the unique business cases each approach solves for. 

Benefits and considerations for multi-vendor, single-vendor and unified approaches to SASE.

Multi-vendor SASE 

Multi-vendor SASE involves deploying SD-WAN from one vendor alongside secure service edge (SSE) from another, introducing a scenario in which integration can be facilitated through vendor-provided APIs. However, this is not always the case and will depend on the vendor solutions chosen.  

Benefits 

The multi-vendor approach allows organizations to choose best-of-breed solutions from different vendors for specific network and security functions. This flexibility can lead to optimized performance in each domain as solutions can be tailored to meet specific user requirements. 

For teams that are siloed this solution may show initial benefits as they can continue to operate independently, uniform to their respective SASE components. For example, network teams can operate the SD-WAN and associated connectivity components while security teams can focus on SSE components related to security initiatives.  

Considerations 

This configuration might make it complicated to monitor and manage everything as the network and security components are operating independently. Despite the possibility of achieving successful integrations, a multi-vendor approach often results in a lack of visibility across the full solution. This introduces difficulties in coordinating and integrating disparate functions as well as poses a challenge to getting systems to work together seamlessly. 

Organizations must weigh the advantages of flexibility against the potential drawbacks of fragmented oversight and interoperability concerns. Ultimately, the decision between unified SASE and the multi-vendor approach hinges on organizational priorities and requires balancing the need for integration and simplicity with the desire for tailored, specialized solutions. 

Business cases 

Businesses cases for multi-vendor SASE include:

  • Adding SSE to an existing SD-WAN (license contract)
  • Migration to uplift
  • Stakeholder preference

Single-vendor SASE 

In this solution, both SD-WAN and SSE are procured from a single vendor. We see that many vendors are beginning to provide a comprehensive portfolio of network and security functions associated with SASE. 

Benefits 

This solution offers benefits such as a single management portal and overall reduced cost of operations compared to a multi-vendor approach.  

For smaller teams that are collapsed in functionality, such as network security, there may be initial benefits as the subject matter expertise for a single vendor can be leveraged across their respective components of SASE. Additional benefits around cost can also be desirable. 

Considerations 

The network and security facets of the solution will exhibit similar disparities to the multi-vendor approach, though originating from the same vendor. Notably, these disparities manifest in separate control,  management and data planes, leading to distinct policy sets for each component.  

Separate control and management planes mean that modifications to one part of the solution do not extend to other parts. For example, a security policy deployed in the SSE cloud for remote workers might not be uniformly enforced across the network infrastructure to on-premise workers and vice versa. Similarly, separate data planes necessitate traffic engineering on SD-WAN to guide traffic over IPSec/GRE tunnels to the SSE provider. This can result in multiple overlays for network and security, each with different routes based on customer requirements.  

The single vendor model is functionally similar to a multi-vendor approach but is designed for a best-in-class solution. Thus, it may not have the same range of features as a top-tier multi-vendor SASE offering. 

Customers looking to adopt a single-vendor SASE solution in hopes that it will be unified must carefully consider their requirements and understand that it may take longer to realize a return on investment.  Investment in a unified SASE solution may take longer to realize total return on investment (ROI) or, in some cases, a Single Vendor SASE solution may never become truly unified.  

Business cases 

Business cases for a single-vendor SASE offering include:

  • Single contract model
  • Efficient subject matter expertise across a single vendor portfolio
  • Potential for integrated management plane

Unified SASE 

Implementing unified SASE introduces parallelized traffic processing, enhanced user experiences, and single visibility for both network and security. In a unified SASE scenario, SD-WAN and SSE operate under cohesive policy, architecture, and visibility. Let's dive into each of these defining characteristics of a unified solution. 

Policy 

Policy related to unified SASE offerings include:

  • Central policy
  • Unified portal (SD-WAN and security)

A single management plane signifies a streamlined and efficient approach to policy implementation. In this model, policy changes are made once and are automatically propagated to the relevant components of the network, ensuring a consistent and cohesive application of security and operational measures.  

For instance, consider a scenario where a company implements a new security policy to enhance data protection. With a single management plane on a single window or portal, the designated administrator can enact a centralized policy change for the entire organization, affecting all associated personas. 

Architecture 

Notable architectural components of a unified SASE offering include:

  • Single pass architecture through SASE PoP
  • Single overlay network (SD-WAN and security)

In this unified architecture, those policies we created are now automatically implemented across the entire network infrastructure, from SSE PoPs to SD-WAN. The orchestration of traffic engineering through a single overlay network adds another layer of efficiency. This ensures that the security posture is uniformly strengthened across all facets of the organization, exemplifying the efficiency and effectiveness of a single control plane. 

Visibility

In terms of visibility, a unified SASE offering provides:

  • Unified view
  • Unified reporting

A parallel computing approach ensures that traffic is processed and inspected simultaneously across all security and network engines. This concurrent processing enhances user experiences, particularly in the data plane. 

The convergence of network traffic visibility with security visibility serves to unify operations, providing a holistic perspective that fosters more informed decision-making. This unified approach optimizes network performance and contributes to a cohesive operational environment with comprehensive visibility, enabling organizations to navigate their network and security landscape with enhanced precision and control. 

Benefits 

In the realm of unified SASE, integrating policies stands out as a critical advantage, streamlining workflows by providing a cohesive framework for security and networking directives. The presence of a single management console enhances ease of use, offering a centralized hub for comprehensive oversight.

Training for networking and security teams is simplified under a unified system, fostering a more efficient learning curve. End-to-end visibility further reinforces the benefits as organizations gain a holistic view of their network and security landscape, facilitating strategic decision-making while streamlining incident response and troubleshooting. 

Considerations 

Some vendors are evolving their single-vendor SASE offerings and moving toward a unified approach by integrating data planes to extend the SD-WAN overlay to an SSE PoP. However, choices in the market are limited. 

Very few vendors offer single-vendor SASE solutions, and those solutions do not yet meet all the requirements to be considered fully unified. As a result, it may be difficult to find a unified solution that has all the features that an organization may require, either in the network or security components. 

There are also concerns about the potential "lock-in" associated with a single-vendor license, raising questions about flexibility and adaptability in the face of evolving organizational needs.  

Despite these considerations, the unified SASE approach remains an enticing prospect for those seeking streamlined management and comprehensive visibility across their network and security infrastructure. 

Business cases  

Business cases for a unified SASE offering include:

  • Simplified operations and workflows
  • Simplified training
  • Integration of network and security teams

Conclusion 

Let's return to the analogy of two teams working on the same project but now they have adopted a unified approach. Teams are now collaborating within the same department. They benefit from streamlined management with a single manager overseeing the project. Access to a collaborative platform like SharePoint fosters unified control, ensuring seamless visibility into team members' work. Automatic updates across the organization for changes made to the project further contribute to a cohesive workflow. 

This unified approach to a basic business problem simplifies management, creates greater visibility and ultimately drives a better user experience. It's easy to see that applying a similar unified approach to your SASE solution can have comparable benefits. 

While robust unified SASE solutions are still on the horizon, vendors with single-vendor SASE solutions are actively working towards this goal. Each vendor faces unique challenges, and organizations considering a single-vendor SASE solution should set up a SASE briefing and proofs of concept to align specific requirements with the network and security aspects of their business. 

As the SASE landscape evolves, careful consideration and strategic planning will be crucial for organizations aiming to leverage the benefits of unified SASE. 

Explore the evolving SASE market with one of our experts.   SCHEDULE A BRIEFING