Security and networking vendors were quick to adopt Gartner's SASE terminology, but it's still a struggle to find one single vendor that provides a complete SASE package that's also simple to deploy and manage, according to Verizon's Vincent Lee.
"The ideal is one vendor, right? That's the ideal, we all agree with it. But at least for enterprise customers, we'd haven't found a single vendor solution that meets their needs yet from a SASE perspective," says Lee, who is the director of the Secure Network as a Service for Verizon Business.
SASE definitions vary widely
Each vendor, service provider, customer, etc. has their own take on the definition of the Secure Access Service Edge (SASE), which makes it difficult to find a one-stop-shop that provides a full SASE suite, explains Lee.
"Gartner describes what SASE should be – at a very high level it's network plus security with an integrated experience," says Lee. "I break that down one level – by 'network' they really mean 'SD-WAN,' security focuses on secure web gateway, and with 'integrated,' I'll replace that as 'an easy button.' "
"Everyone has their own twist to what SASE is or is not," says Lee. "Zscaler is a perfect example. They have absolutely no SD-WAN capability whatsoever, and they still portray themselves as a SASE solution." However, Lee points out that Zscaler does partner with many SD-WAN providers to deliver an integrated SASE service.
That being said, Lee recognizes that much of the industry – both vendors and services providers alike – is still working toward a complete, simple-to-deploy SASE service.
Verizon's approach to SASE
The lack of what Lee calls an "easy button" for SASE means Verizon's initial managed SASE service was built from SD-WAN, secure web gateway and zero trust technologies from a variety of vendors, such as Cisco's Viptela, Zscaler, Palo Alto's Prisma Access – in addition to Verizon's own software-defined perimeter technology.
Verizon is "constantly being asked to expand the portfolio," says Lee, and has since added in SASE services from long-time SD-WAN partner, Versa Networks. Lee says Verizon uses Versa's SASE service for organizations seeking a single vendor provider for SASE, but "it's still not quite the simple or the easy button that customers are looking for."
"For our mid and long-term [SASE] strategy, we've begun investing in what can we bring to the core network, from a security perspective," says Lee. One example of Verizon's effort to develop more SASE services in-house is in the service provider's own DDoS platform that Lee says is "carrier agnostic."
In addition, Verizon is investing in Software-Defined IP which provides a "secure local Internet breakout at our PoP … customers will be able to leverage broadband instead of the expensive Ethernet to get into our private IP network," adds Lee.
While Verizon is building out its own SASE features, Lee says there are customers who are often pre-disposed to working with a specific vendor, so the service provider will continue to work with third-party vendors on SASE as well.
SASE still stuck into a marketing quagmire
Even within a customer's organization, the networking and security departments have their own preferences on vendor selection. In addition, with the pandemic, many IT teams doubled down on their existing investments with their preferred networking and security vendors, says Lee.
"A year ago, we did a CISO exchange with Fortune 500 companies. I presented to them on SASE and I asked point blank 'Is SASE relevant to you in making a purchase decision?" And overwhelmingly, they came back that "SASE is a marketing term for us, not really mature enough to pivot our roadmaps.' Now, they all expect that to try and get there, but for now that's the state."
In fact, a recent survey by Versa Networks found that of the companies that haven't yet adopted SASE or don't plan to, 26% said they are focused on other priorities within their organization and another 26% said they lack the budget to invest in new technology.
In telecom timing, it's still early days for SASE, which was only coined in 2019. There's still hope the industry can settle on one definition for SASE, and also move out of marketing buzzword purgatory – MEF recently expanded its 3.0 framework to include SD-WAN standards and define Secure Access Service Edge (SASE) services. MEF is developing certifications for SASE and the organization released MEF W117 to define SASE further and create a framework to standardize SASE services based on MEF's current standardization work on SD-WAN, security and automation.
In the meantime, Verizon's Vincent Lee might have to wait until next Christmas to find a SASE easy button in his stocking.
- MetTel CTO Ed Fox on clearing up confusion around SASE
- Omdia's Rik Turner on cloud permissions management
- SD-WAN and security come together like PB&J, says AT&T VP
— Kelsey Kusterer Ziser, Senior Editor, Light Reading