The evolution of SD-WAN and promise of 5G are moving operators and SASE vendors closer together
As operators evolve enterprise portfolios to include not just advancements in SD-WAN but also leverage massive investments in 5G to support enhanced workforce mobility, security has come into sharp focus. Layer in not just the larger transition of enterprise workloads into the cloud, operators’ own moves to deliver network functions in the cloud, and security specialists embracing a flexible cloud-based approach, and what’s happening is operators and SASE vendors find themselves working together increasingly closely.
To set a baseline, read the article, “What is SASE?”
Operators taking a partner-driven approach to SASE
To contextualize the pace and need for a partner-driven approach in a complex enterprise IT environment that combines networking, security and managed services—a potentially workable definition of SASE—let’s take stock of notable tie-ups. In June 2021 Verizon Business announced its Advanced SASE solution described as “merging SD-WAN capabilities with hybrid network connectivity and security services to create a unified, cloud-delivered service able to meet the increasingly complex digital demands of enterprises.” Verizon’s product incorporates technologies from specialist firms, including Cisco, Palo Alto Networks, Versa Networks and Zscaler.
In January, VMware made an agreement with BT wherein the latter will offer the former’s SASE as a managed service that emboldens the operator’s existing enterprise networking line of business. Features covered by the partnerships range from URL filtering and in-line cloud access security broker to content filtering and zero-trust network access.
In March this year, multinational telco Orange’s integration arm Orange Business Services incorporated Fortinet’s Security-driven Networking tech into its telco cloud infrastructure. The companies characterized the move as necessary in the “work-from-anywhere” paradigm that emerged during the COVID-19 pandemic. Fortinet described the new SASE offering as providing “the foundation for cloud-native transformations at scale for improved business agility and resilience.”
In May 2022, AT&T Business went to market with its SASE product alongside Cisco Meraki described by the operator as a “new managed service [that] helps organizations improve network performance, enable resilient access and defend sensitive data.” AT&T called out its ability to scale its service to meet the needs of large and small- and medium-sized enterprises. The duo also have complementary services covering managed Wi-Fi, zero-trust remote network access and secure web gateways.
Evidenced by the scope of some of these agreements, it’s no surprise that the SASE market is booming. Research firm Dell’Oro Group earlier this year tracked 37% growth in 2021 to around a $4 billion market. In August the the company projected the total SASE market will pass the $13 billion mark by 2026; this analysis breaks SASE into SD-WAN and Security Service Edge (SSE) with the bulk of revenue growth coming from SSE products firewalls-as-a-service, zero-trust network access, secure web gateways and cloud-access security broker.
Read this article for the basics of Security Service Edge.
Dell’Oro Group Research Director Mauricio Sanchez noted the role of SASE in enabling hybrid work environments. Enterprises “need a different approach to connectivity and security,” he said in a statement. We anticipate that security will increasingly be the driver and lead SASE’s SSE to exhibit over twice the growth of SASE’s SD-WAN.”
SASE could be a $13 billion business by 2026 but the channel model is changing
Dell’Oro published a market outlook report in August projecting the total SASE market will exceed $13 billion by 2026
The commonalities here are clear in terms of operators reaching deeper into enterprise networking by partnering up on the security piece and delivering the whole package as a cloud service. This is a departure from historical enterprise security trends and, as such, is changing the channel model.
Palo Alto Networks CEO Nikesh Arora discussed this shifting dynamic during the recent Goldman Sachs Communacopia + Technology Conference. “I think the big shift that is happening in security is the traditional channel partners were hardware resellers,” he said. “The new channel is more and more telcos and service providers, system integrators…You’re going to save money, get rid of MPLS, deploy SASE, consolidate seven vendors, put Palo Alto in. That’s not something every customer can do for themselves. That requires them to get an adviser…That adviser now is systems integrators and service providers which is not the traditional channel…So my job has been get closer to the system integrators and service providers and embed our capabilities in them.”
Big picture, Arora said, the growth in cloud security tracks the larger growth in cloud adoption by enterprises of all sizes. And, as enterprises increasingly look to the cloud, operators themselves are undergoing a major transition to move their own networks into cloud environments.
“There’s an inflection point coming, driven by everybody wanting to go to cloud,” Arora said. “If everybody is going to go to the cloud, your fundamental network architecture has to change. We anticipated the network architecture…So there’s a huge technology trend of cloud security required. It is also driving SASE, driving cloud security. So there’s a whole bunch of secular trends that are going on.”
Against this backdrop, specialist firms like Palo Alto Networks and Fortinet, among others, are selling point solutions and platform solutions. Point solutions are incorporated into multi-vendor platforms that are then brought to the end user based on organizational size, capital and preference.
Fortinet CFO Keith Jensen said during the Goldman Sachs event that, “If you’re a CISO or a CIO, you have a lot of challenges right now,” and often a platform approach is much more desirable than managing 20 or 30 point solutions; this is particularly true for small- and medium-sized enterprises. “They may actually acquire that through a service provider,” Jensen said. “They’ll look to a service provider or a MSSP to provide that consolidation so they have, call it, one throat to choke so to speak. So you really want to provide the entire spectrum.”
Regardless of the end user, Peter Salkowski, Fortinet’s vice president of investor relations, said it’s all about how “companies are looking at their networks and reconfiguring them…Companies aren’t ready to go all cloud and not all companies are ever going to go all cloud. Some of this stuff has to be delivered on-premise…As those companies go through that sort of transition of their networking, they’re reconfiguring and rethinking their security. That’s where Fortinet plays. We can play in both of those worlds.”
SD-WAN and SASE as the “cloud on ramp”
As it relates to a SD-WAN or SASE offering, Salkowski likened those solutions to effectively a “cloud on ramp. It’s how data gets onto the cloud.” Picking up this point, Jensen referenced “the second act for SD-WAN…We still see opportunities with the service providers and carriers where they may have had legacy relationships with other SD-WAN providers.”
From the carrier side, these companies are pressed to monetize 5G which will very likely come from enterprise. That means creating a continuum between 5G, both public and private networks, and more traditional enterprise product sets like SD-WAN. To that end, NEC is working with Fortinet to secure carrier 5G networks, including radio access networks, mobile edge computing nodes, local area networks and, telco and edge clouds. Fortinet CMO and EVP of Products John Maddison put it like this in a statement: “5G success and growth depends on service providers’ ability to deliver innovative enterprise-facing use cases while meeting their security requirements.”
Further indicative of the massive shifts in how enterprises consume connectivity, look at AWS’s private 5G network play which wraps up radio units, RAN and core software, SIM cards, and a variety of edge and cloud resources to run the whole thing. In June Zsclaer announced a partnership with AWS around incorporating Zscaler’s Zero Trust Exchange to secure private 5G running on AWS’s Wavelength 5G edge computing infrastructure.
Enea SVP of Market Erik Larsson provided an excellent summary on how this all fits together in an op-ed piece published by Light Reading. “Standing back and seeing the elephant as a whole, while taking a very close look at where and how the parts fit together, will help future-proof your roadmap. It will also influence your build-buy-or-partner strategies. Finally, it will give you a different perspective on the SASE competitive landscape.”
He continued: “In fact, private 5G is already impacting this landscape. There are now a small number of cloud-native start-ups offering 5G SASE. There will be more start-ups and some established vendors seeking to do the same. There will be more telecom operators who see the potential value of converting their countless thousands of local access facilities into SASE PoP and edge nodes. There will also be content delivery and cloud infrastructure vendors (i.e., CDNs and hyperscalers) who see 5G as a vehicle for developing new SASE services.”
SASE services use the following components for connectivity: software-defined WAN (SD-WAN) devices to connect sites; mobile clients, or clientless access, to connect remote users; and. shared gateways or points of presence to connect cloud resources.What is the goal of SASE? ›
The goal of SASE is to take our cloud-based firewalls (FWaaS), software-defined networks (SD-WAN), cloud access service brokers (CASB) and incorporate them all into one zero-trust model.What are the SASE competitive resources available to you? ›
- Industrial networking.
- Industrial routers and gateways.
- Industrial security.
- Industrial switching.
- Industrial wireless.
- Industrial connectivity management.
- Extended enterprise.
- Data management.
Major components of SASE are Software-defined WAN (SD-WAN), Cloud Access Security Broker (CASB), NGFW and Firewall-as-a-Service (FWaaS), Zero Trust Network Access (ZTNA), and Secure Web Gateways (SWG).What are three core capabilities of SASE choose three? ›
- Authentication Gateway Distribution. ...
- SD-WAN Functionality. ...
- Zero Trust. ...
- About the author.