SASE success: Avoid confusion and embrace a single-vendor solution

In the recent Gartner® Hype Cycle^TM for Zero Trust Networking, 2023 report, which evaluates the current status of 19 of “the most relevant and hyped” zero-trust technologies, the cybersecurity industry analysts made a somewhat startling pronouncement about secure access service edge (SASE). They wrote that “SASE is in the Trough of Disillusionment, due to exaggerated marketing by many technology vendors.”

Fortinet

Figure 1: Gartner, Hype Cycle for Zero Trust Networking, 2023, 18 July 2023

According to Gartner, a technology falls into the Trough of Disillusionment when “the innovation does not live up to its overinflated expectations, [and] it rapidly becomes unfashionable. Media interest wanes, except for a few cautionary tales.”¹ The Hype Cycle allows you to make assumptions about the future and is research I look forward to reading every year. As a SASE product professional at one of the most prominent cybersecurity technology companies in the world, you can bet the fact that SASE was in the Trough of Disillusionment caught my attention.

There are vendors that over-promise and under-deliver with SASE solutions. We want our customers, prospects, and the industry to know that we are not laying it on a bit thick about our offerings. In fact, we feel we are doing more than our part to pull SASE out of the Trough of Disillusionment. 

To fully appreciate our position, allow me to go back to basics by explaining what SASE is, then examine why Gartner has placed it in the Trough of Disillusionment category, and finally, showcase why our SASE solution delivers on the technology’s promises. 

What is SASE?

Many believe, me included, that SASE is the future of enterprise cybersecurity because it provides converged network and security capabilities. SASE supports multiple secure access use cases—such as private applications, cloud applications, and SaaS applications—with flexible connectivity options across any user, branch, campus, microbranch location. When deployed properly, a SASE offering like the one Fortinet provides, improves an organization’s network visibility, agility, performance, and security.

SASE is delivered as a service and made up of a combination of these key building blocks:

1. SD-WAN (software-defined wide area network) 
2. Secure web gateway (SWG)
3. Cloud access security broker (CASB)
4. Zero-trust network access (ZTNA)
5. Firewall-as-a-service (FWaaS)
    

Previously, an organization interested in SASE would purchase SD-WAN from one vendor, CASB from another, and all the other security elements from yet another company. The industry quickly realized this approach created a lot of complexity because it required IT teams to procure, deploy, and manage disparate solutions that often didn’t work well together. 

Single-vendor SASE emerged as the ideal approach because it leverages a single vendor to deliver all SASE functionality under a single, unified management console, thus avoiding complexity, additional expenses, and latency. Since they don’t need to connect and manage a bunch of products, IT teams can focus on driving additional business outcomes. 

In the Hype Cycle, the authors say that SASE is central to “modern digital business transformation, including work from anywhere and the adoption of edge computing and cloud-delivered applications.”² The analysts also state that SASE “dramatically simplifies the delivery and operation of critical network and security services mainly via a cloud-delivered model.”³

Why the trough of disillusionment?

So, if SASE is such a groundbreaking technology, why is it in the Trough of Disillusionment? In short, because it’s hard to execute well. According to Gartner, SASE’s current market penetration is between “5% to 20% of target audience.”⁴

There are networking vendors and cybersecurity companies, but very few specialize in both, a necessity for SASE. Often, a vendor will specialize on one component and work with different suppliers to address the other elements. (Some even make the claim that they have a single-vendor SASE solution while selling unintegrated components.) However, cobbling together technologies from different vendors is exceedingly challenging. Imagine trying to build a car using scavenged parts from Subaru, General Motors, Volvo, Mercedes, and Lamborghini.

Similar to a makeshift automobile, many SASE vendors have poorly integrated elements that require multiple dashboards and consoles. This complexity makes managing their SASE solutions complex and cumbersome. This is the primary reason why numerous SASE solutions fall short of expectations, depriving customers of the true benefits of a well-designed SASE solution. 

Additional Hurdles and How to Clear Them
We’ve concluded that a lack of true convergence is the main reason Gartner placed SASE in the Trough of Disillusionment. It lists several other potential obstacles to a successful SASE deployment. Let’s take a closer look at a few.

Cross-team collaboration: In the Hype Cycle, Gartner states that “a full SASE implementation requires a coordinated and cohesive approach across security and networking teams.”⁵ I agree. It’s important for networking and security teams to work together. CIOs and CISOs need to lead the charge to unite their teams and deploy single-vendor SASE. Fostering cross-team collaboration has been top of mind for the C-suite members I’ve spoken with recently.

Understanding SASE is a journey: Because SASE touches so many technologies, it can be daunting to understand where to start. This is especially true if you’re already using several solutions from different vendors on different reset cycles. The first step is for your team to decide on a single vendor, then you should develop a plan to transition capabilities that compose SASE (see the list of key technologies above) to a single vendor based on current licensing. 

Skills gap: Another significant challenge for many organizations wanting to adopt SASE is the skills gap of their security professionals. Reaching the competency levels for all the technologies from multiple vendors can be extremely difficult for individuals. Training is a lot quicker and easier if organizations use a single-vendor approach because all the SASE components should work seamlessly together and can be managed from the same console with unified agent/client. 

The cloud: While many organizations have embraced the cloud, especially with the rise of work from anywhere (WFA), some companies must keep all their data and systems on-premises because they deal with highly regulated data or must meet strict compliance standards. A SASE solution should empower customers with the flexibility to manage their solution across the cloud and on-premises. 

Inexperienced vendors: The technologies that comprise SASE aren’t new, but converging the networking and security features into a single SASE solution is not commonplace. And SASE is continuing to evolve to address new threats and use cases. Many vendors make claims they can’t back up, and if they can’t deliver on the basics, they certainly won’t be able to keep up with SASE as it continues to mature. It’s best to engage with a SASE vendor that has a track record of innovation and one that is continuously updating their SASE solution with upgrades and the latest capabilities.

Global coverage: SASE solutions can offer cloud-delivered security services through SASE locations, which are physical data center locations with the hardware needed to complete security checks and ensure connectivity. Because of this, it’s critical to choose a SASE vendor that has a strong SASE location network. It’s just as important for a vendor to have a global presence and round the clock support model with strong SLAs. 

Fortinet: the single-vendor SASE solution that delivers
Unlike organizations that must cobble together all SASE elements, Fortinet has strong, homegrown offerings across networking (SD-WAN) and security (ZTNA, CASB, SWG, and FWaaS). This means we can offer a solution that delivers on all SASE elements with a single management console, AI-powered security, and a unified agent. We have a strong track record of partnering with customers along their individual SASE journeys and continuing to innovate our solution to address new use cases. 

Learn more about our single-vendor SASE solution and how it will keep your organization out of the Trough of Disillusionment here. 

1, 2, 3, 4, 5 – Gartner, Hype Cycle for Zero Trust Networking, 2023, 18 July 2023. 

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, Hype Cycle is a registered trademark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request here.