SASE portfolio vs. SASE platform: What is the difference?

What is SASE? 

Secure Access Service Edge (SASE) is an enterprise architecture technology that extends the security perimeter to wherever an enterprise needs it to be. It’s gradually being deployed worldwide to improve security and provide a unified, cloud-based network within organizations, while converging network and security into a cloud-native architecture, improving organizational performance and reducing IT overhead. The term was coined by Gartner in 2019, and since then adoption has grown, with organizations all over the world beginning to understand its worth. It is creating an architectural shift that is transforming the way networking and security capabilities are delivered to optimize security with the increase in attacks across all sectors and industries. Not only does it boost an enterprise’s security, it reduces cost and simplifies management.

SASE is particularly valuable with the shift to a hybrid workforce, where many employees continue to work remotely, 52%, in fact, have voiced their preference for a flexible working model). Legacy VPN and remote access solutions suffered from poor performance and failed to bring the full suite of security capabilities needed to protect remote users.  SASE enables exactly this, as it optimizes traffic to any edge while monitoring for and detecting any threats.

The growing number of security requirements has increased the difficulty for IT and security teams in finding a platform that can cater to their organizations’ needs without racking up immense cost. In addition, integrating and managing various solutions is time consuming and can cause issues in the long wrong. By implementing SASE, IT teams are able to adopt and integrate a single solution for all their security needs while also reducing management time.

That being said, SASE is still quite a ‘new’ concept, and with the growing desire for its integration, many vendors are claiming they provide a ‘SASE’ platform. This should not be confused with the SASE portfolio, which does not allow organizations to reap the same benefits.

SASE Platform

A SASE platform specifically refers to cloud-convergence and providing one singular console for various common functions. This allows organizations to more easily reach their business objectives and creates operational simplicity by easily integrating into existing systems. In fact, Gartner goes so far as to say that the differentiation between both approaches is the key to the efficiency of a “real” SASE solution. According to the report, companies should “include other security components (like data definitions, malware engines, etc.) in [their] assessment and whether [they] can use them without having to redefine them….”

SASE Portfolio

SASE portfolio can be defined as a ‘one-stop-shop.’ It consists of completely unintegrated or only lightly integrated products. It utilizes multiple consoles with little to no integration or synergy and leverages a legacy approach. As such, it will not fulfill any or the promised advantages of consolidation, and will not provide the same advantages as a SASE platform.

The key to a SASE platform is the cloud-based delivery, as this is essential for achieving the operational and security benefits advertised. By implementing a SASE platform, enterprises are able to maintain and monitor their systems around the clock without the added responsibility and cost, as the cloud provider takes over operational tasks. With the dispersed, hybrid workforce, a SASE platform provides organizations with the ability to support and protect their employees from anywhere. SASE portfolio, on the other hand, does not allow organizations to address any IT challenges in their business environment.

As a matter of fact, a survey conducted between approximately 2,000 IT leaders and 1,000 channel partners indicated that there is very little difference between enterprises that adopted SASE portfolio and those that did not. For example, in response to how they would react to performance issues with cloud applications, 67% of SASE users claimed they would still add bandwidth, while a similar amount (61%) of non-SASE users agreed. In addition, 19% of SASE users claimed they would still purchase WAN optimization appliances. The SASE solutions used by the respondents involved multiple products and components that were integrated into a portfolio. As such, these only brought some improvements over legacy architectures, meaning the benefits were slim in comparison to those achieved with a “true” SASE platform. This is because SASE benefits are the result of rethinking security and networking architectures by converging them in the cloud, which is where SASE portfolio is lacking.

Ultimately, with the rise in attacks and evolving threat landscape, organizations are searching for security solutions that are easy to integrate, manage and provide robust coverage when it comes to protection and monitoring. IT teams are needing to choose a platform that can answer the business’s exact needs, without complicating the process. If an organization decides to implement SASE, it is vital to evaluate the vendor and solution before proceeding, otherwise it risks missing out on some key advantages. This involves assessing how integrated the consoles are for management and monitoring as well as how consolidated the platform is. Multiple consoles and definitions are a prime warning that the solution uses a portfolio approach, and should be evaluated carefully.

About the Author

Etay Maor is Senior Director, Security Strategy at Cato Networks. Cato provides the world’s most robust single-vendor SASE platform, converging Cato SD-WAN and a cloud-native security service edge, Cato SSE 360, into a global cloud service. Cato SASE Cloud optimizes and secures application access for all users and locations everywhere. Using Cato, customers easily replace costly and rigid legacy MPLS with modern network architecture based on SD-WAN, secure and optimize a hybrid workforce working from anywhere, and enable seamless cloud migration.

Featured image: ©denisismagilov