Chief Strategy Officer at Netskope.
Hindsight is an easy thing to talk about, but for the sake of argument, let’s remember where “cloud computing” was 20 years ago and what “zero trust” was 10 years ago. Each was an emerging term, unspecific, complicated to explain, inspiring lots of skepticism from longtime technology practitioners, and creating lots of confusing marketing from technology vendors trying to take advantage of the buzz.
Eventually, both terms joined the permanent lexicon of tech, in no small part because what made them necessary caught up with how the technology was evolving to meet the vision they described. Mainstream adoption followed from there. Now, even the President knows what cloud and zero trust are and why they’re important.
Today, much like how those terms started out, we’re beginning to talk about secure access service edge (SASE). SASE is an emerging architectural framework—a blueprint for how to design networks and security in an era where work is hybrid, enormous volumes of data move across networks everywhere and users access that data and their work resources from almost anywhere. Zero trust principles need to be applied throughout that architecture to ensure it’s as secure as it can possibly be. Security also can’t be an inhibitor. Security controls can’t degrade network performance and user experience; otherwise, the whole effort is wasted.
That’s a lot to think about. But it’s here. In previous Forbes Tech Council columns, I described why security service edge (SSE)—the “security side” of SASE—marks the biggest change security people have seen in over a decade, and also will for the next decade. SASE isn’t just “coming,” it’s here. Gartner predicts that “By 2025, 65% of enterprises will have consolidated individual SASE components into one or two explicitly partnered SASE vendors, up from 15% in 2021 [and] by 2026, network and security vendors that are unable to deliver a compelling SASE offering will be relegated to niche market opportunities.”
In other words, vendors in this space that can’t offer true SASE will find their opportunity getting smaller and smaller.
Architecture Meets Efficiency
There’s another reason SASE is about to have its big moment. Security in the last decade went mainstream in the wake of many high-profile breaches and became a C- and board-level imperative. Money flowed. Teams bought product after product to attack various security challenges (and the other technology challenges those products sometimes helped create), all while getting steady, significant increases in people and budget. But today, with potentially recession-like conditions, many technology buyers are being asked to get more efficient with their technology spend and more judicious with how their budgets are used and how many technology vendors they do business with.
That sounds logical, but think about it: Most have never had to do this for cybersecurity before. This isn’t to say all security leaders have had unchecked, runaway budgets; they’re just not used to a time when they’re being asked to consolidate their tech stack, look hard at what they’re not utilizing in licenses, modules, compute capacity, endpoint devices and many other line items and make cost-conscious decisions about what my colleague Neil Thacker often refers to as the “spend or save our way out of this” challenge.
The push for efficiency inevitably leads to a discussion about how the technology stack should be architected, and from there to a model for how to do it right. That model is SASE, not because the SASE concept is flawless (hardly the case) but because it’s the most credible blueprint available today for how to address the growth of cloud adoption, the need to protect data wherever it goes and the omnipresence of security threats, all at once. Teams are necessarily turning to SASE because it’s the architecture for today that also sets up the next 30 years of networking and security.
How Many Vendors Will We Need For SASE?
This is the SASE question I hear most often throughout my regular meetings with technology leaders (other than “Is this actually a thing?”). In a recent market guide, Gartner predicted that single-vendor SASE will rapidly come on the radar, with 50% of new SD-WAN purchases and one-third of new SASE deployments based on a single-vendor offering by 2025.
To me, this feels less certain, which might sound a little “dirt off your shoulder” coming from the only vendor highlighted by Gartner both as an SSE leader and in that guide to single-vendor SASE. But I’ve also been a technology practitioner for over 30 years. The idea of vendor consolidation isn’t exactly new, but all enterprises today have mixed-vendor technology environments and have already sourced SASE components such as SD-WAN or zero-trust network access from different vendors. All of that technology doesn’t get changed—all those vendor agreements don’t end—in a week or even in a year.
Long term, single-vendor SASE will be the norm; today, there are very few vendors that can offer it, though many more will claim to.
Short term, all technology vendors will best benefit their customers by ensuring that SASE is a journey, not a rip-and-replace solution. The move to consolidate vendors will, in most cases, happen over several years, or longer, with true differentiation in capabilities and a clear-eyed assessment of customer needs becoming what separates the contenders from…well, the other folks.
It will be worth the journey.
Agree with me? Want to argue about this? Connect with me on LinkedIn and let’s discuss.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?