A survey of 2,045 IT managers found that despite advances in technology, the majority of respondents still lack confidence in the security of their network.
the investigation was conducted by Cato Networks, a provider of a SASE (Secure Access Service Edge) offering delivered through the cloud. The results revealed that, on a scale of 1 to 10, organizations that have not passed SASE rated their ability to detect and respond to malware as three. Unfortunately, respondents who have adopted SASE rated itself as a four.
The Cato Network investigation also highlighted additional issues that, in theory, should have been addressed by a bandwidth-optimizing SASE offering. Still, 67% of respondents with a SASE platform said they would add bandwidth to address cloud application performance issues. This compares to 61% of non-SASE platforms that responded the same. A total of 19% of SASE users and 21% of SASE non-users also indicated that they purchase WAN optimization appliances.
Dave Greenfield, director of technology evangelism for Cato Networks, said the apparent lack of progress in network security is directly attributable to the fact that while each vendor claims to offer a SASE platform or service, there are a significant gap in security effectiveness. In many cases, what is described as a SASE platform is little more than a loosely coupled set of legacy network security technologies.
In contrast, there are comprehensive services where all the elements of a true SASE platform are integrated into the same cloud-based management console, Greenfield said.
The term was originally coined by Gartner and described a cloud-delivered service that brought together networking and security offerings. These offerings should include Firewall as a Service (FWaaS), Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Zero Trust Network Access (ZTNA). In fact, it is a secure software-defined wide area network (SD-WAN). Gartner initially described SASE as an ambitious technology goal, as no vendor offered a comprehensive portfolio at the time. Since then, vendors have added various elements to their so-called SASE portfolios; the problem is that some components are still missing or, if included, are handled by separate consoles.
In the wake of the COVID-19 pandemic, interest in SASE platforms has surged as organizations seek ways to better secure remote computing and work-from-home environments. In most cases, these organizations turn to SASE to replace virtual private networks (VPNs) that have known vulnerabilities and are complicated to manage.
The problem that IT organizations immediately face when moving to a SASE platform is the extent to which they want to build and maintain it themselves rather than consuming a managed service. In the latter case, they must also decide to what extent this service will be managed by the supplier or if they prefer to co-manage certain tasks. However, not all service providers allow an internal IT department to co-manage a service alongside them.
It’s also unclear how quickly SASE platforms and services will be consumed in 2022. Fundamental changes within enterprise computing environments tend to happen slowly. However, given the current level of focus on network security today, this could be the year that remote access issues drive more widespread adoption of SASE platforms and services.