Will 2022 be the year that SASE comes of age?

Will 2022 be the year that SASE comes of age?

When Gartner coined the term secure access service edge, it sounded just like what security needed. Now, SASE has emerged as a customer priority.

Imagine a cloud-native security offering that reduces complexity and provides secure access to any applications from any location, effectively converging security with WAN infrastructure. That is what we believe Gartner did in 2019, calling it secure access service edge (SASE). This architectural approach forced IT to rethink how networks and security intersect as organizations change the way they connect their hybrid workforce to applications and data resources. There was just one problem: SASE at the time did not exist.

Two years later, Gartner analysts Gaspar Valdivia and To Chee Eng wrote, “Convergence of WAN edge functionality, specifically SD-WAN, and eminently cloud-based security functions into a SASE framework is the most ‘vigorous’ trend coming out of 2020.”

Since then, SASE has gained industry traction and is being viewed by customers as a vital approach to secure access to applications from any location and is especially relevant to today’s hybrid work environment. Still in its infancy, SASE continues to evolve as customers look to leverage capabilities and existing offers.

Security vendors including Cisco have been working to enhance existing approaches to deliver more of the benefits of SASE. Foremost among these is the idea of a zero-trust network. In a SASE architecture, anything that connects to the network is subjected to identity authentication, access control, and other standard threat detection procedures.

This idea could not come at a better time for the security community.

According to the European Union Agency for Cybersecurity’s Threat Landscape 2021 report, “Cybersecurity attacks have continued to increase through the years 2020 and 2021, not only in terms of vectors and numbers but also in terms of their impact.”

One of the drivers for growing threat sophistication is “the transitioning of traditional infrastructures to online and cloud-based solutions, advanced interconnectivity and the exploitation of new features of emerging technologies such as artificial intelligence,” says the report.

These are the very trends that SASE is supposed to offer protection for. It is therefore not surprising that companies are rushing to invest in SASE architectures.

In July 2021, for example, research by Cisco Investments found 98 percent of organizations “see clear and defined benefits of SASE” and zero-trust network access was a top spending priority for 42 percent of those questioned.

One challenge for these network chiefs is that SASE is still evolving. Transition to a complete SASE model will take time. Solutions with flexible deployment options are needed to meet organizations wherever they are in their SASE journeys. Gartner predicts that by 2025, at least 60 percent of enterprises will have strategies and timelines for SASE adoption.

That said, many of the ingredients of the SASE recipe are already in place. And Cisco, for instance, offers all components of a SASE architecture, including software-defined WANs, cloud security, zero-trust network access and observability.

Deploying these tools can already lead to measurable levels of threat reduction, according to the latest Cisco Secure Security Outcomes Study. “Organizations that claim to have mature implementations of zero trust or SASE are about 35 percent more likely to report strong SecOps than those with nascent implementations,” the research found.

Going into 2022, SASE will continue to be a customer priority as solutions mature. For those who deploy its various components, whether separately or together, the promise of direct and secure access to applications hosted anywhere, is possible.