From a societal perspective, the year 2020 will be known as the year of COVID-19. In networking, 2020 will be remembered as the year of secure-access service edge (SASE), which builds on software-defined WANs (SD-WANs). The shift from a legacy network to an SD-WAN is the biggest evolutionary shift in networking in more than 30 years and brings unprecedented levels of application resiliency and network agility. However, as powerful and transformative as SD-WANs are, the technology doesn’t help better secure the network.
SASE makes securing the network easier because it converges network and security technology. Instead of deploying the network and then implementing security as an overlay to it, SASE offers an “integrated stack” where security becomes a set of network services that are either cloud delivered, or cloud managed. With legacy networks, the overlay model worked as the network had very few, or often just a single, point of ingress and egress, making security straightforward.
SD-WANs drive the need for integrated security, aka SASE
With SD-WANs, organizations are implementing direct cloud connectivity, which requires localized security. Also, many organizations are using SD-WANs to connect home workers and that also requires better security. One solution is to deploy a local firewall at each location; that approach works for locations with a large number of workers but becomes cost-prohibitive for branches and certainly for home workers. SASE solves this problem, because the cloud management capabilities give customers centralized control of on-premises security, and smaller locations can be protected with cloud-resident security tools.
Roll your own or best of breed? That is the question
The vendors offering SASE are now forced to make a tough decision. Build your own security stack or leverage partners? Some of the SD-WAN providers have chosen the latter strategy, and that might have some short-term advantages because it enables the service provider to get a solution to market quickly. However, many customers I’ve interviewed are hesitant to use security systems that aren’t delivered from a market-leading company. This makes sense given the critical nature of cyber security.
Masergy chooses market-leading security partners
One managed service provider that’s chosen the best-of-breed approach is Masergy, which announced its SASE capabilities this week. The company has been a leader in the area of SD-WAN with its AI-driven WAN that brings AIOps to the next-generation network. Now it’s expanding its SD-WAN Secure solution to offer SASE services. Instead of building its own security tools, Masergy has chosen to leverage best of breed-of-breed security vendors to round out its offerings.
Details of the Masergy SASE offering are as follows:
- Cloud firewalls in all global points of presence (POPs) powered by Fortinet: Masergy has a number of global POPs where it will offer cloud resident firewalls using Fortinet’s FortiGate next-generation firewall (NGFW). Cloud firewalls are fast and easy to deploy and provide corporate-class threat protection to sites that are as small as a single person. It’s important to note that Masergy will continue to offer its edge-based service for users that prefer an on-premises appliance. This hybrid approach provides customers with threat protection where they want it, without the associated complexity of managing a highly distributed environment.
- Cloud access security broker (CASB) service: CASB helps organizations monitor and track cloud traffic. This is critical in an era where shadow IT has run amok, particularly since COVID-19 has created a surge in lines of business scrambling to find the best SaaS service to enable effective work from home. Masergy has chosen to leverage Bitglass as its CASB solution.
- Secure web gateway (SWG): Organizations use SWGs to protect the network at an application level and should be a core component of SASE. For this service, Masergy is also using Fortinet as the solution provider.
- Application controls and content filters: In addition to SWG, Masergy is offering per-application and per-user visibility with its identity-based WAN analytics.
- Zero trust network access (ZTNA): Masergy has built a robust ZTNA offering that includes key features such as single sign on, authentication and authorization based on user, device and location.
Both Fortinet and Bitglass are in the leader’s quadrant of their respective Gartner Magic Quadrants (MQ). Fortinet is also the infrastructure provider for Masergy’s SD-WAN and it is a leader in the Gartner WAN Edge MQ. Fortinet, in particular, is one of--if not the--leading cybersecurity vendors with a leadership position in, I believe, seven MQs. It will be very difficult for any SD-WAN / SASE vendor to accomplish this feat, giving Masergy a leg up on those that choose to build their own. Most customers that take a do-it-yourself approach to SASE might find assembling all these pieces a daunting task, but Masergy simplifies things by embedding the technologies into the network fabric and enabling the service to be managed online with network and security analytics in a single portal.
Historically, about 25% of customers used a managed service to operate their WAN, but SD-WAN and SASE have changed things. While it enables the user to do more and provides more capabilities, deployment is complex. I’m expecting to see a sharp rise in the number of organizations that choose to use a managed service for SASE moving forward.
Masergy’s best-of-breed approach gives its customers all the benefits of market-leading vendors without the associated complexity of trying to stitch things together themselves.
Zeus Kerravala is an eWEEK regular contributor and the founder and principal analyst with ZK Research. He spent 10 years at Yankee Group and prior to that held a number of corporate IT positions.