Summary Bullets:
• Enterprises like the idea of SASE, but zero trust is often more relevant to their business needs.
• Many enterprises feel they are not ready to implement either framework.
Secure access service edge (SASE) and zero trust network architecture (zero trust or ZTNA) are two of the go-to technology trends in the networking and security space at the moment. They grab attention because the idea of bringing network and security policies closer together is appealing to enterprises and often forms part of their IT strategy. The catch is that network and security convergence is often part of enterprises’ longer-term strategy (i.e., not before 2025), and it is often a vague aspiration rather than a definite plan.
GlobalData has spoken to multiple enterprises about both frameworks regarding whether these are terms they recognize or find useful and which one is more relevant to their business. The short answer is that both terms are recognized by almost all enterprises and have relevance.
SASE speaks to enterprises’ desires to better secure their WAN and cloud access environments as they move toward cloud networking as well as their desires for networking to be just another part of their application estate rather than a separate piece of the IT puzzle. However, the companies that GlobalData has spoken to also feel they are not yet prepared either from a technology point of view or at a corporate/personnel level to attempt to deploy an SASE solution – at least not beyond integrated SD-WAN and firewall solutions – and even that is uncertain.
Enterprises are increasingly willing to move away from the traditional big-name vendors in network technology and to switch between vendors for their overlay solutions (e.g., SD-WAN). When it comes to security, there is often less willingness to deviate from the already known and trusted. Enterprises tend to have their preferred technology partners across the security stack, and the risk of changing and getting it wrong is often seen as too much to bear. Furthermore, network and security teams/managers are usually still separate within enterprises, and achieving harmonization between both sides is often difficult.
Zero trust paints to a slightly different picture. It speaks to improving security in networks that are being accessed by a growing number of devices (e.g., as a result of IoT devices or bring-your-own-device working policies), and more often by people outside the corporate environment (e.g., as a result of hybrid working policies). The need to regulate which data can be accessed from which device and from which location is critical for both security and regulatory reasons.
This connection to immediate business needs means that most enterprises view zero trust as a more immediate priority than SASE. The importance of zero trust will only grow as digital transformation projects begin to connect even more devices to networks and/or the internet.
However, despite its importance, confidence in deploying a zero trust framework remains low. Enterprises are concerned that if incorrectly configured, it will either lead to false confidence or be overly restrictive and create a negative working experience for employees. As a result, spending on security and network consulting will increase.