Seemingly from nowhere, the concept of Secure Access Service Edge (SASE) has gone from a fairly obscure term – first coined by Gartner in late 2019 - to a philosophy dominating the conversation in 2021. Undoubtedly accelerated by the huge shifts brought on by the 2020 global lockdown, SASE has caught the attention of professionals working across the IT, network and security landscape as they prepare their post-pandemic strategies.
This report aims to explain the core concepts behind SASE, and the wider movements taking place to contextualize it. It draws upon the latest research from Gartner, as well as original and previously unpublished data from an extensive January 2021 study on the subject. This research surveyed 750 professionals working across five geographic markets (USA, UK, Australia, Germany and Japan) to better understand their perspectives and experiences with SASE. Participants held job titles at either the CXO, director or manager level, and worked in the IT, network or security departments. This report refers to the findings of this research extensively, segmenting by vertical and region to intimately analyze the nature of SASE in 2021.
About this report
presents
An introduction to Secure Access Service Edge technologies
SCROLL
Network security trends
Network security has evolved a lot over the past two decades, but in general had largely settled on a fixed set of tools needed to secure the organization. Traditional technologies were focused on either securing or enhancing the corporate network. That meant using fixed solutions like firewalls, secure web gateways (SWGs) and on-premise based software to safeguard the enterprise. For workers operating outside the physical office, remote access products like VPNs, VDI and NAC were used to try and bridge the gap, helping distributed workforces behave as if they were located on-site. The relatively small volume of remote employees and limited number of use-cases for this meant that most organizations were willing to compromise on the user experience and latency that these technologies typically deliver.
The explosion in remote working has changed the requirements for network security forever. With more – if not most – employees working outside the fortified center of the enterprise, the trade-offs made for distributed workers pose a much bigger problem. Why should employees need constantly authenticate and connect to the company network just to satisfy security requirements? The migration of applications to the cloud has compounded this, with legacy network security products performing complex and unnecessary network gymnastics to secure the connections – often needlessly routed through the corporate perimeter.
Awareness of SASE
Although the concept was only established in 2019, it has not taken long to capture the attention of IT leaders around the world. In the January 2021 NetMotion study, two thirds of IT leaders claimed to be confident of their ability to describe the core concepts of SASE.
Those working in the UK and Australia are the most familiar with the framework – or at least claim to be – while those in non-English speaking markets were much less likely to be. Only around half of German and Japanese professionals are fully aware of what SASE is. There are stark differences between sectors in the awareness of SASE. Scarcely a third of government IT workers know what SASE is, an indicator that the public sector is significantly behind the private sector in general. Healthcare (a blend of private and public in the markets studied) ranks much higher, but still lags behind other verticals. IT leaders at law firms are the most engaged with the Gartner concept, with more than 4 in 5 of those surveyed comfortable at explaining SASE, with individuals from the utilities/energy, public safety and finance sectors close behind.
1. Cloud-Based Service Architecture
SASE solutions must be delivered in the cloud
3. Central Visibility and Logging
SASE solutions provide detailed insights
into activity
2. Policy Decision Points
SASE solutions enforce policy dynamically
and locally
4. Network Security for Mobile and IoT
SASE solutions need to support far beyond
the desktop
Secure Access Service Edge or “SASE” is a term that was coined by Gartner in The Future of Network Security Is in the Cloud, published at the end of Summer 2019. Although it’s tempting to think of it as a product category, like a firewall or a CASB, it’s more accurate to consider it more like a framework or philosophy. SASE encompasses a package of technologies, delivered as a service, that are designed to support the secure access needs of modern organizations.
There is no fixed list of technologies that are or are not included within SASE, though many are frequently cited as examples of tools matching the philosophy. Andrew Lerner, a VP Analyst at Gartner, suggests that SD-WAN, SWG, CASB, ZTNA and FWaaS comprise the core abilities. IT leaders, however, may select any number of SASE technologies and begin implementing the most relevant solutions for their organization – there is not a rigid criteria for the term.
Gartner has published several research papers on this problem, out of which SASE emerges. In Emerging Technology Analysis: SASE Poised to Cause Evolution of Network Security, the paper’s authors talk about how appliance-based network security models are being replaced to ensure a better end user experience. More specifically, it states that ‘the traditional-data-center-focused hub-and-spoke model, optimal for data residing in a single location, is no longer relevant’. The legacy model for securing workers complicates design and puts strain on network performance in a world where employees can work from anywhere at any time – on any network.
5. Latency-Sensitive Security Computer
SASE solutions should embrace the edge and
minimize latency
Share of IT leaders that can confidently describe what Secure Access Service Edge (SASE) is
Core concepts
SASE places a heavy focus at the edge, securing users locally when possible and routing traffic in the most efficient way possible. It also embraces the idea of zero trust, using context-aware policy conditions to grant access on a ‘deny by default’ basis. SASE, at the highest level, concerns itself with five core principles.
of IT leaders surveyed could not confidently describe what “SASE” is. Let’s change that.
33%
NaaS
SD-WAN
WAN optimization
Bandwidth aggregation
Experience monitoring
Carrier
CDN
Network
CASB
FWaaS
WAAPaaS
Cloud-based VPN
Cloud SWG
ZTNA
DNS
Security
Understanding
SASE
Emerging Technology Analysis: SASE Poised to Cause Evolution of Network Security
By Nat Smith, Neil MacDonald, Lawrence Orans, Joe Skorup (Gartner)
Organizations have been embracing the sentiment of SASE by varying degrees across verticals and geographies. Around 12% of organizations claim to be embracing SASE entirely in 2021, up from just 1% in 2018 (Gartner) but over a quarter (26%) have no SASE operations in their IT stack today. Utilities, legal and finance (12-17%) are the industries most likely to be adopting a full SASE strategy, while once again government bodies are by far the least likely (3%).
In order to abide by the SASE framework, every networking and security solution that once lived in a box in the data center needs to instead to be delivered as a service to the distributed workforce (at the edge). The traditional bottleneck of tunnelling everything through one central on-premise ‘hub’ is therefore alleviated. SASE in practice means delivering identity-centric network security, as a service, in the cloud. SASE sits between agile users and corporate resources.
There are a number of reasons that organizations are attracted to SASE, which offers a wide range of advantages when compared with traditional approaches to network security.
Reduced complexity
Fewer appliances to
maintain and agents to deploy, equating to fewer dollars spent
Performance improvements
Latency is reduced and connectivity is optimized, without network gymnastics
Ease of use & transparency
Simple solutions that are invisible to the end-user, with minimal intrusions
Adopting
SASE
Survey: To what extent does your organization currently embrace the SASE framework?
Share of companies that are fully embracing SASE across their organization (by sector)
Improved security
Adoption of zero trust risk posture and reduced attack surface
Low operational overhead
Provides the ability to scale without infrastructure administration
Centralized policy &
Local enforcement
Decision-making at the edge without traffic hairpinning
The Future of Network Security Is in the Cloud
Neil MacDonald, Lawrence Orans, Joe Skorupa
Utilities
Legal
Finance
Healthcare
Public safety
Government
Not at all
In less than half of our technology stack
In more than half of our technology stack
We fully embrace SASE
Getting to a full SASE approach to network security is not something that happens overnight. It’s also not something that can be delivered by one vendor, despite the hype, vendor claims and rampant marketecture. This is underlined in the Gartner research ‘Emerging Technology Analysis: SASE Poised to Cause Evolution of Network Security’ by Nat Smith, Neil MacDonald, Lawrence Orans and Joe Skorup, which discusses the topic extensively: “no vendor has a single, complete, integrated end-to-end solution based upon this architecture, nor is any likely to deliver one over the next three years”.
This slow march to SASE, much like the migration to the cloud, is likely to take place over the next decade – and may not ever reach full realization. Selecting which parts of the network security stack to upgrade and when is a core strategic consideration for organizations planning their transition.
A marathon,
not a sprint
Strategic direction
The shift to SASE is a movement generally coming from IT, though in some organizations security, network or even management teams are the departments pushing the SASE agenda. NetMotion research shows that IT is overwhelmingly the most influential role, a pattern that is consistent across industries. Companies in the UK have a stronger influence from the security team than other markets, while Germany is more likely to have a network team influence. Another major cultural difference can be seen in Japan, where it is significantly more likely to have management (or non-technical team) pushing for adoption of SASE than other regions.
Survey: Which internal team within your organization is responsible for your SASE strategy?
IT
Security
Network
Other
of organizations report that the IT team is primarily responsible for their SASE strategy.
52%
Year 1
Year 2
Year 0
Year 3
Year 4
Year 5
The SASE maturity model
Gartner projects that by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE.
Hover over a point on the timeline to learn more.
15%
35%
37%
10%
4%
SASE is entirely linked with several other market trends, such as the growth in remote working or the proliferation of networks, but the biggest is the gradual enterprise shift to the cloud. More applications and resources than ever before are now being accessed in the cloud, whether it be on the public web or hosted in hybrid cloud/IaaS environments like AWS or Microsoft Azure.
Much like SASE itself, transitioning to cloud-first working has been a decades-long process. Many organizations may have started implementation of SaaS applications like Salesforce twenty years ago, yet very few businesses operate entirely in the cloud today. Different teams, departments, use-cases and apps are slowly migrated or added to the broader productivity suite, from vast enterprise Office365 rollouts to more nimble self-provisioned marketing tools. Under-standing the success rate of cloud adoption is key to contextualizing the status of SASE inside the average organization. The 2021 NetMotion study revealed that only 4% of organizations have migrated fully to the cloud, with just over half (51%) having most of their apps and services available via SaaS.
Migration to
the cloud
Survey: What percentage of your core work applications/services are in the cloud?
A surprisingly large 15% of organization still have at least three quarters of their resources hosted on-premise, a proportion that grows to 39% for government entities. Financial and legal firms are the most likely sectors to have at least three quarters in the cloud.
Weighting the responses within each range allows an estimate to be created for the average migration rate across different organizations. This average migration rate is broadly similar across the five geographical markets studied, suggesting that most organizations are at over the halfway point in their cloud migration journey. A simple cohort analysis, dividing the more advanced quartile and least advanced quartile also, reveals the leading and lagging segments of the market.
The bottom quartile of US firms are major laggards, migrating a weighted average of just 12% of core applications to the cloud. Although laggards in Japan also sit far behind those in Western markets, the leaders (upper quartile) among Japanese firms are the fastest globally at moving to the cloud. In contrast, Australia is the closest market studied, meaning the country has the smallest disparity between leading and lagging cohorts.
Weighted cloud adoption rates
Over 3/4 in cloud
Over 3/4 on prem
25-49%
0-24%
50-74%
75-99%
100%
In a pre-SASE world, remote workers have relied on a VPN to provide a safe, encrypted connection to corporate resources. But as the number of users has grown and the types of assets they access has changed, these legacy VPNs have become a liability. Even with multi-factor authentication (MFA) in place, older generation VPNs lack the ability to understand context, opening the door to anyone holding the correct credentials. The answer, according to security experts, is to remove trust from the process. The concept of ‘zero trust’ was first coined in 2010 by John Kindervag, former Forrester Research analyst. This is the idea that, by default, users are denied access until they can prove they are a legitimate user for that resource. It also embraces the concept of ‘least privilege’, meaning users only get access to the application they requested and nothing more – preventing any kind of lateral movement, because connections are to the resource, not the entire network.
As the concept of zero trust has gained popularity, it has become the basis for many of the solutions included in the SASE framework, especially ZTNA (otherwise known as SDP).
Embracing
zero trust
Survey: Has your organization begun adopting a zero trust posture when determining access
to company resources?
Australian and British organizations were the most likely to have started using zero trust, while Japanese were the least likely. Given the relative maturity level of organizations and the limited investment in ZTNA products (15% - see following section), these results indicate either a pessimistic or optimistic conclusion. Cynically viewed, these findings demonstrate that IT leaders do not understand zero trust as well as they claim, or that they are over-estimating their own capabilities. Seen more positively, it can be concluded that organizations have just started adopting zero trust in very limited ways as an entry point to a much longer journey towards SASE (through per-app VPNs or policies implemented with SWGs, for example).
ZTNA solutions vary in their architecture, but they will all make use of some kind of controller. This controller acts a bit like a context-aware decision maker. It gathers a variety of data, such as the application being used, the location of the device, the network it is connected to and much more. It then uses this real-time data to build a risk profile of each request, determining whether the user can access the resource based on the context of the moment. If that changes, access can be revoked. It’s an elegant way of ensuring users get what they need while reducing the attack surface of an organization.
The compelling driver for adoption is that it allows organizations to treat all of their resources equally, even for those resources hosted in the public cloud.
According to the NetMotion study, over half of all IT leaders claim to have started their journey to zero trust, implementing at least one zero trust policy – though the research shows that this is being enabled in a limited capacity. Dedicated zero trust solutions like ZTNA and CASBs are still nascent in their adoption rates, suggesting IT leaders are finding ways to experiment with zero trust using other technologies in a narrower capacity.
No, but plan to
No
Yes
William O’Hern, Chief Security Officer
AT&T
United States
70%
Of US organizations are adopting or have already adopted zero trust technologies. Click through to see how other countries compare.
Share of international organizations adopting zero trust
Mapping the entire suite of technologies that organizations might choose to implement to power their SASE strategies is almost impossible, due to the sheer scale of different options available to IT leaders. Some diagrams feature almost 100 distinct product categories that comprise the full SASE stack. Experience monitoring, for example, is a crucial means of ensuring a high-quality working environment for distributed workforces and meeting SASE visibility requirements for off-network employees. It is rarely seen in diagrams, however, as these are typically produced by more security-oriented entities. More typically, there are a small handful of network and security products that make up the backbone of most SASE strategies. Ultimately, IT leaders will need to approach multiple diff-erent vendors to meet SASE requirements across their broader technology stack.
The SASE
technology stack
The 2021 NetMotion study showed that VPNs and SWGs are the most popular forms of cloud security products inside most organizations, perhaps as a result of their relative maturity. It appears that modernizing existing technologies (VPN, Firewall, SWG) is more attractive to IT leaders than the adoption of new categories (CASB, ZTNA, edge content filtering).
Adoption of CASB (16%) and ZTNA (15%) is still low. These nascent markets are growing fast but are today mostly used by innovative companies rather than the mainstream. ZTNA adoption is consistent across verticals and markets, at 12-18% in all five markets included in this study. Filtering content at the edge is most prevalent in the US (23%), perhaps driven by the need to ensure compliance and security amidst the growth in remote working. This is compared to a global average across other markets of just 13%.
SASE networking solutions are less likely to have been implemented than security solutions, on average. Researched showed that there is no network technology category present in over half of organizations surveyed.
Over a quarter of organizations are now taking advantage of SD-WAN, a fast-growing category of network solutions. German companies are using SD-WAN products more than those in other markets, with 38% of respondents including it in their network stack, compared with a global average of 25% - only 19% of Japanese firms are currently using it.
Australian companies are overwhelmingly the most likely to be using WAN optimization solutions at 70%, with other markets averaging at just 44%. This is perhaps the result of poor network quality and performance in Australia.
Survey: Which of these cloud security solutions does your organization currently employ?
Emerging Technologies: Applying SASE’s Architectural Model to Secure Distributed Composite Apps
Joe Skorupa, Neil MacDonald, Anne Thomas
deliver the complete set of required products; hence, cooperation and consistency are essential.
Considering NetMotion
The pathway to SASE is a long and non-linear one. It will require patience, heavy customization and agility to truly achieve. Managing traditional network security alongside SASE will be key to its success, just how the migration from on-premise to cloud did not happen instantaneously.
NetMotion is uniquely positioned to help organizations begin their SASE journey without compromising on the requirements of today. It can be a struggle to support existing remote access needs alongside zero trust solutions, with multiple agents, clients, orchestration engines, dashboards, gateways and infrastructure to manage. NetMotion allows IT teams to modernize their network security with no sacrifices or painful overheads to manage.
Get market-leading capabilities in cloud VPN, ZTNA, WAN optimization and experience monitoring (DEM) categories, while also benefitting from additional functionality in other segments. Whether you are just starting out with SASE or are much further in your journey, NetMotion is the perfect partner to deliver edge-based security and a world-class user experience for the modern, distributed workforce.
NetMotion presents
Seemingly from nowhere, the concept of Secure Access Service Edge (SASE) has gone from a fairly obscure term – first coined by Gartner in late 2019 - to a philosophy dominating the conversation in 2021. Undoubtedly accelerated by the huge shifts brought on by the 2020 global lockdown, SASE has caught the attention of professionals working across the IT, network and security landscape as they prepare their post-pandemic strategies.
This report aims to explain the core concepts behind SASE, and the wider movements taking place to contextualize it. It draws upon the latest research from Gartner, as well as original and previously unpublished data from an extensive January 2021 study on the subject. This research surveyed 750 professionals working across five geographic markets (USA, UK, Australia, Germany and Japan) to better understand their perspectives and experiences with SASE. Participants held job titles at either the CXO, director or manager level, and worked in the IT, network or security departments. This report refers to the findings of this research extensively, segmenting by vertical and region to intimately analyze the nature of SASE in 2021.
PLEASE NOTE:
We strongly recommend viewing this report on desktop rather than mobile.
An introduction to Secure Access Service Edge technologies
Understanding
SASE
Secure Access Service Edge or “SASE” is a term that was coined by Gartner in The Future of Network Security Is in the Cloud, published at the end of Summer 2019. Although it’s tempting to think of it as a product category, like a firewall or a CASB, it’s more accurate to consider it more like a framework or philosophy. SASE encompasses a package of technologies, delivered as a service, that are designed to support the secure access needs of modern organizations.
There is no fixed list of technologies that are or are not included within SASE, though many are frequently cited as examples of tools matching the philosophy. Andrew Lerner, a VP Analyst at Gartner, suggests that SD-WAN, SWG, CASB, ZTNA and FWaaS comprise the core abilities. IT leaders, however, may select any number of SASE technologies and begin implementing the most relevant solutions for their organization – there is not a rigid criteria for the term.
Network security trends
Network security has evolved a lot over the past two decades, but in general had largely settled on a fixed set of tools needed to secure the organization. Traditional technologies were focused on either securing or enhancing the corporate network. That meant using fixed solutions like firewalls, secure web gateways (SWGs) and on-premise based software to safeguard the enterprise. For workers operating outside the physical office, remote access products like VPNs, VDI and NAC were used to try and bridge the gap, helping distributed workforces behave as if they were located on-site. The relatively small volume of remote employees and limited number of use-cases for this meant that most organizations were willing to compromise on the user experience and latency that these technologies typically deliver.
The explosion in remote working has changed the requirements for network security forever. With more – if not most – employees working outside the fortified center of the enterprise, the trade-offs made for distributed workers pose a much bigger problem. Why should employees need constantly authenticate and connect to the company network just to satisfy security requirements? The migration of applications to the cloud has compounded this, with legacy network security products performing complex and unnecessary network gymnastics to secure the connections – often needlessly routed through the corporate perimeter.
Gartner has published several research papers on this problem, out of which SASE emerges. In Emerging Technology Analysis: SASE Poised to Cause Evolution of Network Security, the paper’s authors talk about how appliance-based network security models are being replaced to ensure a better end user experience. More specifically, it states that ‘the traditional-data-center-focused hub-and-spoke model, optimal for data residing in a single location, is no longer relevant’. The legacy model for securing workers complicates design and puts strain on network performance in a world where employees can work from anywhere at any time – on any network.
Core concepts
SASE places a heavy focus at the edge, securing users locally when possible and routing traffic in the most efficient way possible. It also embraces the idea of zero trust, using context-aware policy conditions to grant access on a ‘deny by default’ basis. SASE, at the highest level, concerns itself with five core principles.
1. Cloud-Based Service Architecture
SASE solutions must be delivered in the cloud
3. Central Visibility and Logging
SASE solutions provide detailed insights
into activity
2. Policy Decision Points
SASE solutions enforce policy dynamically
and locally
4. Network Security for Mobile and IoT
SASE solutions need to support far beyond
the desktop
5. Latency-Sensitive Security Computer
SASE solutions should embrace the edge and
minimize latency
Awareness of SASE
Although the concept was only established in 2019, it has not taken long to capture the attention of IT leaders around the world. In the January 2021 NetMotion study, two thirds of IT leaders claimed to be confident of their ability to describe the core concepts of SASE.
Those working in the UK and Australia are the most familiar with the framework – or at least claim to be – while those in non-English speaking markets were much less likely to be. Only around half of German and Japanese professionals are fully aware of what SASE is. There are stark differences between sectors in the awareness of SASE. Scarcely a third of government IT workers know what SASE is, an indicator that the public sector is significantly behind the private sector in general. Healthcare (a blend of private and public in the markets studied) ranks much higher, but still lags behind other verticals. IT leaders at law firms are the most engaged with the Gartner concept, with more than 4 in 5 of those surveyed comfortable at explaining SASE, with individuals from the utilities/energy, public safety and finance sectors close behind.
Share of IT leaders that can confidently describe what Secure Access Service Edge (SASE) is
Emerging Technology Analysis: SASE Poised to Cause Evolution of Network Security
By Nat Smith, Neil MacDonald, Lawrence Orans, Joe Skorup (Gartner)
Adopting
SASE
In order to abide by the SASE framework, every networking and security solution that once lived in a box in the data center needs to instead to be delivered as a service to the distributed workforce (at the edge). The traditional bottleneck of tunnelling everything through one central on-premise ‘hub’ is therefore alleviated. SASE in practice means delivering identity-centric network security, as a service, in the cloud. SASE sits between agile users and corporate resources.
There are a number of reasons that organizations are attracted to SASE, which offers a wide range of advantages when compared with traditional approaches to network security.
Reduced complexity
Fewer appliances to
maintain and agents to deploy, equating to fewer dollars spent
Performance improvements
Latency is reduced and connectivity is optimized, without network gymnastics
Ease of use & transparency
Simple solutions that are invisible to the end-user, with minimal intrusions
Improved security
Adoption of zero trust risk posture and reduced attack surface
Low operational overhead
Provides the ability to scale without infrastructure administration
Centralized policy &
Local enforcement
Decision-making at the edge without traffic hairpinning
Survey: To what extent does your organization currently embrace the SASE framework?
Not at all
In less than half of our technology stack
In more than half of our technology stack
We fully embrace SASE
Share of companies that are fully embracing SASE across their organization (by sector)
Utilities
Legal
Finance
Healthcare
Public safety
Government
Organizations have been embracing the sentiment of SASE by varying degrees across verticals and geographies. Around 12% of organizations claim to be embracing SASE entirely in 2021, up from just 1% in 2018 (Gartner) but over a quarter (26%) have no SASE operations in their IT stack today. Utilities, legal and finance (12-17%) are the industries most likely to be adopting a full SASE strategy, while once again government bodies are by far the least likely (3%).
The Future of Network Security Is in the Cloud
Neil MacDonald, Lawrence Orans, Joe Skorupa
A marathon,
not a sprint
Getting to a full SASE approach to network security is not something that happens overnight. It’s also not something that can be delivered by one vendor, despite the hype, vendor claims and rampant marketecture. This is underlined in the Gartner research ‘Emerging Technology Analysis: SASE Poised to Cause Evolution of Network Security’ by Nat Smith, Neil MacDonald, Lawrence Orans and Joe Skorup, which discusses the topic extensively: “no vendor has a single, complete, integrated end-to-end solution based upon this architecture, nor is any likely to deliver one over the next three years”.
This slow march to SASE, much like the migration to the cloud, is likely to take place over the next decade – and may not ever reach full realization. Selecting which parts of the network security stack to upgrade and when is a core strategic consideration for organizations planning their transition.
Strategic direction
The shift to SASE is a movement generally coming from IT, though in some organizations security, network or even management teams are the departments pushing the SASE agenda. NetMotion research shows that IT is overwhelmingly the most influential role, a pattern that is consistent across industries. Companies in the UK have a stronger influence from the security team than other markets, while Germany is more likely to have a network team influence. Another major cultural difference can be seen in Japan, where it is significantly more likely to have management (or non-technical team) pushing for adoption of SASE than other regions.
Survey: Which internal team within your organization is responsible for your SASE strategy? (Global average)
Migration to
the cloud
SASE is entirely linked with several other market trends, such as the growth in remote working or the proliferation of networks, but the biggest is the gradual enterprise shift to the cloud. More applications and resources than ever before are now being accessed in the cloud, whether it be on the public web or hosted in hybrid cloud/IaaS environments like AWS or Microsoft Azure.
Much like SASE itself, transitioning to cloud-first working has been a decades-long process. Many organizations may have started implementation of SaaS applications like Salesforce twenty years ago, yet very few businesses operate entirely in the cloud today. Different teams, departments, use-cases and apps are slowly migrated or added to the broader productivity suite, from vast enterprise Office365 rollouts to more nimble self-provisioned marketing tools. Under-standing the success rate of cloud adoption is key to contextualizing the status of SASE inside the average organization. The 2021 NetMotion study revealed that only 4% of organizations have migrated fully to the cloud, with just over half (51%) having most of their apps and services available via SaaS.
15%
35%
37%
10%
4%
Survey: What percentage of your core work applications/services are in the cloud?
25-49%
0-24%
50-74%
75-99%
100%
A surprisingly large 15% of organization still have at least three quarters of their resources hosted on-premise, a proportion that grows to 39% for government entities. Financial and legal firms are the most likely sectors to have at least three quarters in the cloud.
Weighting the responses within each range allows an estimate to be created for the average migration rate across different organizations. This average migration rate is broadly similar across the five geographical markets studied, suggesting that most organizations are at over the halfway point in their cloud migration journey. A simple cohort analysis, dividing the more advanced quartile and least advanced quartile also, reveals the leading and lagging segments of the market.
The bottom quartile of US firms are major laggards, migrating a weighted average of just 12% of core applications to the cloud. Although laggards in Japan also sit far behind those in Western markets, the leaders (upper quartile) among Japanese firms are the fastest globally at moving to the cloud. In contrast, Australia is the closest market studied, meaning the country has the smallest disparity between leading and lagging cohorts.
Weighted cloud adoption rates
Over 3/4 in cloud
Over 3/4 on prem
Embracing
zero trust
In a pre-SASE world, remote workers have relied on a VPN to provide a safe, encrypted connection to corporate resources. But as the number of users has grown and the types of assets they access has changed, these legacy VPNs have become a liability. Even with multi-factor authentication (MFA) in place, older generation VPNs lack the ability to understand context, opening the door to anyone holding the correct credentials. The answer, according to security experts, is to remove trust from the process. The concept of ‘zero trust’ was first coined in 2010 by John Kindervag, former Forrester Research analyst. This is the idea that, by default, users are denied access until they can prove they are a legitimate user for that resource. It also embraces the concept of ‘least privilege’, meaning users only get access to the application they requested and nothing more – preventing any kind of lateral movement, because connections are to the resource, not the entire network.
As the concept of zero trust has gained popularity, it has become the basis for many of the solutions included in the SASE framework, especially ZTNA (otherwise known as SDP).
No, but plan to
No
Yes
ZTNA solutions vary in their architecture, but they will all make use of some kind of controller. This controller acts a bit like a context-aware decision maker. It gathers a variety of data, such as the application being used, the location of the device, the network it is connected to and much more. It then uses this real-time data to build a risk profile of each request, determining whether the user can access the resource based on the context of the moment. If that changes, access can be revoked. It’s an elegant way of ensuring users get what they need while reducing the attack surface of an organization.
The compelling driver for adoption is that it allows organizations to treat all of their resources equally, even for those resources hosted in the public cloud.
According to the NetMotion study, over half of all IT leaders claim to have started their journey to zero trust, implementing at least one zero trust policy – though the research shows that this is being enabled in a limited capacity. Dedicated zero trust solutions like ZTNA and CASBs are still nascent in their adoption rates, suggesting IT leaders are finding ways to experiment with zero trust using other technologies in a narrower capacity.
Share of international organizations adopting zero trust
70%
United States
Japan
65%
76%
Germany
United Kingdom
84%
86%
Australia
*Organizations are adopting, or have already adopted a zero trust architecture
Australian and British organizations were the most likely to have started using zero trust, while Japanese were the least likely. Given the relative maturity level of organizations and the limited investment in ZTNA products (15% - see following section), these results indicate either a pessimistic or optimistic conclusion. Cynically viewed, these findings demonstrate that IT leaders do not understand zero trust as well as they claim, or that they are over-estimating their own capabilities. Seen more positively, it can be concluded that organizations have just started adopting zero trust in very limited ways as an entry point to a much longer journey towards SASE (through per-app VPNs or policies implemented with SWGs, for example).
William O’Hern, Chief Security Officer
AT&T
The SASE
technology stack
Mapping the entire suite of technologies that organizations might choose to implement to power their SASE strategies is almost impossible, due to the sheer scale of different options available to IT leaders. Some diagrams feature almost 100 distinct product categories that comprise the full SASE stack. Experience monitoring, for example, is a crucial means of ensuring a high-quality working environment for distributed workforces and meeting SASE visibility requirements for off-network employees. It is rarely seen in diagrams, however, as these are typically produced by more security-oriented entities. More typically, there are a small handful of network and security products that make up the backbone of most SASE strategies. Ultimately, IT leaders will need to approach multiple diff-erent vendors to meet SASE requirements across their broader technology stack.
Survey: Which of these cloud security solutions does your organization currently employ?
The 2021 NetMotion study showed that VPNs and SWGs are the most popular forms of cloud security products inside most organizations, perhaps as a result of their relative maturity. It appears that modernizing existing technologies (VPN, Firewall, SWG) is more attractive to IT leaders than the adoption of new categories (CASB, ZTNA, edge content filtering).
Adoption of CASB (16%) and ZTNA (15%) is still low. These nascent markets are growing fast but are today mostly used by innovative companies rather than the mainstream. ZTNA adoption is consistent across verticals and markets, at 12-18% in all five markets included in this study. Filtering content at the edge is most prevalent in the US (23%), perhaps driven by the need to ensure compliance and security amidst the growth in remote working. This is compared to a global average across other markets of just 13%.
SASE networking solutions are less likely to have been implemented than security solutions, on average. Researched showed that there is no network technology category present in over half of organizations surveyed.
Over a quarter of organizations are now taking advantage of SD-WAN, a fast-growing category of network solutions. German companies are using SD-WAN products more than those in other markets, with 38% of respondents including it in their network stack, compared with a global average of 25% - only 19% of Japanese firms are currently using it.
Australian companies are overwhelmingly the most likely to be using WAN optimization solutions at 70%, with other markets averaging at just 44%. This is perhaps the result of poor network quality and performance in Australia.
Emerging Technologies: Applying SASE’s Architectural Model to Secure Distributed Composite Apps
Joe Skorupa, Neil MacDonald, Anne Thomas
Considering
NetMotion
The pathway to SASE is a long and non-linear one. It will require patience, heavy customization and agility to truly achieve. Managing traditional network security alongside SASE will be key to its success, just how the migration from on-premise to cloud did not happen instantaneously.
NetMotion is uniquely positioned to help organizations begin their SASE journey without compromising on the requirements of today. It can be a struggle to support existing remote access needs alongside zero trust solutions, with multiple agents, clients, orchestration engines, dashboards, gateways and infrastructure to manage. NetMotion allows IT teams to modernize their network security with no sacrifices or painful overheads to manage.
Get market-leading capabilities in cloud VPN, ZTNA, WAN optimization and experience monitoring (DEM) categories, while also benefitting from additional functionality in other segments. Whether you are just starting out with SASE or are much further in your journey, NetMotion is the perfect partner to deliver edge-based security and a world-class user experience for the modern, distributed workforce.
