Is SASE a Network or Security Solution? Is it a Framework or a Product? Yes and Yes!

Figure 1: SASE Architecture and Five Core Components (New Option 2)

When implementing a SASE architecture, technology vendors are taking a framework or product approach. Some vendors are even embracing both in the name of customer choice. 

In the framework approach, which we call a disaggregated SASE, separate network and security technologies have been integrated into a complete SASE deployment. The network and security technologies may come from the same or different SASE vendors. Usually, disaggregated implementations consist of multiple policy repositories–one for each network or security service. This distinction becomes important when compared with the product approach. 

In the product approach, which we call a unified SASE, all network and security technologies are implemented by a vendor as a single, tightly integrated product platform with just one policy repository spanning network and security policy. Moreover, all five key SASE components typically are offered and required to be obtained from the same vendor.

Beyond the near-term convergence of networking and security in SASE, longer-term we see the next generation of SASE extending the cloud edge to the enterprise edge since there is a clear need to deliver a consistent experience with seamless enforcement and control across cloud and on-prem.

Neither approach to SASE is a “one size fits all” since each has advantages and disadvantages. For example, the multiple policy repositories in disaggregated SASE–because often the deployment consists of numerous products from various vendors– may require manual and sometimes difficult policy reconciliation by administrators that the unified SASE avoids due to its more monolithic implementation. However, the more monolithic implementation of unified SASE may make it more difficult to integrate third-party technologies. Conversely, in disaggregated SASE, it’s generally more straightforward to integrate additional third-party by virtue of its disaggregated implementation. 

We believe both forms of SASE will coexist in the market due to the differences in enterprise IT teams. Enterprises with specialized networking and IT teams prefer the multi-vendor, disaggregated SASE approach. This facilitates a best-of-breed SASE deployment that consists of the network and security IT teams’ preferred technology vendors. On the other hand, enterprises that lack specialized networking and security IT teams tend to accept single-vendor, unified implementations. The greater simplicity of the unified implementation and only needing to deal with a single vendor, rather than multiple vendors, holds great appeal.

We see the co-existence of both forms in our tracking of the SASE vendor landscape. While disaggregated SASE revenue was over 10x larger than the unified SASE for full-year 2021, unified SASE experienced a more robust year-over-year (Y/Y) growth of 48% versus the 37% Y/Y of disaggregated SASE. In our 5-year forecast, we expect unified SASE growth to remain stronger over the forecast horizon than disaggregated SASE and by 2026 rise to nearly $3 B, which will represent approximately a quarter of the total SASE opportunity.