In conjunction with the ETR Observatory for Secure Access Service Edge (SASE), the ETR Insights assembled a panel discussion between senior IT executives who are taking pragmatic, incremental approaches to SASE, marked by challenges within hybrid multi-cloud environments and shifting operational needs. Some are transitioning to SASE along end-of-life equipment upgrades and shifting IT environments. Risk mitigation, usability, and adaptability are key; these panelists value a clean user interface along with comprehensive pre- and post-deployment support. They expect increased adoption and market consolidation as security threats evolve, though caution against companies haphazardly developing SASE merely to follow trends. Read on to learn more about how these companies manage SASE, how AI will enhance anomaly detection and operational efficiency, and why SASE alone may not necessarily lead to lower IT headcounts.

Vendors Mentioned: Akamai, Broadcom / Cato Networks / Cisco, CrowdStrike / ECG / Forrester / Fortinet / Gartner / Hewlett Packard Enterprises (Aruba Networks) / Juniper Networks / McKinsey & Company / Palo Alto Networks / Proofpoint / Splunk / VMware / Zscaler

Key Takeaways

• Some Enterprises Taking a Piecemeal Transition to SASE. Panelists favor incremental SASE adoption, integrating components into existing infrastructure to align with evolving topologies and hybrid multi-cloud demands.
• Operational and Risk Prioritization. Decisions prioritize risk mitigation, scalability, and interoperability over cost savings, with panelists discussing a focus on operational security and compatibility in their footprints.
• Cost vs. Functionality Debate. SASE can reduce hardware costs via software-based solutions, but price sensitivity leads some to forgo premium vendors despite high functionality. However, choices also frequently hinge on familiarity, channel recommendations, and fit, with our panelists highlighting VMware and Palo Alto.

Panel Highlights

While the shift to SASE happens for varying reasons, our panelists tend to favor a piecemeal approach that allows for natural integration into the existing infrastructure, often a mix of centralized and edge philosophies. “[This came] onto our radar exactly, not with a mandate to find best-in-class, but more like an evolution of our needs,” says an SVP of Technology and Operations in global finance. “Basically, a realization that our topology is changing dramatically.” They describe the challenges of maintaining a traditional data-centric topology in a hybrid multi-cloud environment, where operational scalability and performance demands meant rethinking legacy approaches. “There was convergence of things happening in the marketplace, things that industry leaders were signaling to us, and our own attempt to do cyber uplift, which kind of came as a converging point towards instrumentation that now might be described as more SASE-like.”

This SVP described how his company transitioned from MPLS-based WAN to SD-WAN, adding SASE components incrementally. For another CIO in the restaurant and retail industry, practical concerns such as equipment end-of-life meant an opportunity upgrade. “It was an opportunity to modernize in what is the current approach, and to finally do that thing that, candidly, we've been wanting to do in each of the places I've bought it for some period of time, but we really couldn't because these devices were still on the books.”

While financial benefits are part of the equation, the conversation is led by risk and operational considerations; hybrid compatibility, interoperability, risk mitigation, data protection, and post-implementation service generally outweigh cost considerations. “It's more, are the risks mitigated properly? Is it actually scaling operationally and whatnot? Those were more of the concerns rather than, let's try to find savings.” A CIO in the food sector adds, “For us also, it is purely handled as a risk mitigation approach, so we do not have to go through traditional financial justification when it comes t o security-based solutions.” However, a shift from legacy hardware can certainly reduce costs. “By replacing what is there with a software-based solution with little to no physical hardware present, the ROI on that is tremendous. We can downgrade our network switches to commodity devices, because the sophistication of the network management is now being handled on the software layer.”

All panelists highlighted the importance of overall strategic fit within their frameworks. Vendor evaluation short lists include familiar names like Cisco, VMware, Palo Alto, Zscaler, and Akamai. Structured evaluations play a role, though the decision may ultimately be subjective. “I basically go with firms with which I have familiarity, or that I've used or owned at previous roles, or the people who work for me have. There are so many players in the space, and so many possible combinations to create a SASE platform, that you almost have to arbitrarily narrow down the process somehow.” For several panelists, VARs aid decision-making. “They may tell us that, hey, this is a new vendor in the marketplace that you may want to consider.” Another CIO adds, “They're more of a companion to the process rather than a controller of it.” A third panelist leans on published research to begin. “We start with the Forrester and Gartner reports to narrow down the players for the RFP process, followed by internal and external expertise from consultants.” For one SVP seeking a solution that fits their hybrid multi-cloud footprint, only Cisco and VMware qualified. “[Others] might have actually very excellent solution, but it just doesn't fit our hybrid footprint if they are cloud-native and just support cloud, no[t] on-prem.”

These senior executives stress the importance of comprehensive pre-deployment and post-deployment support, and of usability. “We actually overemphasize a well- executed interface,” says one SVP. “When you operate in the world of very siloed segmented solutions—like firewalls, load balancers, and web gateways—and you have experts operating those, they might have been comfortable with a command line interface. But when we talk about a converged solution like SASE, you have to look for a very well-executed platform, because you will bring people who potentially have no familiarity with that.” Another mentions the need for rapid response to novel threats, mentioning how Cisco delayed patches. “ We have found that some vendors lag in updates, which has caused us exposure risks.”

Our panel agreed with our aggregate survey results that Palo Alto Networks consistently ranks among the top security vendors (Figure 1), though pricing may deter adoption in some cases. “In most evaluations, number one is going to be Palo Alto, but we do not select them because ultimately the price overall price ends up being significantly higher than whoever number t wo is.” Despite the cost, others have stuck with Palo Alto to best leverage existing enterprise agreements. “I have already purchased other Palo Alto products. Prisma Cloud, for example. Firewalls for public cloud, typically. Then, as I progress through that timeline approach—a place where I can now go to SD-WAN and get rid of the physical devices that I have on the edge—there are advantages to expanding my spending with Palo Alto.” One SVP, already using Palo Alto’s WildFire threat intelligence and next-gen firewalls, anticipates that Prisma could potentially replace modules from other vendors. “We could basically entrust them to give them a bigger mandate and eventually displacing some incumbents. For example, inbound e- mail controls; it's not going to replace Proofpoint, but it can replace some of their modules and expense. That's how [Palo Alto’s cost] can be to some degree mitigated.” Another is happy with Prisma’s NIST-based controls. “Obviously firewall as a service, like DNS security, and Secure Web Gateway. DLP, we kind of extend into DLP, although initially it wasn't part of the coverage. I would not say we fully count on Prisma to do all of those controls, all of the pillars of zero trust, but overall it's a good set."

Time from RFP to full implementation varies widely, influenced by infrastructure, geographic reach, and even third-party connectivity. “We discovered that two locations didn’t have fiber installed, and the permits to cross rail tracks added over a year to the process.” For organizations operating in multi-cloud environments, implementation within AWS, Azure, and GCP can mean further delays. “What we found out is that actually their implementation was not uniform across those, which was kind of a significant challenge.” Others have had compatibility issues with Ansible and OpenShift. “It’s not to say that they were massive problems, but nevertheless, they kind of led to this being more protracted than it would have been otherwise.”

As organizations face a global IT talent shortage, SASE may mitigate, though many IT leaders find these solutions do not reduce the need for skilled internal labor as much as expected. “In fact, [my team] feel quite the reverse, that they would like to add additional resources to complement what's being provided from the outside due to relatively poor service—even to the point where they would like to insource some of these things, like the SD-WAN configuration and the routing that's handled by that.” Ambiguity around who should manage SASE—whether NOC, SOC, or even DevOps—adds another layer of staffing complexity. Our panelists are looking for feature sets that are efficient and easy to use. “We tend to focus on is all the gripes we have for the current system. We forget all the things that are working fine. We look at all the stuff where we say, hey, this current vendor sucks. They're not doing this.” A unified, holistic solution is the end goal of this security technology. “A solution that is easy to administer, easy to use, and is something that will be accepted by the technology and security staff that we have.” Most expect AI will begin to drive differentiation and efficiency. “AI really probably will be sort of the battlefield for having some edge, more effective anomaly detection, and maybe better form resolution.” An SVP adds, “I think geo-proximity—and geo-proximity intelligence probably, also—has some potential for improvement and maybe differentiation.” Further developments may address persistent gaps in SASE, such as the lack of seamless integration between wired and wireless networks. Either way, our panelists anticipate market consolidation, as smaller vendors struggle to keep up with rising security threats. “You take one bad event, and you're going to disappear. CrowdStrike obviously got away with it, but it's going to result in the changes to things like legal agreements and contracts, where you have liability on what happens if your service fails.”

Our panelists warn against adopting new technologies merely to follow industry trends. “Is your organization in the right time and place to make this transformation? Is your enterprise ready to make the transformation? Do you have a staff and a team that is capable of capitalizing on the value? Have you fully depreciated and reached the end of life with the devices and the equipment that you already have?” Leaders should evaluate their architectural footprint and state targets before choosing a solution, carefully considering compliance and regulatory considerations. “Acknowledge how aggressive you want to be, or how maybe cautious and conservative you want to be, with the organizational realignment that this might enable. Do you want to keep basically switchboard operators? Or are you ambitious enough to completely reimagine that?”