The Pros & Cons of SASE

Secure Access Service Edge, aka SASE, is a cloud service that bundles security with your SD-WAN and is rapidly taking share from legacy VPNs.

engineering woman
Rob Rodier

Nov 11, 2021


Network access has always been tightly paired with system security. Whenever individuals access a network, they can potentially worm their way into confidential data sitting on company servers. Because of the movement from legacy data center centric solutions to the cloud, corporations now require a solution that protects information in modern virtualized environments. Secure Access Service Edge (SASE) is an emerging technology designed to fill the void. How well it fits in your organization depends on your reliance on legacy solutions and your need for sophisticated troubleshooting.

SASE first garnered significant attention in Gartner Inc.’s 2019 Hype Cycle. It consolidates cloud security, edge computing, and Software Defined Wide Area Network (SD-WAN) capabilities into a single product and fits well with modern digital technologies, such as cloud, mobile devices, and software defined computer infrastructure.

As a result, these solutions have been rapidly gaining traction. Revenue is expected to grow at a Compounded Annual Growth Rate (CAGR) of 116% from 2019 and reach $5 billion in 2024, according to the Dell’Oro Group.

SASE’s emergence has been fortuitous. One ripple effect from the pandemic was a dramatic rise in the number of employees working remotely. Companies are embracing the new work model. In fact, 48% of employees will likely work remotely post-pandemic, as compared to 30% in a pre-pandemic world, according to Gartner.

FYI: SD-WAN + SASE is a new school of networking that is rapidly taking share from MPLS and other traditional WAN types (you can read more on SD-WAN vs MPLS here). If you're unfamiliar with SD-WAN, we recommend you check out our SD-WAN for Dummies guide before reading on.

Traditional Remote Security

Traditionally, many businesses relied on Virtual Private Networks (VPNs) to secure such communications. While they worked well with small numbers of employees, they did not scale well; as the number of devices and data usage increases, as does the cost of a VPN.

In addition, legacy network connections often use software agents, which are pieces of code that execute on end user devices and support network and security functions. Managing agent software can be complex and time consuming.

SASE Benefits

Ever since the first network connection was made, companies have tried to protect their confidential information via solutions, like on-premises firewalls. Securing information in today’s highly virtualized environment is different from what was required with legacy solutions. SASE solutions are designed for virtualized connections.

A SASE solution often replaces VPNs with easier to configure SD-WAN network access. This option does not require agent software. As a result, remote office connections become simpler to deploy and less expensive.

Simplicity and flexibility are other benefits. With SASE, a technician manages both WAN traffic and security, such as a network firewall, from a single pane of glass. Businesses can add capabilities, such as zero-trust network access, secure web gateways, analytics, Unified Threat Management, and policy management, to reach their own security comfort level.

SASE works well with new Internet of Things (IoT) devices. This model, which has been gaining traction, places intelligence between an end device and a server sitting in a data center. With it, end devices no longer require software agents and processing is done locally, improving performance and lowering costs. Because of the benefits, interest in this model is rising rapidly. In fact, Gartner expects that worldwide IoT revenue will reach $572 billion in 2024.

SASE Shortcomings

No solution, including SASEs, fit every use case. Certain businesses rely heavily on legacy MPLS connections, which may not suited to SASE.

The network configuration can become complicated. In certain cases, businesses recently implemented SD-WAN or edge systems. Adding SASE can create duplication, introduce inefficiencies, and make troubleshooting more difficult.

SASE is an emerging technology, so some amenities are still in an early stage of development. For instance, companies find limited features in areas, including automated configurations, network monitoring, and device troubleshooting.

These solutions often require tuning to enterprise networks. Data types have varying levels of sensitivity and require different layers of security. As a result, companies need to understand the importance of their data and apply conditional access appropriately.

Implementing SASE may require retooling technology teams. In some cases, network and security personnel operate independently and will need to be melded. In either case, technicians will need to be trained in the new technology.

Is SASE right for you?

In sum, SASE is emerging as a new network option for securing remote connections. The technology may appeal to businesses adopting a New Normal as the pandemic ebbs and may help them deliver secure access to their growing pool of remote workers. Like any new technology, SASE has rough edges and may not fit with companies relying on VPNs or in need of sophisticated troubleshooting.

Despite those limitations, SASE deployments are expected to increase in the next few years and will likely become a common way to provide secure network access to remote workers. If you’re not sure if SASE is right for your business, click "schedule a demo" on the Lightyear homepage to chat with one of our telco experts.

Want to learn more about how Lightyear can help you?

Let us show you the product and discuss specifics on how it might be helpful.

Not ready to buy?

Stay up to date on our product, straight to your inbox every month.

Featured Articles