Professional Documents
Culture Documents
Sase or Sse For Zero Trust
Sase or Sse For Zero Trust
SASE or SSE
The Different Pathways to Zero Trust
Contents
Executive Summary ...............................................................................................................................................................3
Exploring the SASE Contradiction ........................................................................................................................................3
The Reality of SASE ..........................................................................................................................................................4
Why the Disconnect? .........................................................................................................................................................5
What’s Needed to Realize the Potential SASE Can Offer? ...............................................................................................6
Flexibility ..............................................................................................................................................................................7
A Truly Unified Architecture ...............................................................................................................................................7
A Platform Predicated on Zero Trust ................................................................................................................................7
The Ability to Deliver Business Outcomes Along With Security Outcomes ..................................................................8
Zscaler Supports Customers on Their Zero-trust Journey With Flexible SSE and SASE ..............................................8
Conclusion ..............................................................................................................................................................................9
Executive Summary
Secure access service edge (SASE) has emerged as the leading technology to combat the new security
challenges enterprises face as their workforce and workloads become more distributed. Organizations have turned
to SASE architecture to help strengthen security, improve operational efficiency, and support network
transformation. However, challenges abound in implementing a comprehensive SASE architecture, leading many
organizations to use multiple vendors—increasing complexity and risk—or start with security service edge (SSE) to
overcome organizational roadblocks.
Regardless of the strategy organizations choose to arrive at SASE, there are four requirements necessary to
realize SASE’s full potential. Flexibility, a unified architecture, a zero-trust foundation, and a focus on business
outcomes are factors organizations should consider when evaluating vendors. Zscaler Zero Trust SASE is flexible
enough to meet customers where they are on their journey, from SSE through to consolidated single-vendor SASE.
What are the drivers of your organization’s interest in SASE? What is the
primary driver of its interest? (Percent of respondents, N=390)
Supporting network edge transformation 30%
Improving security effectiveness 29%
Reducing security risk to organization 28%
Better supporting hybrid work models 27%
Becoming more operationally agile 26%
Simplification of infrastructure and processes 26%
Becoming more operationally efficient 26%
Accelerating adoption of zero trust 24%
Delivering better user experiences 23%
Reducing network costs 23%
Reducing solution costs 20%
Vendor consolidation 17%
1 Source: Enterprise Strategy Group Research Report, Security Services Edge (SSE) Leads the Way to SASE, November 2023. All
research references and charts in this white paper are from this research report.
© 2024 TechTarget, Inc. All Rights Reserved.
3
White Paper: SASE or SSE: The Different Pathways to Zero Trust
36% 38%
24%
10% 2% 13% 13% 1% 9% 1% 2%
Since its introduction, SASE has revolved around vendor consolidation, and the specific idea of “single-vendor
SASE” has been increasingly promoted by some vendors and industry pundits. Yet, according to Enterprise
Strategy Group research, 10% of organizations anticipate beginning with a single SASE vendor, and only 2%
believe they’ll use one vendor when the project is complete.
Even the idea of two-vendor SASE seems to be unrealistic to most, with just 13% indicating their organization will
use two SASE vendors when the project is complete, leaving 83% leaning toward a SASE architecture using three
or more vendors. Unfortunately, this strategy leads to a situation similar to that which gave rise to SASE—bolting on
vendors and trying to integrate a sprawl of siloed tools. This increases the risk of security gaps that may lead to
breaches, and round and round the cycle goes.
Which of the following challenges between your organization’s network and security
groups in relation to the convergence of network and security have you experienced or
would you expect to experience? (Percent of respondents, N=390, three responses
accepted)
The groups are measured and compensated on
28%
conflicting goals
Issues related to the chain of command that is ultimately
28%
responsible for network security and collaboration…
Balancing security functions and network performance to
24%
ensure positive and safe experiences
Workflow issues related to the timeliness of collaborative
24%
tasks
Second, different priorities and transformational initiatives result in a variety of starting points and drawn-out
timelines. Network transformation and security modernization are significant undertakings in their own right, and
can be supported by SASE, but have other considerations as well. As a result, organizations may initially
incorporate a piece of SASE to support that broader transformation initiative. Zero trust, in particular, is a key focus
for many organizations, with SSE serving as a key component of operationalizing the strategy. Additionally, there
may be a need to move quickly in one area without considering the broader architecture. A common example of this
is rolling out zero-trust network access (ZTNA) to support expanding remote access needs. Ultimately, the criticality
of security leads many to start with SSE.
Finally, vendor solutions haven’t always delivered. Arguably, a significant part of the prevalence of multi-vendor
views is based on perception. Organizations simply find it hard to believe that they can get a broad set of leading
security capabilities from a single vendor. This is evident in the cycle of adding new tools to address new threat
vectors and protect additional parts of the environment. Additionally, vendors often simply bolt on an SD-WAN
solution to an SSE platform and call it SASE (and vice-versa), which doesn’t deliver the expected benefits.
Flexibility
Vendors need to have the flexibility to meet an organization where it is to address a variety of use cases and
expand over time. This requires support for both single and multi-vendor SASE approaches. For example, a vendor
could provide a purpose-built SSE platform and SD-WAN capabilities to support customers looking for
comprehensive SASE. However, customers should be able to use each separately while transitioning to a full
SASE architecture.
Over the short and medium term, many organizations will rely on multiple vendors for a SASE implementation.
More than one quarter (26%) of survey respondents say ensuring interoperability between vendors is a challenge.
Strong technology partnerships to ease integration burdens and simplify deployment can help organizations using
different SSE and SD-WAN providers continue to successfully advance their SASE implementation until they’re
ready to embrace a single vendor for SASE.
In the long run, however, a single-vendor approach will make sense for many organizations. Standardizing with one
vendor simplifies procurement and training, as staff can focus skill development on a single platform. Components
are pre-integrated, easing the burden of deployment and ensuring interoperability. Additionally, networking and
security policies can be tightly interwoven to ensure both strong security and effective connectivity.
Enforcing this model on legacy network architecture is incredibly difficult because zero-trust enforcement is typically
bolted on as an afterthought, increasing complexity and creating the potential for policy gaps. SASE and SSE
solutions that support zero-trust strategies by default are better positioned to help security teams effectively
implement the initiative.
Through this approach, Zscaler meets customers where they are, enabling them to progress as quickly or slowly as
they need to, to achieve success.
Conclusion
SASE promises a unified, integrated approach to providing security and network connectivity across a distributed
architecture, enabling workforces, devices, and workloads to communicate securely. However, the reality is that a
single-vendor option isn’t always feasible or even desired. And when a single-vendor option presents itself,
organizations may need time to prepare their architecture to support such a vendor.
Navigating this challenging environment requires vendors to become flexible to meet organizations where they are
in their unique journey. Zscaler Zero Trust SASE provides a unified, integrated approach with zero trust at the core,
without sacrificing flexibility. Customers still working on building a strong foundation for SASE can use SSE until
they’re ready to implement Zscaler Zero Trust SD-WAN, a secure and simplified SD-WAN experience. Zscaler Zero
Trust SASE provides secure connectivity for the workforce, devices, workloads, and third parties using centralized
management and ample PoPs, ensuring consistency in security and performance. With Zscaler, customers can
secure their networks while building a clear path forward on the journey to a complete, single-vendor SASE
implementation.
Information contained in this publication has been obtained by sources TechTarget considers to be reliable but is not warrant ed by TechTarget. This publication may contain opinions of
TechTarget, which are subject to change. This publication may include forecasts, projections, and other predictive statements that represent TechTarget’s assumptions and expectations
in light of currently available information. These forecasts are based on industry trends and involve variables and uncertainties. Consequently, TechTarget makes no warranty as to the
accuracy of specific forecasts, projections or predictive statements contained herein.
Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the
express consent of TechTarget, is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any
questions, please contact Client Relations at cr@esg-global.com.