Sponsored By

Cisco Enters SASE Market on Its Own TermsCisco Enters SASE Market on Its Own Terms

Cisco might be late to the SASE game, but it’s still very much the first inning.

Zeus Kerravala

June 23, 2020

5 Min Read
Security and cloud communications
Image: kran77 - stock.adobe.com

Last week during its digital Cisco Live 2020 event, Cisco announced its secure access service edge (SASE) solution. Although the company has had multiple flavors of SD-WAN available for some time, it had yet to roll out a formal SASE offering. SASE is a term coined by Gartner that describes a wide area network (WAN) architecture that has fully integrated, cloud-native security, and networking capabilities.

 

Cisco certainly isn’t the first vendor with a SASE solution, but it arguably has the broadest set of services. The latest 17.2 release of Cisco SD-WAN brings together products from its networking and security product lines. This includes components from Viptela and Meraki for networking, IDS/IPS, and URL filtering and Umbrella for secure web gateway, DNS security, cloud access security broker (CASB), and firewall capabilities. Cisco is also integrating security capabilities from its zero-trust products, which include AnyConnect for VPN, SD-Access for segmentation, and multi-factor authentication (MFA) from Duo. These products address identity and access requirements. I believe this is the broadest set of integrated SASE services from any single vendor to date.

 

Because of its size, Cisco does have some interesting differentiators. One of the elements of Gartner’s definition is networking and security capabilities are to be availed in the cloud. All of the existing SASE vendors rely on public cloud, colocation, or could providers for service delivery. Cisco can leverage its global network and cloud points of presence (PoPs) from its existing Umbrella cloud-native security as well as Meraki’s cloud. The Umbrella network came to Cisco via the 2015 OpenDNS acquisition.

 

Also, the Gartner definition calls for the security and network services to be cloud-native, but Cisco SD-WAN customers can leverage Cisco’s on-premises infrastructure, such as its widely deployed integrated services router (ISR) and manage via the cloud. This is where Cisco’s implementation of SASE and Gartner’s definition diverges. This was a topic of discussion during a podcast on SASE with Beth Schultz (listen below), where it’s my belief cloud-managed is a viable option to cloud-native with the ultimate deployment model being determined by the needs of the location. I think large customers might choose a mix of cloud-native and cloud-managed on-premises technology.

 

Cloud-native is ideal for most locations where the network and security requirements are fairly cookie cutter. For example, all work from home users will have the same basic set of needs – VPN connectivity, basic firewalls, network connectivity, MFA, and so on. Cisco customers could easily and quickly provision these services in the cloud giving home workers the same level of protection they have in the office.

 

Cloud-managed is optimal for customers that have large sites, custom requirements, or want to maintain their investment in existing network and security technology. Cloud-native is great for a small number of users, but pushing updates and configurations changes to and from the cloud in a cloud-delivered situation can generate a significant amount of network traffic, making it more efficient to keep things like routers and firewalls on-premises. Also, a company may have a branch office that requires a higher level of security. This could be something like the corporate finance division for a financial services firm that’s dealing with a lot of secretive information. The localized security provides an extra layer of protection.

 

I believe Gartner’s definition to be limited and unrealistic, as the transition to cloud-native networking is going to be a long one. There’s no real reason for Cisco customers to “lift and shift” existing infrastructure and services just to run them in the cloud for cloud sakes. The move to cloud-native needs to be carefully thought out architecturally and done, where it makes sense for the customer and not forced to meet some arbitrary definition. The combination of cloud-managed and cloud-native is what makes Cisco unique, as they can deliver SASE any way a customer wants to consume it.

 

The 17.2 software release delivers SASE, but Cisco has added several other capabilities that extend its offering, such as:

 

  • Unified communications integration — Cisco SASE includes a voice gateway for reliable and secure UC from private and public clouds delivered over Internet connections. With this, customers can create a communication network that optimizes voice that can be managed from the Cisco dashboard.

  • Cloud OnRamp for SaaS services — Cisco has created a number of direct connections to the top 15 SaaS services such as Office365, Dropbox, Salesforce, and more. This feature is enabled in the IOS XE operating system that runs on Cisco ISRs and creates a “private” connection experience, even when the public Internet is used.

  • Managed service provider innovations — Of all the SASE providers, Cisco easily has the largest ecosystem of managed service providers. SASE complexity created by all these options will push many enterprises towards using an MSP. Cisco enables MSPs to deliver custom WAN services through CLI templates. This aligns with a recent Work From Home survey that I ran, sponsored by MSP, Masergy, that found a whopping 66% of respondents will use a managed service to partially or fully perform the upgrade to an SD-WAN. I didn’t specifically ask about SASE as it’s still emerging, but given it’s more complex, I would suspect the MSP number to be higher.

 

The SASE competitive landscape is very crowded, but most vendors have strengths in security and networking. Cisco is certainly late to the SASE game, but the industry is still in the first inning, so it’s not like it has lost many opportunities. Cisco is the market leader in networking and security and can bring UC expertise into the fold, as well as giving it an interesting competitive edge. Cisco is better off having waited and brought a solution to market that gives its customers options rather than forcing them into a solution that only meets part of the market.

About the Author

Zeus Kerravala

Zeus Kerravala is the founder and principal analyst with ZK Research.

Kerravala provides a mix of tactical advice to help his clients in the current business climate and long term strategic advice. Kerravala provides research and advice to the following constituents: End user IT and network managers, vendors of IT hardware, software and services and the financial community looking to invest in the companies that he covers.

Kerravala does research through a mix of end user and channel interviews, surveys of IT buyers, investor interviews as well as briefings from the IT vendor community. This gives Kerravala a 360 degree view of the technologies he covers from buyers of technology, investors, resellers and manufacturers.

Kerravala uses the traditional on line and email distribution channel for the research but heavily augments opinion and insight through social media including LinkedIn, Facebook, Twitter and Blogs. Kerravala is also heavily quoted in business press and the technology press and is a regular speaker at events such as Interop and Enterprise Connect.

Prior to ZK Research, Zeus Kerravala spent 10 years as an analyst at Yankee Group. He joined Yankee Group in March of 2001 as a Director and left Yankee Group as a Senior Vice President and Distinguished Research Fellow, the firm's most senior research analyst. Before Yankee Group, Kerravala had a number of technical roles including a senior technical position at Greenwich Technology Partners (GTP). Prior to GTP, Kerravala had numerous internal IT positions including VP of IT and Deputy CIO of Ferris, Baker Watts and Senior Project Manager at Alex. Brown and Sons, Inc.

Kerravala holds a Bachelor of Science in Physics and Mathematics from the University of Victoria in British Columbia, Canada.