Security Experts:

Vendor Survey vs Reality on SASE Implementation

Gartner believes it will be four years before the market achieves two-thirds of the position a WSJ Intelligence and Forcepoint survey says is already achieved

An unusually styled survey report from WSJ Intelligence and Forcepoint – titled The C-Suite Report: Business and Security Strategies for the Unbound Enterprise – makes numerous assertions with little quantitative detail. It is unusual in that it does not provide the more normal statistical replies to specified questions, but seems to provide percentage agreements to specified statements. 

From this it draws numerous conclusions with no discussion on how its conclusions are reached. In general, there will be little disagreement with these conclusions since they align with what security practitioners have been claiming for years. 

For example, the report claims that security is a business enabler and competitive differentiator. It bases this statement on survey results saying, “55% report security accelerating digital transformation; 52 % note it has created competitive advantage and enabled higher productivity across the organizations.” The rate of acceleration of digital transformation is not specified, the competitive advantage is not defined, and higher productivity is not measured. Note also that 55% and 52% are not massive majorities, being little over half of the responses in each case.

Despite this, the report draws the conclusion, “Enterprises that embrace this opportunity will see their business thrive versus just survive in the next 5-10 years.” This is what everybody in the security industry would like to believe – but there is no specific evidence in the survey to suggest it is true.

Similar concerns could be levelled against much of the survey: unquantified returns support what is already well-known or clearly desirable. Few people will learn much from this – except perhaps, for one particular return: “90% of CEOs and 84% of CISOs indicated they have already adopted or were on a path to adopt SASE.” Implementing SASE, or secure access service edge, is not like installing an anti-malware app – it cannot be done overnight and requires a major overhaul of existing security controls.

Despite this, SASE is an attractive security approach for any enterprise increasing its cloud and remote working estates; and as the cloud and remote working paradigm increases, so will the attraction of SASE. SecurityWeek spoke to David Greenfield, director of technology evangelism at Cato Networks, a specialist SASE firm. 

“Those numbers are significantly higher than what we saw in our annual survey back in January,” he told us. “In that sampling base, we were looking closer to 46% adoption, which is very much in line with Gartner.” But, he added, “SASE interest is through the roof.”

It was Gartner who effectively defined the SASE model, so it is worth examining the take-up it expects. As recently as March 25, 2021 it published its Strategic Roadmap for SASE Convergence. “By 2025,” suggests Gartner, “at least 60% of enterprises will have explicit strategies and timelines for SASE adoption encompassing user, branch and edge access, up from 10% in 2020.”

In other words, Gartner believes it will be four years before the market achieves two-thirds of the position the WSJ Intelligence and Forcepoint survey says is already achieved.

Related: Getting SASE, Without the Hyperbole

Related: Fortinet Acquires SASE Cloud Provider OPAQ Networks

Related: Palo Alto Networks to Acquire CloudGenix for $420 Million

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.