Dell’Oro: SASE Market grew 33% in 2022; forecast to hit $8B in 2023
According to Dell’Oro Group, the ongoing need to modernize the network and security architecture for branch offices and hybrid users led to the vigorous 33% revenue growth in the SASE [1.] market. The market research firm anticipates that enterprises will continue to place a high priority on SASE and cause the overall SASE market to grow to $8B for the full year 2023. In contrast, Gartner forecasts that total worldwide end-user spending on SASE will reach $9.2 billion in 2023, a 39% increase from 2022.
Note 1. In 2019, Gartner coined the term secure access service edge, or SASE, that brings a more secure and flexible way to perform advanced security inspection directly in the cloud, instead of backhauling application traffic to a data center before forwarding it to the cloud. This cloud-first approach to security also aligns with the increasing adoption of hybrid work post-pandemic, where workers will balance their time in the office and working remote for the foreseeable future.
“3Q 2022 was the seventh consecutive quarter of year-over-year SASE revenue growth topping 25%, which signals the importance enterprises are placing on SASE,” said Mauricio Sanchez, Research Director, Network Security, and SASE & SD-WAN at Dell’Oro Group. “Unlike some other network security markets we track, we expect the high investment priority will continue and lead to the SASE market eclipsing $8 B in 2023,” added Sanchez.
Image Source: https://trustgrid.io/sase/
Additional highlights from the 3Q 2022 SASE & SD-WAN Quarterly Report:
- SASE security, also referred to as SSE (the basket of products providing cloud-delivered SWG, CASB, ZTNA, and FWaaS), achieved its tenth consecutive quarter of sequential revenue expansion.
- SASE networking, synonymous with SD-WAN, had a challenging Y/Y comparison in 3Q 2022 against a very strong 3Q 2021 when enormous pent-up demand was a significant driver. Nonetheless, the ongoing trend of improved supply chains allowed vendors to better service demand and sustain a similar level of market growth compared to recent quarters.
Cisco, Fortinet, Palo Alto Networks, Symantec/Broadcom, Versa Networks, VMware and Zscaler are the leading SASE suppliers, according to Del’Oro (see different list below). However, Sanchez also mentioned another company not typically associated with SASE: Microsoft.
“The dark horse is Microsoft. Not a significant player today, but could easily become one virtually overnight,” he said. “Microsoft – Windows, Azure – has all the technology elements to not only do SASE but compete on a number of other fronts: identity management, firewalls, email/content security, WAF, DDoS, endpoint, cloud security, cloud networking. Moreover, Microsoft has been beating the drum louder about their security capabilities and desire to go after share of security wallet.”
Author’s Note: SASE is a single vendor turn key solution so vendor selection is ultra important.
The Dell’Oro Group SASE & SD-WAN report includes manufacturers’ revenue covering the SASE and Access Router markets. In addition, the report analyzes the SASE market from two perspectives, technology (SD-WAN networking and SSE security) and implementation (unified and disaggregated). The report also provides unit information for the Access Router market. To purchase this report, please contact us at [email protected].
Dell’Oro Group is a market research firm that specializes in strategic competitive analysis in the telecommunications, security, enterprise network, and data center infrastructure markets. Our firm provides in-depth quantitative data and qualitative analysis to facilitate critical, fact-based business decisions. For more information, contact Dell’Oro Group at +1.650.622.9400 or visit www.delloro.com.
Definition: SASE (an acronym coined by Gartner) converges network (SD-WAN, ZTNA) and network security services (SWG, CASB, FWaaS, etc). All of these services are integrated and delivered based on user and device identities, context, policies with continuous assessment of risk/trust throughout a session. This combination creates small perimeters around users, devices, and applications, that are then additionally hardened by security services.
Netskope research says that by 2024, at least 40% of enterprises are expected to have explicit strategies for adopting SASE. SASE solutions will help small to large businesses with extracting the security incidents mentioned in the below image. According to MarketWatch, the global SASE market is expected to reach $3936.4 million by 2026.
Image Source: https://trustgrid.io/sase/
According to Software Testing Help, the leading SASE vendors are:
- #1) Cato SASE (Recommended)
- #2) Perimeter 81
- #3) Twingate
- #4) Netskope
- #5) Zscaler
- #6) Barracuda Networks
- #7) VMware
- #8) Fortinet
- #9) PaloAlto Network
- #10) Akamai Enterprise Application Access
- #11) Cisco
To leverage the SASE platform, it should have cloud-native & cloud-based architecture. It should support all edges and be distributed globally across many PoPs (Points of Presence). A SASE platform with significant geographical reach will let you compete effectively and meet the requirements of low latency. A platform with agent-based capabilities can facilitate policy-based access, and some on-premises-based capabilities can provide network functions like QoS.
Gartner: SASE tops Gartner list of 6 trends impacting Infrastructure & Operations over next 12 to 18 months
Dell’Oro: Secure Access Service Edge (SASE) market to hit $13B by 2026; Gartner forecasts $14.7B by 2025; Omdia bullish on security
3 thoughts on “Dell’Oro: SASE Market grew 33% in 2022; forecast to hit $8B in 2023”
MEF, a global industry association of network, cloud, and technology providers accelerating enterprise digital transformation, today announced it has published the industry’s first Secure Access Service Edge (SASE) standard defining SASE service attributes, a framework and common definitions, and a Zero Trust framework that together allow organizations to implement dynamic policy-based actions to secure network resources for faster decision making and implementation for enterprises.
MEF’s SASE standard aligns stakeholders on common terminology and service attributes when buying, selling, and delivering SASE services, and makes it easier to interface policy with security functions for cloud-based cybersecurity from anywhere. MEF’s Zero Trust framework defines service attributes to enable service providers to implement and deliver a broad range of services that comply with Zero Trust principles.
According to the July 2022 SASE & SD-WAN 5-Year Forecast Report from Dell’Oro Group, the SASE-related technologies market will exceed $13 billion by 2026. SASE has quickly gained traction due to its work-from-anywhere cloud approach to security and networking. The MEF SASE service standard and Zero Trust framework have been developed by the industry’s top managed security and service providers to make it easier to bring to market robust, easy-to-understand, easy-to-manage SASE services for the enterprise. The new standards include:
SASE Service Attributes and Service Framework Standard
This standard specifies service attributes to be agreed upon between a service provider and a subscriber for SASE services, including security functions, policies, and connectivity services. The standard defines the behaviors of the SASE service that are externally visible to the subscriber irrespective of the implementation of the service. A SASE service based upon the framework defined in the standard enables secure access and secure connectivity of users, devices, or applications to resources for the subscriber. MEF’s SASE standard (MEF 117) includes SASE service attributes and a SASE service framework.
Zero Trust Framework for MEF Services
The new Zero Trust Framework for MEF Services (MEF 118) defines a framework and requirements of identity, authentication, policy management, and access control processes that are continuously and properly constituted, protected, and free from vulnerabilities when implemented and deployed. This framework also defines service attributes, which are agreed between a subscriber and service provider, to enable service providers to implement and deliver a broad range of services that comply with Zero Trust principles.
“With SASE still at an early stage and generating confusion, I applaud MEF’s standardization efforts. In the near-term, they are contributing vocabulary and aligning conceptual frameworks that are vital to getting the industry to rally behind common, interoperable approaches,” said Mauricio Sanchez, Research Director for Network Security & SASE/SD-WAN research at Dell’Oro Group. “In the long-term, I see the resulting standards help make multi-vendor SASE a reality and accelerate overall adoption.”
“Enterprises are challenged to compare feature sets and solutions when selecting SD-WAN, SSE, and SASE services, including Zero Trust Network Access, which can result in incomplete service offerings that don’t meet needs and expectations. At the same time, service providers want to offer a complete, unified SASE service that includes networking and security under a single pane of glass,” said Pascal Menezes, MEF Chief Technology Officer. “MEF’s new SASE standard and Zero Trust framework, firsts in the industry, provide clarity and simplify the selection of SASE managed services for enterprises. MEF-based SASE services allow organizations to make choices based on industry-standard service attributes, frameworks, and common definitions which allow for easier evaluation and faster decision making and implementation. On behalf of MEF, I would like to thank all the members who worked tirelessly to progress these efforts for the benefit of the entire industry.”
MEF also offers technical training on SD-WAN and related security for professionals through its MEF-SDCP certification.
Explore MEF SASE, Zero Trust and SD-WAN resources. Download the market brief, “Tackling SASE and SD-WAN Managed Service Provider Challenges,” which summarizes MEF market research indicating the two greatest challenges faced by SASE providers to date are customer education and lack of industry standards.
Analysts expect that Secure access service edge (SASE) total worldwide end-user spending will reach $9.2 billion in 2023, marking a 39% increase from 2022.
Gartner, who coined the acronym, also announced its single-vendor SASE leaders. The firm’s definition specifies that a complete SASE offering combines network edge capabilities like SD-WAN, and a set of cloud-centric security service edge (SSE) capabilities, including secure web access gateway (SWG), cloud access security broker (CASB), firewall-as-a-service (FWaaS), and zero-trust network access (ZTNA).
While many vendors still can only supply components of SASE, Gartner recognized nine that offer complete solutions with both networking and SSE capabilities – Cato Networks, Cisco, Citrix, Forcepoint, Fortinet, Netskope, Palo Alto Networks, Versa Networks, and VMware.
Executives from these companies gave SDxCentral their predictions for what 2023 has in store for the SASE market and technologies:
Shlomo Kramer, CEO, Cato Networks
“Just as COVID caused a massive acceleration in digital transformation projects, the recession will accelerate security consolidation. Numerous studies indicate that enterprises maintain dozens of security tools. And with so many security tools, controls are fragmented resulting in reduced visibility; operational overhead increases with the need for extra personnel and skills to master the various tools; and gaps between tools are created leaving the cracks through which attackers can infiltrate. Most companies (75%) expect to reduce the number of security vendors they use, replacing them with one, converged security platform.
Due to recessionary factors, IT staff will be pressured more than ever to do more with less, accelerating the move toward ‘as-a-service’ models. Numerous reports indicate that this recession will be unusual, not marked by the unemployment typical of a recession. But if layoffs are not part of the recession-coping toolbox, organizations will need to find other ways to reduce costs. Adoption of as-a-service models enables IT teams to tap expertise and tools that otherwise would be difficult to onboard.”
Jim Fulton, VP of Product, Forcepoint
“Organizations will further optimize their networking and security for the merging hybrid workforce, and SASE will continue its move into the mainstream as the architecture of choice for those initiatives.
The distinction between single-vendor SASE solutions (SD-WAN and SSE from the same vendor) versus separate SD-WAN and SSE providers will become more prominent as organizations look for ways to simplify their operations during an economic downturn. We will see organizations continue to consolidate vendors and demand platforms that are geared toward reducing the operational burden on security and networking teams, especially during a rocky economy.
Replacing VPNs with ZTNA will accelerate as organizations look to reduce costs and boost control over access to business resources. The role of data security in SASE will continue to grow as organizations realize that it’s not enough to protect how users get to the web, cloud, and private apps. Keeping control of what they do with data after they get there is just as important.”
Nirav Shah, VP of Products, Fortinet
“As the SASE market matures, CIOs will increasingly stop looking at SASE in a silo and examine it as part of their entire infrastructure. We don’t see a cloud-only world in the future, likewise we don’t see an on-premises-only world. SASE is an important cloud-delivered architecture for securing remote access, but it’s important to look at the reality of how most enterprises are building hybrid networks to meet their business needs. That means building a SASE architecture – what is essentially the convergence of cloud-delivered networking and security technologies – with products that are able to seamlessly integrate with each other and with converged on-premises solutions. This ensures enterprises preserve their existing on-premises investments (including SD-WAN investments), and prevents having to completely re-architect everything you already have deployed.
Thinking that convergence only needs to be in the cloud or convergence only needs to be on-premises when you have a hybrid network is not the right way to think – you need both. Many organizations today struggle with complexity because they have taken a piecemeal approach, using disparate tools from multiple vendors to support their security and connectivity needs at headquarters, branch offices, and remote workforce. In 2023, we’ll see more and more CIOs prioritizing consolidation by choosing solutions that can seamlessly integrate across both cloud and on-prem to ensure consistent security and a consistent user experience no matter where users or applications are distributed. We see this same trend manifesting in how CIOs are evaluating ZTNA solutions.”
Naveen Palavalli, VP of Product GTM Strategy, Netskope
“2022 was a challenging year for many organizations, but many are anticipating that 2023 will see continued economic headwinds. As a result, organizations will be looking especially close at how SASE can enable them to continue growing in an optimized, efficient manner. SASE features a number of consolidation and cost-savings benefits, and these will likely feature more heavily in business cases presented to the CIO and executive decision makers, in addition to traditional SASE value drivers like superior user experience or comprehensive security.
Another trend we will see more of in 2023 is the increased adoption of single-vendor SASE solutions by larger organizations. Until recently, these organizations looked primarily at dual-vendor SASE solutions based upon mature, trusted, cloud security platforms and established SD- WAN offerings. However, as complete, robust single-vendor solutions emerge that match or exceed the functionality of their dual-vendor counterparts, these will increase in popularity and market acceptance over the course of the year.
Finally, in 2023, organizations will look to apply some of the evolutionary principles introduced by ZTNA – a fundamental part of SASE – and apply them to the LAN. ZTNA provided remote workers with faster, more secure access to private applications.”
Kumar Ramachandran, SVP Products – Network Security, Palo Alto Networks
“With the recent emergence of multiple single-vendor SASE offerings, these solutions will become preferred over multi-vendor solutions (a.k.a. mix-and-match SASE). This will be driven by increased awareness of the shortcomings of mix- and-match SASE and new capabilities coming from more advanced single-vendor solutions.
Since its introduction earlier this year, ZTNA 2.0 has been gaining traction amongst security-minded early adopters. We expect ZTNA 2.0 to go mainstream in 2023.
The convergence of networking and security solutions, combined with AI and ML, will enable IT teams to predict and resolve issues with applications, networks, and security posture before they cause business disruptions. These cutting-edge capabilities will drive increased productivity and enable IT organizations to go from a reactive to a proactive posture.”
Kelly Ahuja, CEO, Versa Networks
“While the market was initially driven by remote user access to cloud workloads, SASE has emerged as the technology to protect and connect across the entire enterprise footprint. Enterprises are seeking extensible solutions as opposed to point products or technologies that they must integrate themselves. In 2023, SASE solutions that protect enterprise resources while delivering the optimal user/device-to-app or app-to-app experience, simplify policy definition, and add lifecycle management will emerge and establish themselves as the way of future.
SASE has quickly evolved from a set of discrete technologies or functions to a future state blueprint for integrating security and networking. Early adopter enterprises have started their journey to this future state and are charting the course to nirvana. Lessons learned from these early adopters will drive the strategy of the late majority. Their choice of a platform approach versus a portfolio approach will be driven by cost, agility, and operational flexibility. The market opportunity is bigger than it has ever been.”
Karl Brown, Senior Director, VMware
“Enterprise lines of business and operational technology teams are developing new applications or modernizing legacy applications to meet their business objectives. These new applications will collect and process volumes of ephemeral data from a large number and wide array of devices in near real-time. This volume of data and requirements for low latency will mean backhauling data to a cloud or traditional data center is not economically or technically feasible. Thus, requirements for SD-WAN and SASE will expand to encompass several factors.
Connectivity to the edge: Much like connectivity to the cloud, applications at the edge will require a low-latency, secure, and resilient network infrastructure. Further, many new intelligent endpoints will require 5G or 4G LTE LAN connectivity for enhanced mobility, coverage, performance, and reliability.
Compute at the edge: Applications at the edge will require compute capabilities. Deploying dedicated servers is not feasible in many locations because they add to the operational burden while posing security risks. Instead, enterprises should look for SD-WAN and SASE solutions that can host edge applications.
Intelligence about the edge: An understanding of application performance at the edge requires AI-assisted tools given the large volume of endpoints and the increased number of workloads. Therefore AIOps-based functionality is a requirement for SD-WAN and SASE management to function optimally.”
Citrix responded to SDxCentral saying they will be less focused on SASE moving forward, but “rather SSE which is more applicable to their portfolio.” Cisco did not respond to request for comment before publication.
Security Service Edge vs. SASE: What Is the Difference?
Secure Access Service Edge (SASE) is a category of networking solutions defined by Gartner in 2019, which combines traditional network security functions with wide area networking (WAN) capabilities. The goal of SASE is to provide secure and reliable connectivity for users and devices, regardless of their location or the type of network they are connected to.
Gartner defines SASE as a cloud-delivered, network security as a service platform that provides secure network connectivity and network security functions in a unified offering, delivered through a common infrastructure and management. SASE combines network security functions, such as zero trust networking, firewalls, and intrusion prevention systems (IPS), with cloud-based networking services like SD-WAN (software-defined wide area networking) and internet connectivity.
Secure Services Edge (SSE) is a set of integrated, cloud-delivered secure services that use identities and policies to establish secure connections between authenticated users and business resources. First introduced by Gartner in 2021, SSE is a security category that will secure connectivity in the future of hybrid environments and remote work.
As more employees work outside corporate boundaries, SaaS applications become the norm, and applications move to the public cloud, organizations cannot continue to backhaul user traffic to corporate networks. Many IT organizations are replacing their existing network security appliances, such as firewalls, VPN gateway appliances, and web gateways, with cloud-based options that can better protect data, provide a better user experience, and reduce costs.
SSE platforms provide cloud services that extend secure connectivity to user locations, without connecting users to corporate networks, exposing IT infrastructure to the public internet, or requiring complex network segmentation. Instead, SSE allows IT to provide secure access from anywhere to on-premise applications, secure access to the internet, and fast access to the cloud and SaaS applications.
Security Service Edge vs. SASE: What Is the Difference?
The main difference between Secure Access Service Edge (SASE) and Security Service Edge (SSE) is the focus of the solutions. SASE combines traditional network security functions with wide area networking (WAN) capabilities, while SSE focuses specifically on security functions.
SASE solutions are designed to provide secure and reliable connectivity for users and devices, regardless of their location or the type of network they are connected to. This can include traditional networking functions like VPNs and SD-WAN (software-defined wide area networking), as well as security functions like firewalls, intrusion prevention systems (IPS), and other controls. SASE solutions are often used by organizations with remote and hybrid workforces to ensure secure access to corporate resources and protect against cyber threats.