IDC: Public Cloud software at 2/3 of all enterprise applications revenue in 2026; SaaS is essential!

IDC forecasts that worldwide revenue for enterprise applications will grow from $279.6 billion in 2022 to $385.2 billion in 2026 with a five-year compound annual growth rate (CAGR) of 8.0%. Nearly all this growth will come from investments in public cloud software, which is expected to represent nearly two thirds of all enterprise applications revenue in 2026.

While the process of migrating from on-premises applications to the cloud can take years, enterprise software vendors and their customers will continue the transition to the cloud as this is an essential part of business operations in the digital world. Companies that do not pursue this technology will sustain losses due to profound opportunity costs as their competitors adopt cloud technologies and the use of application programming interfaces (APIs), moving beyond the reach of technological holdouts with on-premises or homemade solutions.

“It’s no longer enough for businesses to sit back and rely on their technological debt of software and hardware assets to keep the company running. In the digital world, enterprise software needs to constantly innovate to keep up with demand for speed, scale, and a resilient business,” said Heather Hershey, research director, Worldwide Digital Commerce at IDC. “Organizations must invest in new tools to keep their application portfolio up to date as they move into the digital era, automating all processes while also leveraging innovation and a wealth of data to become a more creative and resilient company in the digital realm.”

In addition to the ongoing cloud migration, IDC has identified a number of other significant market developments that are driving growth in the enterprise applications market.

  • SaaS and cloud-based, modular, and intelligent applications are no longer “nice to have” but are instead essential for business. Organizations that want to stay in business need AI-driven software that is cloud enabled, modular, and intelligent.
  • Application programmable interface technology will continue to be the backbone of the enterprise applications market. APIs will always resonate as a sound investment to companies that understand the pivotal role they play in connecting all the disparate code bases that make up the modern world.
  • Phasic migration to cloud with TaskApps augmentation will continue, particularly in B2B enterprises. TaskApps and low-code/no-code development tools are being used to close gaps, extend processes, or change up the business at a faster pace throughout the transition to digital first.
  • New global regulations around data privacy and ethics have changed the way organizations collect and use data, pushing governance to the forefront of the conversation. Compliance has become a differentiating factor for enterprises that prioritize trustworthiness.

“The digital world is completely altering the way software is utilized and incorporated into the organization from modularity to APIs to low code/no code to business process automation to TaskApps and even with innovation,” said Mickey North Rizza, group vice president, Enterprise Software at IDC. “Organizations are stretching their visions from filling technology gaps to optimizing processes globally to going the last mile with complete differentiators for their clients. The business world is finally starting to leverage the opportunity technology brings to it.”

Photo Credit: Unsplash

The enterprise applications market is a competitive market that includes software specific to certain industries as well as software that can handle requirements for multiple industries. Enterprise applications can be delivered as a pre-integrated suite of applications (featuring common data and process models across functional areas) or as standalone applications that automate specific functional business processes, such as accounting, human capital management, or supply chain execution. The enterprise applications market consists of the following secondary markets: enterprise resource management, customer relationship management, engineering applications, supply chain management applications, and production applications.

The IDC report, Worldwide Enterprise Applications Software Forecast, 2022–2026: Digital Era Software on the Rise (Doc #US48563522), presents a five-year forecast for worldwide enterprise applications revenues, including spending by geographic region and deployment type (public cloud and on premises). The report also provides insight into the market’s evolution through 2026, including deployment models, trends, and significant market developments.

…………………………………………………………………………………………………………………………………………………………

In a separate report titled Worldwide Quarterly Enterprise Infrastructure Tracker: Buyer and Cloud Deployment, IDC sas that spending on compute and storage infrastructure products for cloud deployments, including dedicated and shared IT environments, increased 24.7% year over year in the third quarter of 2022 (3Q22) to $23.9 billion. Spending on cloud infrastructure continues to outgrow the non-cloud segment although the latter had strong growth in 3Q22 as well, increasing at 16.5% year over year to $16.8 billion. The market continues to benefit from high demand and large backlogs, coupled with an improving infrastructure supply chain.

Spending on shared cloud infrastructure reached $16.8 billion in the quarter, increasing 24.4% compared to a year ago. IDC expects to see continuous strong demand for shared cloud infrastructure with spending expected to surpass non-cloud infrastructure spending in 2023. The dedicated cloud infrastructure segment grew 25.3% year over year in 3Q22 to $7.1 billion. Of the total dedicated cloud infrastructure, 45.2% was deployed on customer premises.

For the full year 2022, IDC is forecasting cloud infrastructure spending to grow 19.6% year over year to $88.1 billion – a noticeable increase from 8.6% annual growth in 2021. Non-cloud infrastructure is expected to grow 10.7% to $64.7 billion. Shared cloud infrastructure is expected to grow 19.0% year over year to $60.9 billion for the full year while spending on dedicated cloud infrastructure is expected to grow 21.2% to $27.3 billion for the full year.

About IDC:

International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. With more than 1,300 analysts worldwide, IDC offers global, regional, and local expertise on technology, IT benchmarking and sourcing, and industry opportunities and trends in over 110 countries. IDC’s analysis and insight helps IT professionals, business executives, and the investment community to make fact-based technology decisions and to achieve their key business objectives. Founded in 1964, IDC is a wholly owned subsidiary of International Data Group (IDG), the world’s leading tech media, data, and marketing services company. To learn more about IDC, please visit www.idc.com. Follow IDC on Twitter at @IDC and LinkedIn. Subscribe to the IDC Blog for industry news and insights.

References:

https://www.idc.com/getdoc.jsp?containerId=prUS50029423

https://www.idc.com/getdoc.jsp?containerId=prUS50037523

Cybersecurity to be a top priority for telcos in 2023

Telecom has always been susceptible to cyberattacks and data breaches.  With increasing deployment of IoT devices, attackers will have more opportunities to obtain our data as more gadgets are connected to our network.  OpenRAN, with many more exposed interfaces, widens the attack surface for bad actors.

Different security risks brought on by 5G will leave the sector open to cyberattacks. To strengthen security surrounding connected devices, cloud systems, and the networks that connect them, telecom operators must invest in implementing stringent cybersecurity measures because there is a significant amount of sensitive data dispersed across intricate, private, and private networks.

According to Gartner, there will be 43 billion IoT-connected devices by the end of 2023. For those in charge of cybersecurity, it’s necessary to keep in mind IoT devices, such as smartwatches or human-wearable biometrics, monitoring systems, robotics, alarm systems, sensors, IT devices, and industrial equipment. IoT security is essential as more telecoms embrace the industry and implement these devices in their networks because they can remotely access base stations and data centers.

Finally, enterprises deploying SD-WANs and other private or virtual private networks. In particular:

  • Secure Access Service Edge (SASE) combines network security functions (such as SWG, CASB, FWaaS and ZTNA), with WAN capabilities (e.g. SD-WAN) to support businesses’ secure access needs. Previously, security for SD-WAN was an open, unresolved issue.
  • Secure Service Edge (SSE) is the security components of SASE focusing largely on the cloud access security broker, secure web gateway, and zero-trust network access products to enable secure use of the internet and cloud services for a hybrid workforce working from anywhere,”  said Gartner analyst Charlie Winckless.

Dell’Oro group July 2022 report found that the SSE market grew 40% year-over-year to more than $800 million in the first quarter.  A December report noted that SSE  achieved its tenth consecutive quarter of sequential revenue expansion in 3Q-2022. Dell’Oro’s Director of Network Security, SASE, and SD-WAN Mauricio Sanchez said the strong growth is a testament to more enterprises preferring cloud-delivered security over traditional on-premises solutions.  Sanchez told SDX Central:  “The growth factors that have existed largely since the pandemic started are still with us.  That’s the shift to hybrid work, the shift of workloads to the cloud, and the importance of the digital experience.”

References:

https://insidetelecom.com/a-look-at-the-telecommunication-industry-trends/

Summary of EU report: cybersecurity of Open RAN

IEEE/SCU SoE Virtual Event: May 26, 2022- Critical Cybersecurity Issues for Cellular Networks (3G/4G, 5G), IoT, and Cloud Resident Data Centers

U.S. cybersecurity firms seek tech standards to secure critical infrastructure

Enterprises Deploy SD-WAN but Integrated Security Needed

Have we come full circle – from SD-WAN to SASE to SSE? MEF’s SD-WAN and SASE standards

Have we come full circle – from SD-WAN to SASE to SSE? MEF’s SD-WAN and SASE standards

Backgrounder – SD-WAN and SASE:

software-defined wide area network (SD-WAN) uses software-defined network technology, mostly to communicate over the Internet using overlay tunnels which are encrypted when destined for internal organization locations.  If standard tunnel setup and configuration messages are supported by all of the network hardware vendors, SD-WAN simplifies the management and operation of a WAN by decoupling the networking hardware from its control mechanism. This concept is similar to how software-defined networking implements virtualization technology to improve data center management and operation.[1] In practice, proprietary protocols are used to set up and manage an SD-WAN, meaning there is no decoupling of the hardware and its control mechanism.

A key application of SD-WAN is to allow companies to build higher-performance WANs using lower-cost and commercially available Internet access.  That enables businesses to partially or wholly replace more expensive private WAN connection technologies such as MPLSWhen SD-WAN traffic is carried over the Internet, there are no end-to-end performance guarantees.  In sharp contrast, Carrier MPLS VPN WAN services are not carried as Internet traffic, but rather over carefully-controlled carrier capacity, and do come with an end-to-end performance guarantee.

Gartner’s 2022 SD-WAN Magic Quadrant report identified Cisco, Fortinet, VMware, Palo Alto Networks, Hewlett Packard Enterprise (HPE) Aruba, and Versa Networks as market leaders. The analyst firm estimates the top 10 vendors make up more than 80% of the market.  To determine SD-WAN leaders, Gartner reviewed vendors’ product capabilities such as the ability to operate as a branch office router, and having a centralized management for devices, zero-touch configuration, and VPN with a basic firewall. The analyst firm also reviewed vendors’ business and financial performance based on their volume of customers, sites, and contracts.

Gartner coined the acronym SASE (Secure Access Service Edge) in an August 2019 report The Future of Network Security in the Cloud and expanded its functionality in their 2021 Strategic Roadmap for SASE Convergence.  SASE combines network security functions (such as SWG, CASB, FWaaS and ZTNA), with WAN capabilities (e.g. SD-WAN) to support businesses’ secure access needs. Previously, security for SD-WAN was an open, unresolved issue.

SASE is a holistic framework that brings security and networking connectivity together through a cloud-centric base. Businesses can save equipment, human and financial resources thanks to SASE’s underlying cloud design, and they can scale performance with minimal hardware needs.

Omdia Analyst Fernando Montenegro describes SASE as a “framework architecture, not a solution.”

MEF SD-WAN and SASE Standards:

In August 2019, the MEF published the industry’s first global standard defining an SD-WAN service and its service attributes. SD-WAN Service Attributes and Services (MEF 70). The MEF SD-WAN standard describes requirements for an application-aware, over-the-top WAN connectivity service that uses policies to determine how application flows are directed over multiple underlay networks irrespective of the underlay technologies or service providers who deliver them.  However, it does not address interoperability because it does not specify either a UNI or NNI protocol stack.

MEF 70 defines:

  • Service attributes that describe the externally visible behavior of an SD-WAN service as experienced by the subscriber.
  • Rules associated with how traffic is handled.
  • Key technical concepts and definitions like an SD-WAN UNI, the SD-WAN Edge, SD-WAN Tunnel Virtual Connections, SD-WAN Virtual Connection End Points, and Underlay Connectivity Services.

SD-WAN standardization offers numerous benefits that will help accelerate SD-WAN market growth while improving overall customer experience with hybrid networking solutions. Key benefits include:

  • Enabling a wide range of ecosystem stakeholders to use the same terminology when buying, selling, assessing, deploying, and delivering SD-WAN services.
  • Making it easier to interface policy with intelligent underlay connectivity services to provide a better end-to-end application experience with guaranteed service resiliency.
  • Facilitating inclusion of SD-WAN services in standardized LSO architectures, thereby advancing efforts to orchestrate MEF 3.0 SD-WAN services across automated networks.
  • Paving the way for creation and implementation of certified MEF 3.0 SD-WAN services, which will give users confidence that a service meets a fundamental set of requirements.

Last year MEF introduced an updated version of its SD-WAN standard, MEF 70.1, which added critical enhancements. MEF is also currently at work on version MEF W70.2 and MEF W119 Universal SD-WAN Edge, which will address the need for interoperability, among other things.

In December 2022, MEF published two Secure Access Service Edge (SASE) standards defining 1.] SASE service attributes, common definitions & a framework and 2.] a Zero Trust framework that together allow organizations to implement dynamic policy-based actions to secure network resources for faster decision making and implementation for enterprises.  MEF’s SASE standard defines common terminology and service attributes which is critically important when buying, selling, and delivering SASE services. It also makes it easier to interface policy with security functions for cloud-based cybersecurity from anywhere. MEF’s Zero Trust framework defines service attributes to enable service providers to implement and deliver a broad range of services that comply with Zero Trust principles.

  1. SASE Service Attributes and Service Framework Standard:  specifies service attributes to be agreed upon between a service provider and a subscriber for SASE services, including security functions, policies, and connectivity services. The standard defines the behaviors of the SASE service that are externally visible to the subscriber irrespective of the implementation of the service. A SASE service based upon the framework defined in the standard enables secure access and secure connectivity of users, devices, or applications to resources for the subscriber. MEF’s SASE standard (MEF 117) includes SASE service attributes and a SASE service framework.
  2. Zero Trust Framework for MEF Services: The new Zero Trust Framework for MEF Services (MEF 118) defines a framework and requirements of identity, authentication, policy management, and access control processes that are continuously and properly constituted, protected, and free from vulnerabilities when implemented and deployed. This framework also defines service attributes, which are agreed between a subscriber and service provider, to enable service providers to implement and deliver a broad range of services that comply with Zero Trust principles.

–>PLEASE SEE Pascal Menezes CTO of MEF COMMENTS BELOW THIS ARTICLE.

………………………………………………………………………………………………………………………………………………………………………………..

Enter SSE (Secure Service Edge):

In it’s above referenced 2021 report, Gartner defined SSE (Secure Service Edge) which is a separate entity that doesn’t include SD-WAN.  “SSE is the security components of SASE focusing largely on the cloud access security broker, secure web gateway, and zero-trust network access products to enable secure use of the internet and cloud services for a hybrid workforce working from anywhere,” Gartner analyst Charlie Winckless told SDxCentral.

Telefónica tapped cloud security vendor Zscaler to develop a new managed SSE platform in a bid to address changing workforce dynamics and cloud consumption. The announcement illustrated a growing trend around the Gartner-coined product category, in which cloud security and SASE vendors alike announce “new” products and services around the buzzword.

But for the most part, these SSE products aren’t so much new as they’re rebranded and repackaged SASE services that’ve been stripped of their SD-WAN capabilities, if they ever had them in the first place. Zscaler’s SSE is built around the same Zscaler Internet Access and Zscaler Private Access products that, just a few months ago, it was calling SASE.

“The contrast is that SASE focuses on a user’s secure access needs as a part of the solution. SSE, on the other hand, mainly focuses on cloud-centric security services for the protection of users,” according to Juta Gurinaviciute, Forbes Councils Member and CTO for NordLayer, a remote access security provider.  Gurinaviciute explained that SSE is SASE minus SD-WAN. SSE is essentially a way for enterprises to focus more on cloud-based security as a stepping stone to a full SASE service. She wrote:

As per Gartner’s suggestion, some companies may select a single-provider SASE offering, while others prefer partnered SD-WAN and SSE offerings from separate providers based on companies’ needs.   Your business may have already invested in SD-WAN in advance. SSE would be a more meaningful choice in the short-term in such a case. If your company’s current setup doesn’t need SD-WAN, security may be a much more urgent requirement, in which case SSE would make more sense. Even if your organization only has a single regional branch or a simple branch, SSE may still be helpful.

Considering all of these reasons, SASE, the implementation of which may seem challenging and daunting for security professionals, can be done much faster with SSE adaptation first. The journey can be completed much more smoothly using this option, and SSE may benefit a wide range of companies that need robust protection.

“I think everybody’s really excited about SASE because enterprises keep asking about it,” Omdia Analyst Adeline Phua told Light Reading in a recent podcast. “It’s got so much buzz in the market.”  However, Phua found that excitement about SASE/SSE hasn’t necessarily equated to mass adoption of the service. “We’re thinking that maybe adoption is really hitting that tipping point, only to find out when we talk to service providers and to enterprises that the adoption is really not there yet,” she added.

A Dell’Oro group July 2022 report found that the SSE market grew 40% year-over-year to more than $800 million in the first quarter.  A December report noted that SSE  achieved its tenth consecutive quarter of sequential revenue expansion in 3Q-2022. Dell’Oro’s Director of Network Security, SASE, and SD-WAN Mauricio Sanchez said the strong growth is a testament to more enterprises preferring cloud-delivered security over traditional on-premises solutions.  Sanchez told SDX Central:  “The growth factors that have existed largely since the pandemic started are still with us.  That’s the shift to hybrid work, the shift of workloads to the cloud, and the importance of the digital experience.”

While Dell’Oro forecasts the overall SASE market to grow to $8 B for the full year 2023, an Omdia survey found that SD-WAN is only expected to achieve 87% market penetration at the end of 2023. Omdia’ Phua says that enterprises which are using SD-WAN aren’t deploying it at all their sites. Part of the problem stems from supply chain challenges triggered by COVID-19 which have resulted in a shortage of products and SD-WAN deployment delays.

Where service providers can make progress in assisting their enterprise customers’ adoption of SASE is by providing it as a managed service with significant value add “on top of just the staff, the platform itself,” explained Omdia’s Fernando Montenegro. That might look like providing more visibility into network health and potential security threats.

Phua echoed Montenegro’s assessment: “Service providers will still need to keep looking out for new innovations and what else can we onboard to make sure that is a more complete solution for the enterprise customers. So there’s still a lot of way to go in terms of this journey.”

References:

https://en.wikipedia.org/wiki/SD-WAN#

https://www.gartner.com/en/documents/3957375

https://www.gartner.com/en/documents/3999828

https://www.forbes.com/sites/forbestechcouncil/2022/06/28/what-is-the-difference-between-sase-and-sse/?sh=5f8a38806af3

https://www.lightreading.com/sd-wan/looking-ahead-sase-is-too-messy/a/d-id/782090?

MEF Publishes Industry’s First SD-WAN Standard

MEF Introduces First SASE Standard and Zero Trust Framework

Dell’Oro: SASE Market grew 33% in 2022; forecast to hit $8B in 2023

Gartner: SASE tops Gartner list of 6 trends impacting Infrastructure & Operations over next 12 to 18 months

Dell’Oro: Secure Access Service Edge (SASE) market to hit $13B by 2026; Gartner forecasts $14.7B by 2025; Omdia bullish on security

Enterprises Deploy SD-WAN but Integrated Security Needed

MEF survey reveals top SD-WAN and SASE challenges

MEF New Standards for SD-WAN Services; SASE Work Program

Shift from SDN to SD-WANs to SASE Explained; Network Virtualization’s important role

Dell’Oro: SASE Market grew 33% in 2022; forecast to hit $8B in 2023

According to Dell’Oro Group, the ongoing need to modernize the network and security architecture for branch offices and hybrid users led to the vigorous 33% revenue growth in the SASE [1.] market. The market research firm anticipates that enterprises will continue to place a high priority on SASE and cause the overall SASE market to grow to $8B for the full year 2023.  In contrast, Gartner forecasts that total worldwide end-user spending on SASE will reach $9.2 billion in 2023, a 39% increase from 2022.

Note 1.  In 2019, Gartner coined the term secure access service edge, or SASE, that brings a more secure and flexible way to perform advanced security inspection directly in the cloud, instead of backhauling application traffic to a data center before forwarding it to the cloud. This cloud-first approach to security also aligns with the increasing adoption of hybrid work post-pandemic, where workers will balance their time in the office and working remote for the foreseeable future.

……………………………………………………………………………………………………………………………………………………………….

“3Q 2022 was the seventh consecutive quarter of year-over-year SASE revenue growth topping 25%, which signals the importance enterprises are placing on SASE,” said Mauricio Sanchez, Research Director, Network Security, and SASE & SD-WAN at Dell’Oro Group. “Unlike some other network security markets we track, we expect the high investment priority will continue and lead to the SASE market eclipsing $8 B in 2023,” added Sanchez.

Image Source: https://trustgrid.io/sase/

Additional highlights from the 3Q 2022 SASE & SD-WAN Quarterly Report:

  • SASE security, also referred to as SSE (the basket of products providing cloud-delivered SWG, CASB, ZTNA, and FWaaS), achieved its tenth consecutive quarter of sequential revenue expansion.
  • SASE networking, synonymous with SD-WAN, had a challenging Y/Y comparison in 3Q 2022 against a very strong 3Q 2021 when enormous pent-up demand was a significant driver. Nonetheless, the ongoing trend of improved supply chains allowed vendors to better service demand and sustain a similar level of market growth compared to recent quarters.

Cisco, Fortinet, Palo Alto Networks, Symantec/Broadcom, Versa Networks, VMware and Zscaler are the leading SASE suppliers, according to Del’Oro (see different list below).  However, Sanchez also mentioned another company not typically associated with SASE: Microsoft.

“The dark horse is Microsoft. Not a significant player today, but could easily become one virtually overnight,” he said. “Microsoft – Windows, Azure – has all the technology elements to not only do SASE but compete on a number of other fronts: identity management, firewalls, email/content security, WAF, DDoS, endpoint, cloud security, cloud networking. Moreover, Microsoft has been beating the drum louder about their security capabilities and desire to go after share of security wallet.”

Author’s Note: SASE is a single vendor turn key solution so vendor selection is ultra important.

About the Report

The Dell’Oro Group SASE & SD-WAN report includes manufacturers’ revenue covering the SASE and Access Router markets. In addition, the report analyzes the SASE market from two perspectives, technology (SD-WAN networking and SSE security) and implementation (unified and disaggregated). The report also provides unit information for the Access Router market. To purchase this report, please contact us at [email protected].

About Dell’Oro Group

Dell’Oro Group is a market research firm that specializes in strategic competitive analysis in the telecommunications, security, enterprise network, and data center infrastructure markets. Our firm provides in-depth quantitative data and qualitative analysis to facilitate critical, fact-based business decisions. For more information, contact Dell’Oro Group at +1.650.622.9400 or visit www.delloro.com.

…………………………………………………………………………………………………………………………………………………

Definition: SASE (an acronym coined by Gartner) converges network (SD-WAN, ZTNA) and network security services (SWG, CASB, FWaaS, etc). All of these services are integrated and delivered based on user and device identities, context, policies with continuous assessment of risk/trust throughout a session. This combination creates small perimeters around users, devices, and applications, that are then additionally hardened by security services.

Netskope research says that by 2024, at least 40% of enterprises are expected to have explicit strategies for adopting SASE. SASE solutions will help small to large businesses with extracting the security incidents mentioned in the below image. According to MarketWatch, the global SASE market is expected to reach $3936.4 million by 2026.

Image Source: https://trustgrid.io/sase/

According to Software Testing Help, the leading SASE vendors are:

To leverage the SASE platform, it should have cloud-native & cloud-based architecture. It should support all edges and be distributed globally across many PoPs (Points of Presence). A SASE platform with significant geographical reach will let you compete effectively and meet the requirements of low latency. A platform with agent-based capabilities can facilitate policy-based access, and some on-premises-based capabilities can provide network functions like QoS.

References:

https://www.delloro.com/news/strong-enterprise-demand-drives-sase-growth-33-percent-in-3q-2022/

https://www.fiercetelecom.com/telecom/microsoft-dark-horse-contender-sase-revenue-tipped-hit-8b-2023-delloro

https://www.softwaretestinghelp.com/top-sase-vendors/

Secure Access Service Edge (SASE)

Gartner: SASE tops Gartner list of 6 trends impacting Infrastructure & Operations over next 12 to 18 months

Dell’Oro: Secure Access Service Edge (SASE) market to hit $13B by 2026; Gartner forecasts $14.7B by 2025; Omdia bullish on security

 

Gartner: SASE tops Gartner list of 6 trends impacting Infrastructure & Operations over next 12 to 18 months

At its IT Infrastructure, Operations & Cloud Strategies Conference this week, Gartner identified six trends anticipated to have a significant impact on infrastructure and operations (I&O) over the next 12 to 18 months.   Secure Access Service Edge (SASE) topped the list with Sustainable technology coming in second and Wireless Value Innovation (see below) in third place.

SASE is a single-vendor product that is sold as an integrative service which enables digital transformation. This trend connects and secures users, devices, and locations as they work to access applications from anywhere. Gartner forecasts that total worldwide end-user spending on SASE will reach $9.2 billion in 2023, a 39% increase from 2022.  Gartner coined SASE as a technology framework for the convergence of network access and security in cloud-native environments.  Earlier this year, Gartner released its first Market Guide for Single-Vendor SASE, revealing to I&O leaders that interest in the framework has exploded since its introduction in 2019 – and particularly toward single-vendor solutions.

Gartner VP Analyst Jeffrey Hewitt attributed the fast adoption of SASE to “the need to secure the access of devices and elements at the edge,” as well as hybrid work and a “relentless shift to cloud computing.”  Hewitt noted the primary benefits of the framework are that it allows users to securely connect to applications and improves the efficiency of management.  “Hybrid work and the relentless shift to cloud computing has accelerated SASE adoption,” said Hewitt. “SASE allows users to connect to applications in a secure fashion and improves the efficiency of management. I&O teams implementing SASE should prioritize single-vendor solutions (1.) and an integrated approach.”

Note 1. Single-vendor SASE means the selected service provider owns and delivers all the essential SASE components—software-defined WAN (SD-WAN), secure web gateway (SWG), cloud access security broker (CASB), network firewalling, and zero trust network access (ZTNA)—using a cloud-centric architecture, according to Gartner, which created the term SASE. The service is meant to address shortcomings of legacy methods of securing access to enterprise resources.

Source: Lanner

“Leaders are going to be looking at this and saying, we want to implement this,” Hewitt told SDxCentral. “They’re going to be assessing and determining what providers can offer.”  I&O teams implementing SASE should prioritize single-vendor solutions, Hewitt added.

Hewitt noted SASE is still an “immature” market and technology framework. “It’s not something that you can just run out and have a large list of vendors – at this point – that you could select from,” he said. While many vendors still can only supply components of SASE, Gartner recognizes nine that offer complete solutions with both networking and Secure Service Edge (SSE) capabilities – Cato Networks, Cisco, Citrix, Forcepoint, Fortinet, Netskope, Palo Alto Networks, Versa Networks, and VMware.

The biggest benefits of a single-vendor solution are improved security posture, administrative simplicity with fewer consoles to manage and troubleshoot, and traffic efficiency due to single-pass encryption and optimal routing decisions instead of needing to integrate between two pieces, Analyst Andrew Lerner told SDxCentral in an earlier interview. Lerner recommended I&O leaders look for single-vendor SASE offerings that provide single-pass scanning, a single unified console, and data lakes covering all functions to improve user experience and staff efficacy.

By 2025, Gartner predicts 65% of enterprises will have consolidated individual SASE components into one or two explicitly partnered SASE vendors, up from 15% in 2021.

………………………………………………………………………………………………………………………………………………………………………………………………………………………….

Regarding Wireless Value Innovation, Gartner wrote: I&O can leverage multiple wireless technologies to extend business disruption opportunities beyond connectivity. Overlaps between various technologies including Wi-Fi, 5G, Bluetooth and high frequency (HF) facilitates connectivity solutions and creates innovation opportunities.

Hewitt said, “Wireless value innovation creates a scalable return on wireless investment and makes networks a strategic innovation platform. However, there is significant complexity at play and several new skills that are required to achieve this innovation, such as wireless integration capabilities and wireless tracking implementation experience.”

At its recent IT Symposium/Xpo 2022 Gartner included wireless among in its 10 top strategic technology trends for 2023.  In that report, Gartner stated that no single wireless technology will dominate, but enterprises will use a variety of them to support a range of environments, including Wi-Fi in the office, services for mobile devices, low-power protocols, and even radio connectivity, Gartner stated. Gartner predicts that by 2025, 60% of enterprises will be using five or more wireless technologies simultaneously.

“We’re going to see a spectrum of solutions in the enterprise—that includes 4G, 5G, LTE, WIFI 5, 6, 7—all of which will create new data enterprises can use in analytics, and low-power systems will harvest energy directly from the network,” Gartner stated.

………………………………………………………………………………………………………………………………………………………………………………………………………………………….

Gartner’s top six trends impacting I&O in 2023:

Trend No. 1: Secure Access Service Edge (SASE)

Trend No. 2: Sustainable Technology

Trend No. 3: Platform Engineering

Trend No. 4: Wireless Value Innovation

Trend No. 5: Industry Cloud Platforms

Trend No. 6: Heated Skills Competition

………………………………………………………………………………………………………………………………………………………………………………………………………………………….

References:

https://www.gartner.com/en/newsroom/press-releases/2022-12-08-gartner-identifies-the-top-trends-impacting-infrastructure-and-operations-for-2023

https://www.networkworld.com/article/3681998/gartner-top-trends-to-know-for-infrastructure-and-operations-in-2023.html

https://www.sdxcentral.com/articles/news/sase-tops-gartners-io-trends-for-2023/2022/12/

Secure Access Service Edge – SASE Appliances Enable the Most Agile Edge Security

 

Single-Vendor SASE

Dell’Oro: Secure Access Service Edge (SASE) market to hit $13B by 2026; Gartner forecasts $14.7B by 2025; Omdia bullish on security

MEF survey reveals top SD-WAN and SASE challenges

New Findings in Aryaka’s 2022 State of the WAN Report: Cloud Adoption, Hybrid Workplaces, Convergence of Network and Security with SASE

Shift from SDN to SD-WANs to SASE Explained; Network Virtualization’s important role

Enterprises Deploy SD-WAN but Integrated Security Needed

MEF New Standards for SD-WAN Services; SASE Work Program

Enterprises Deploy SD-WAN but Integrated Security (SASE) Needed

A new IDC study, commissioned by GTC, reveals that over 95% of enterprises have deployed software-defined wide area networks (SD-WANs) or plan to do so within the next 24 months.  However, nearly half (42%) reported they either don’t have security integrated with SD-WAN or have no specific SD-WAN security at all.

Enterprises today are facing what IDC calls “storms of disruption:” waves of economic, political, and social disruptions that are hampering companies’ efforts to become “truly digital enterprises” – like the Russia-Ukraine war, global recession, and industry-wide skills gaps.  Networks need to support businesses in their move toward a cloud-native, digital-first, hybrid-working model of operation, and SD-WAN is now a cornerstone of network transformation, IDC stated in its GTT-commissioned study.

When asked to list the challenges they faced when taking a do-it-yourself (DIY) approach to SD-WAN, respondents cited difficulties related to hiring and retaining a skilled in-house workforce, keeping up with technology developments and the ability to negotiate favorable terms with technology vendors.

“Now that SD-WAN has matured and has been widely adopted, the complexity of deployments has grown, challenging enterprises on multiple fronts and compromising their ability to realize the full benefits of the technology,” said James Eibisch, research director, European Infrastructure and Telecoms, IDC.

“Enterprises are increasingly reliant on the resources and expertise of a managed service provider to ensure they deploy SD-WAN in a way best suited to their meet their organizations’ objectives. Security approaches like Secure Access Service Edge (SASE) [1.] that combine the benefits of SD-WAN with zero trust network access and content filtering features are well poised to dominate the next phase of SD-WAN enhancements as enterprises continue to enable the cloud IT model and a hybrid workforce.”

Note 1.  SASE, when combined with a SD-WAN overlay network, is seen as a less expensive way to get circuits exactly where they are needed — especially to remote locations — than using traditional architectures like IP-MPLS. Scaling the enterprise WAN out to more user devices and more locations also becomes easier, a necessity at a time when hybrid and remote working continues to be popular.

…………………………………………………………………………………………………………………………………………………………..

The IDC survey found that more than 80% of respondents worldwide have either made SASE a priority (39%) or have recognized its benefits and are already incorporating it into company initiatives (42%). Only 19% of respondents worldwide reported they do not view SASE as a priority.

Despite this widespread recognition of the value of integrating security and SD-WAN, the survey found that many enterprises have not been able to leverage these benefits. In the U.S., 45% of respondents said they either don’t have security integrated with SD-WAN or have no specific SD-WAN security at all. In some countries, such as Switzerland and France, that figure was more than 50%. This trend held across vertical industries such as manufacturing (47%), retail (46%), healthcare (47%) and transportation (49%). Financial and business services were exceptions, with only 32% and 34%, respectively.  Seven out of 10 respondents (71%) worldwide expect to use integrated security in the next 12 months.

Image Credit: Fortinet

“This IDC study highlights the critical role of expert managed services support for enterprises deploying SD-WAN. Experienced managed services providers can help integrate technology, connectivity and security, while also managing costs and increased complexity,” said Lisa Brown, CMO at GTT. “The research shows that a DIY approach to SD-WAN presents a number of challenges that can be addressed by teaming with a managed services provider.”

When respondents who were adopting a managed services approach to SD-WAN were asked for their reasons, many said they wanted to outsource day-to-day management tasks. The top reason cited by respondents globally for using a managed services provider was the benefit of always-on help desk support in local languages, with 36% citing this as a reason. Running a close second, 35% cited visibility, insights and control without the need for technology certification as a benefit. In addition, 34% cited ease of configuration management; the ability to manage, maintain and facilitate technology upgrades; and better protection against security threats.

Todd Kiehn, SVP at GTT, told SDxCentral, “There will be a continued evolution to SD-WAN integrated with cloud security over the coming year. The IT organization is going to require ever-increasing visibility into the actions of the end user.  Consistently through our customers, prospects, CIO roundtables and through this recent research, the biggest obstacle enterprises are having in implementing new security solutions is finding and securing a staff with the necessary skills. The cybersecurity skill shortage particularly is a global problem.”

Companies that have no position on SD-WAN-specific security yet face the challenge of adopting these new technologies on their own or through managed service provider partnerships — either of which take time and resources.

“Enterprises can view SASE as a security architecture transformation alongside the deployment of SD-WAN. Our customers are deploying security to support their varied digital transformation initiatives such as work from anywhere, branch transformation or cloud migrations,” Kiehn noted.

“Security solutions based on the SASE framework provide choice and a roadmap to address the specific business needs of the enterprise such as enhancing the security posture of mobile users by replacing legacy VPN technology, improving security for guests and employees at brick and mortar locations, and developing a more comprehensive posture to support a hybrid cloud model,” Kiehn added.

About GTT:

GTT is a managed network and security services provider to global organizations. We design and deliver solutions that leverage advanced cloud, networking and security technologies. We complement our solutions with a suite of professional services and exceptional sales and support teams in local markets around the world. We serve thousands of national and multinational companies with a portfolio that includes SD-WAN, security, Internet, voice and other connectivity options. Our services are uniquely enabled by our top-ranked, global, Tier 1 IP backbone, which spans more than 260 cities on six continents. The company culture is built on a customer-first service experience reinforced by our commitment to operational excellence and continuous improvement in our business, environmental, social and governance practicesFor more information, visit www.gtt.net.

References:

https://www.globenewswire.com/news-release/2022/11/17/2558130/0/en/Enterprises-Embrace-SD-WAN-but-Are-Missing-Out-on-the-Benefits-of-an-Integrated-Approach-to-Security-According-to-a-New-Global-Study-Commissioned-by-GTT.html

https://www.sdxcentral.com/networking/sd-wan/definitions/software-defined-sdn-wan/

https://www.sdxcentral.com/articles/news/sd-wan-security-needs-a-refresh-idc-says/2022/11/

https://www.fortinet.com/blog/business-and-technology/do-you-want-an-sd-wan-with-security-features-or-a-secure-sd-wan

MEF survey reveals top SD-WAN and SASE challenges

Omdia: VMware and Versa Networks are SD-WAN revenue leaders; SD-WAN market to hit $6.7B by 2026

AT&T tops VSG’s U.S. Carrier Managed SD-WAN Leaderboard for 4th year

Dell’Oro: SD-WAN market grew 45% YoY; Frost & Sullivan: Fortinet wins SD-WAN leadership award

MEF New Standards for SD-WAN Services; SASE Work Program

VSG Global SD-WAN Leaderboard Rankings and Results

Dell’Oro: Secure Access Service Edge (SASE) market to hit $13B by 2026; Gartner forecasts $14.7B by 2025; Omdia bullish on security

The secure access service edge (SASE) market is expected to triple by 2026, exceeding $13 billion, representing a very healthy CAGR, according to a new forecast by Mauricio Sanchez, Research Director at the Dell’Oro Group.  The report further divides the total SASE market into its two technology components, Security Service Edge (SSE) and SD-WAN with SSE expected to double the SD-WAN revenue for SASE. The report further breaks down the SSE market into FWaaS, SWG, CASB, and ZTNA.

Sanchez wrote in a blog post:

“Today, enterprises are thinking differently about networking and security. Instead of considering them as separate toolsets to be deployed once and infrequently changed, the problem and solution space is conceptualized along a continuum in the emerging view. The vendor community has responded with a service-centric, cloud-based technology solution that provides network connectivity and enforces security between users, devices, and applications.

SASE utilizes centrally-controlled, Internet-based networks with built-in advanced networking and security-processing capabilities. By addressing the shortcomings of past network and security architectures and improving recent solutions—in particular, SD-WAN and cloud-based network security—SASE aims to bring networking and security into a unified service offering.

While the networking technologies underpinning SASE are understood to be synonymous with well-known SD-WAN, the security facet of SASE consists of numerous security technologies, such as secure web gateway (SWG), cloud access security broker (CASB), zero-trust network access (ZTNA), and firewall-as-a-service (FWaaS). Recently, a new term, security services edge (SSE), emerged to describe this constellation of cloud-delivered network security services that is foundational in SASE.”

As noted above, Dell’Oro  divides the total SASE market into two technology components: Security Service Edge (SSE) and SD-WAN with SSE. Security features such as Firewall-as-a-Service (FWaaS), Secure Web Gateway (SWG), Cloud Access Security Broker (CASB) and Zero Trust Network Access (ZTNA) fall under the umbrella of SSE, according to Dell’Oro. In addition, Dell’Oro predicts that the security component to SASE “will increasingly be the driver and lead SASE’s SSE to exhibit over twice the growth of SASE’s SD-WAN.”

Dell’Oro’s Sanchez wrote, “We see SASE continuing to thrive independent of the ongoing macro-economic uncertainty as enterprises strategically invest for the new age of distributed applications and hybrid work that need a different approach to connectivity and security.  We anticipate that security will increasingly be the driver and lead SASE’s SSE to exhibit over twice the growth of SASE’s SD-WAN.”

Additional highlights from SASE and SD-WAN 5-Year Forecast Report:

  • Within SSE, Secure Web Gateway (SWG) and Cloud Access Security Broker (CASB) are expected to remain the most significant revenue components over the five-year forecast horizon, but Zero Trust Network Access (ZTNA) and Firewall-as-a-Service (FaaS) are estimated to flourish at a faster rate.
  • Unified SASE is expected to exceed disaggregated SASE by almost 6X.
  • Enterprise access router revenue is expected to decline at over 5 percent CAGR over the forecast horizon.

Dell’Oro expects that under the umbrella of SSE, Secure Web Gateway and Cloud Access Security Broker will continue as the most significant revenue components over the five-year forecast horizon. However, Zero Trust Network Access and Firewall-as-a-Service are expected to grow at a faster rate.

Unified SASE, which Dell’Oro qualifies as the portion of the market that delivers SASE as an integrated platform, is expected to exceed disaggregated SASE by almost a factor of six over the next five years. The disaggregated type is defined as a multi-vendor or multi-product implementation with less integration than unified type.  Dell’Oro also predicts that enterprise access router revenue could decline at over 5% CAGR by 2026.

………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………..

Gartner has a more optimistic forecast of SASE revenue, predicting the market to reach $14.7 billion as early as 2025.  “Gartner predicts that global spending on SASE will grow at a 36% CAGR between 2020 and 2025, far outpacing global spending on information security and risk management,” reported VentureBeat last month. According to Gartner, top SASE vendors include Cato Networks, Fortinet, Palo Alto Networks, Versa Networks, VMware and Zscaler.

These disparate predictions could be a result of the nascent nature of the SASE market, a convergence of networking and security services coined by Gartner in 2019. To address the varying definitions for SASE and resulting confusion on the part of enterprise customers, industry forum MEF plans to release SASE (MEF W117) standards this year. MEF started developing its SASE framework in 2020 to clarify service attributes and definitions. (See MEF adds application, security updates to SD-WAN standard and MEF’s Stan Hubbard on accelerating automation with APIs.)

………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………..

Omdia’s [1.]research also shows security is a major driver for SASE adoption, according to Fernando Montenegro, senior principal analyst with Omdia.  “Our own research indicates that end-user organizations value secure web browsing use cases (SWG, CASB, browsing isolation) particularly as they go further into their deployments of SASE projects,” said Montenegro in an email to Light Reading.

Note 1.  Omdia and Light Reading are owned by Informa in the UK

Security is critical for organizations in what Omdia calls the age of “digital dominance” and by how the “demands on security teams – both in terms of time and expertise – make the delivery of security functionality via a services model particularly attractive,” Montenegro said.

SASE services also provide “good performance characteristics” when compared to enterprises utilizing their own VPN headends, and especially when hybrid work continues to be popular, added Montenegro.

References:

https://www.lightreading.com/sd-wan/bolstered-by-security-demand-sase-market-to-surpass-$13b-by-2026—report/d/d-id/779447?

Total SASE Market to Nearly Triple by 2026, According to Dell’Oro Group

 

SASE & SD-WAN

https://start.paloaltonetworks.com/gartner-2022-report-roadmap-for-sase-convergence.html

 

MEF survey reveals top SD-WAN and SASE challenges

The Metro Ethernet Forum (MEF) conducted a survey which showed that the top SD-WAN and SASE challenges are focused on coping with operating a multi-vendor environment. That’s to be expected since there are no standards for multi-vendor interoperability for either of those technologies. MEF surveyed 36 worldwide service provider experts to obtain its results.

The complexity of operating and managing multi-vendor SD-WAN, integrating security options and defining end-to-end service level agreements (SLAs) were the top three challenges.

The top Secure Access Service Edge (SASE) challenges focus more on education and standardization. The top challenges service providers face with SASE are the lack of industry standards, customer education and migration, vendors not offering a complete solution and operating in a multi-vendor environment.

MEF’s research also shows that both SD-WAN and SASE markets are on track to hit analyst expectations. “The global SD-WAN services market should hit double-digit revenue growth in 2022, while most providers who offered SASE in 2021 expect 50%-plus revenue growth in 2022 due to a significant uptick in rollout of SASE services and features,” MEF Principal Analyst Stan Hubbard told SDxCentral via email.

All service providers surveyed already have elements of a SASE offering or plan to introduce a SASE solution in 2022, according to this MEF survey.

“The top SD-WAN and SASE service provider challenges are in line with expectations for the different stages of these markets, On the SD-WAN front, one of the biggest aggravations for providers is the complexity of operating a multivendor environment, which is primarily due to the absence of interoperability among SD-WAN technology vendors. Providers have told us that their need to develop and maintain expertise on various SD-WAN vendor solutions increases skills and training burdens, creates operational inefficiencies, and adds costs. The situation is made worse today because the terminology, architectures, performance metrics, etc., of vendors differ since they do not all adhere to common standards,” Hubbard wrote.

“The SASE services market is in its very early days, confusing, and full of a host of challenges related to customer education, customer migration, lack of industry standards, the lack of complete SASE vendor solutions and more. Multiple service providers agreed the organizational challenge of integrating networking and security is ‘huge’ for customers migrating to a SASE solution. As a large service provider stated, “SASE will be a failure without organizational change” within both customers and service providers,” Hubbard added.

References:

https://www.sdxcentral.com/articles/analysis/sase-sd-wan-markets-to-see-double-digit-growth-in-2022-mef/2022/05/

Shift from SDN to SD-WANs to SASE Explained; Network Virtualization’s important role

MEF New Standards for SD-WAN Services; SASE Work Program

 

New Findings in Aryaka’s 2022 State of the WAN Report: Cloud Adoption, Hybrid Workplaces, Convergence of Network and Security with SASE

Overview:

Aryaka®, a leader in fully managed Cloud-First WAN solutions, today published its 2022 State of the WAN Report, offering a compendium of insights into global SD-WAN and SASE planning. 1,600 information technology (IT) enterprise decision makers across global enterprises answered the survey, the largest response to the survey since its inception.

Key trends identified in this year’s report include:

  • A quarter of the respondents state they have closed 25-50% of their office sites, dovetailing into overall hybrid work initiatives where 75% state that at least a quarter of their employees will remain remote permanently post-pandemic.
  • Accelerating digital transformation initiatives also impact legacy data centers, with 51% planning to eliminate their use within the next 24 months as they move to the cloud.
  • The surveyed group says Microsoft Teams (58%) and Office 365 (55%) are among the most widely adopted SaaS applications, followed by Zoom and Google Docs (35%).
  • A quarter of respondents expect budgets to grow by 25% or more in the next year, with a full three-quarters projecting at least a 10% growth. Investment appears to be accompanied via cost savings.
  • A move to simplify, adopting a more cloud-centric and agile approach, is driving convergence. In the context of network and security, trends include the Secure Access Service Edge (SASE), with 64% deploying or planning to deploy over the next year. Over two-thirds will opt for a managed SASE to help address complexity and costs, but challenges include complexity at 40%, a single or dual-vendor approach at 39%, and developing a phased migration strategy at 33%. Observability and control should help with deployments, identified by over two-thirds as a top imperative.
  • 29% state that they are already deploying what they consider to be a SASE architecture, with another 56% planning to deploy in the next 12-24 months.
  • What capabilities do the respondence require?  The top responses are SD-WAN at 34%, a Cloud Secure Web Gateway (SWG) at 30%, and Firewall as a Service (FWaaS) at 17%.

“This year’s Aryaka State of the WAN includes many valuable insights backing up trends we see in the industry. These include the effects of hybrid work, with 75% projecting a quarter of their employees to remain at least part-time remote, and cloud connectivity demands skyrocketing with 51% planning to move away from traditional data centers over the next two years. Both initiatives will require more sophisticated network-as-a-service (NaaS) solutions with integrated security offerings,” said Scott Raynovich founder and chief analyst of Futuriom.

“The sixth edition of the Global State of the WAN (SOTW) is one of the largest such surveys in the world,” said Shashi Kiran, CMO of Aryaka. “It packages an enormous number of insights from decisions makers from all over the world, drawn from CIOs, CISOs as well as network, security and cloud practitioners. The 2022 edition reveals new enterprise trends on workplaces, cloud adoption, convergence and several other areas putting a spotlight on the impact of the Covid-19 pandemic in the process. We hope this resource serves as a handy companion for enterprise architects engaged in planning their WAN, security and cloud infrastructure for years ahead.”

SD-WAN vendors have long touted the technology’s application- and policy-based routing capabilities as the antidote to network performance and complexity. However, customers are increasingly looking for ways to offload that complexity and consolidate services under a single roof. “There’s a fragmented value chain for SD-WAN, which we’ve seen before and now for SASE as well,” Kiran said.

Of those surveyed, 45% said they were considering a consolidated SASE architecture, up from 39% last year. However, enterprises’ desire for managed services doesn’t stop at SD-WAN or SASE. Respondents expressed a desire for managed last-mile and multi-cloud connectivity. “There is inherent complexity in all of these areas and having something that is managed and delivered as a service appears to be important,” Kiran said.

Year-on-Year Trends and Shifting Priorities:

In Aryaka’s 2021 State of the WAN Report, 21% indicated that half of their workforce would be working remote post-pandemic. This year that number increased by 11%, with 32% reporting that at least half of their workforce would be permanently remote.

Collaboration and Productivity suites have gained traction. The Microsoft suite has gained momentum, with Teams identified by respondents as the most deployed application, growing its footprint by over half, from 34% in 2021 to 58% this year. Conversely, Google Docs dropped from 41% last year to 35% today with Microsoft 365 now at 55%.

For China, basic connectivity concerns dropped noticeably from the last report, at 45% in 2021 to 30% today. In contrast, compliance and regulatory issues are now in the lead at 50%.

A renewed interest in ROI was reflected in this year’s report, with 36% of those responding having cost concerns, an increase of 16% compared to last year. Though budgets are expected to increase by 25%, both for networking and security, the focus on ROI implies that these increases must be spent judiciously.

IT professionals were less concerned vs previous years about the newness of the technology (28% vs 31% in 2021), and whether applications will perform properly (29% vs 36% in 2021), speaking to a greater confidence in application support. As change management takes priority, there is an increased focus on observability and control, increasing by 9% (69% vs 60% last year).

Aryaka 6th Annual State of the WAN 2022 – Four Themes:

1.  Acceleration of Remote and Hybrid Work: The report looks at challenges in supporting the hybrid workforce, hybrid work trends, and investments planned to support this new environment. 75% state that at least a quarter of their employees will remain hybrid post-pandemic, aligned with the closure of physical facilities, with a quarter stating they have closed 25-50% of their office sites. Effectively managing worker movement between on-premises and remote requires dynamic bandwidth reallocation, identified by 61% as very important.

2. Application Performance and Consumption: In addition, the report dives into the diversity of applications in use and resulting challenges, how enterprises plan to address these, and potential concerns. As noted earlier, collaboration and productivity applications like Microsoft Teams and Office 365 experienced some of the strongest growth, but there was an overall uptick in SaaS application adoption including Zoom (35%), Salesforce (28%), and SAP/HANA (25%). Performance still must improve, with 42% identifying slow performance for remote and mobile users a key issue, followed by 37% calling out slow performance at the branch.

3. Managing Complexity and Managed Services Adoption: The report addresses what managed services enterprises expect, including SD-WAN and SASE implementation plans and budgets, as well as perceived barriers to adoption. This section also looks at MPLS migration. In evaluating managed services, enterprises continue to demand more from their providers, and are looking for a wider set of offers, an all-in-one SD-WAN and SASE that includes the WAN (45%), security (67%), application optimization (40%), last mile management (29%), and multi-cloud connectivity (27%). The movement to SD-WAN and SASE also follows the movement away from MPLS, with 46% planning to terminate some or all contracts over the next year. Enterprises are generally bullish on their budgets, with a quarter expecting it to grow by 25% or more, and a total of three quarters expecting at least 10% growth.

4. Networking and Security Convergence Including a SASE Architecture: SASE represents a promise of a converged Cloud-First architecture, but there are concerns on complexity and adoption. 42% state that lackluster application performance is a time sink, and 34% consider security to be a major priority. This path to SASE adoption includes setting a strategy (35%), phasing out of legacy VPNs (32%), as well as consolidating cloud security with zero-trust (29%).

Top desired capabilities include a SWG (47%), SD-WAN (36%), and FWaaS (28%). Implementation concerns identified earlier are balanced by expected advantages that include time and cost reduction (37%), as well as agility (33%), while decision-making is still mostly distributed across networking and security, 41% state it is now consolidated. Finally, over two-thirds plan to consume SASE as a managed offer.

What are the biggest challenges you’re facing with your WAN?

Total Responses 1,386

  • High complexity/difficult to manage or maintain     37%
  • Slow access to cloud services & SaaS applications  33%
  • Slow performance of on-premises applications       32%
  • Long deployment times to bring up new sites         29%
  • Lack of adequate security                                     28%
  • Poor voice or video quality                                    23%
  • High cost                                                             20%
  • Lack of visibility                                                   20%

*Respondents chose maximum three responses

–>­The WAN continues to be a challenge, impacting manageability, performance, security, agility, and cost.

Study Methodology:

The Sixth Annual Global Aryaka 2022 State of the WAN study surveyed over 1600 enterprise decision makers and practitioners including CIOs, CTOs, as well as IT, network, and security managers. Respondents were based in the Americas, EMEA, and APAC, with their companies representing every vertical, led by technology, software, manufacturing, financial, and retail. The survey asked respondents about their networking and performance challenges, priorities, and their plans for 2022 and beyond.

Download the Report:

Download Aryaka’s 6th Annual State of the WAN Report here.

…………………………………………………………………………………………………………………………………………………………………………………………………..

MPLS to SD-WAN Migration (Source: Aryaka):

Aryaka’s fully managed SD-WAN and SASE solution leverages a flexible core architecture, FlexCoreTM, optimized for per-site and per-application performance requirements. It offers full per customer resource reservation, end-to-end, at a global level. The HybridWAN solution also leverages direct MPLS and public internet connectivity options.

Aryaka manages the last-mile internet link performance with patented technology to eliminate packet loss and deliver on superior latency and jitter performance. By leveraging a private global L2 network, Aryaka eliminates the issue of guaranteeing deterministic QoS when multiple service provider administrative domains are involved (which is almost always the case in a global network).

Aryaka customers rely on its architecture to deliver on better-than-MPLS performance at a global level and at reduced cost, either augmenting the existing MPLS infrastructure or replacing it altogether over time.

Source: Aryaka

References:

https://www.businesswire.com/news/home/20220120005248/en/Aryaka-Releases-6th-Annual-State-of-the-WAN-Report-1600-Global-Enterprises-Surveyed-Presents-New-Findings-on-Cloud-Adoption-Hybrid-Workplaces-and-the-Convergence-of-Network-and-Security-with-SASE

MPLS to SD-WAN Migration

Shift from SDN to SD-WANs to SASE Explained; Network Virtualization’s important role

Dell’Oro: SD-WAN market grew 45% YoY; Frost & Sullivan: Fortinet wins SD-WAN leadership award

MEF New Standards for SD-WAN Services; SASE Work Program

VSG Global SD-WAN Leaderboard Rankings and Results

Futurium: 2020 SD-WAN market set to accelerate

 

 

Shift from SDN to SD-WANs to SASE Explained; Network Virtualization’s important role

Disclaimer:

The IEEE Techblog has not covered this topic for a very long time, because there are no standards or accepted specifications for any type of SD-WAN or SASE interoperability.  Those networks are all supplied by a single vendor, but that hasn’t stopped them from gaining market share, especially from legacy IP-MPLS VPNs.  That’s even though functionality differs for each vendor’s SD-WAN or SASE offering and there is no interoperability, especially from one provider’s SD-WAN to another’s.

Explanations:

SD-WANs use Application-aware routing across the WAN, whereas classical SDN used a centralized controller to compute routes at the Network layer for the Control plane with “L2/L3 packet forwarding engines” in the Data Plane.  The SDN Control and Data planes are separated with the “OpenFlow” API used to communicate between them.

NFV is not about routing but virtualizing network functions (“virtual appliances”) that would otherwise be implemented in hardware-firmware boxes.

Network virtualization (defined below) has played a key role in the popularity of SD-WAN and SASE, even though that network paradigm was not included in the original definition of SDN in which no overlay networks were permitted.  (That was referred to as “SDN Washing” from 2011-2014, by SDN strongman Guru Parulker, now Executive Director of the Open Network Foundation.)

………………………………………………………………………………………….

Discussion:

At many data networking industry conferences and events from 2011 to 2014, participants claimed that Software Defined Networks (SDNs) would usher in a whole new era for networking.  One colleague of mine said it would be “a new epoch for networking.”  Instead, there were various versions of SDNs, used primarily by hyper-scale cloud service providers (most notably Google and Microsoft) and a few large telcos (e.g. NTT, AT&T).  But SDN never spread to enterprise or campus networks.

When SDN fizzled out, the industry’s focus shifted to Software Defined WANs (SD-WANs), which provides user control of a virtual network overlay via the Application layer. There are three components to a SD-WAN:

  • SD-WAN edge is where the network endpoints reside. This can be a branch office, a remote data center, or cloud platform.
  • SD-WAN Orchestrator is the virtualized manager for network, overseeing traffic and applying policy and protocol set by operators.
  • SD-WAN Controller centralizes management, and enables operators to see the network through a single software interface, and set policy for the orchestrator to execute.

In addition, there are three main types of SD-WAN architecture: on-premises, cloud-enabled, and cloud-enabled with a backbone.

SD-WANs continue to roll out in many different shapes, forms and flavors, without any standards for any type of interoperability (e.g no UNI, NNI, Interface to legacy IP-MPLS VPNs, etc).  Even the definition and certification by the MEF (Metro Ethernet Forum) has failed to catch on so there is no uniform functionality between one SD-WAN and another.

Because of its virtualized network architecture [1.], SD-WANs don’t require specific hardware for specialized network functions. Instead, the infrastructure is made of commercial off-the-shelf (COTS) equipment, also known as white-boxes.  Therefore, all SD-WAN products are 100% software based.

Note 1. Network virtualization is the process of transforming network functions into software and disconnecting them from the hardware they traditionally run on. The software still consumes the hardware’s resources, but is a separate entity that can be changed, moved, and segmented while the hardware remains the same.

The virtualized and software-based version of the network is an overlay on top of the physical network infrastructure. The physical network’s devices like switches and routers still perform tasks like packet forwarding, while how to forward those packets is handled by the software running on the switches and routers.

………………………………………………………………………………………….

Meanwhile a newer entry known as Secure Access Service Edge (SASE) has garnered a lot of media attention.  This Gartner-coined product category, which combines elements of SD-WANcloud-based security, and edge computing, has gained significant traction in the two years since its inception.

SASE’s remote access functionality and low barrier to entry made it an attractive option for enterprises trying to cope with the rapid shift to remote work due to the pandemic. Within months of the first lockdown orders going into effect, nearly every SD-WAN and security vendor had announced a SASE security architecture, either through internal development, partnerships, or acquisitions.

SASE is the convergence of wide area networking, or WAN, and network security services like CASB (Cloud Assisted Security Broker), FWaaS (Firewall as a Service) and Zero Trust, into a single, cloud-delivered service model.

According to Gartner, “SASE capabilities are delivered as a service based upon the identity of the entity, real-time context, enterprise security/compliance policies and continuous assessment of risk/trust throughout the sessions. Identities of entities can be associated with people, groups of people (branch offices), devices, applications, services, IoT systems or edge computing locations.”

Gartner forecasts that, “by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018.”

A SASE architecture identifies users and devices, applies policy-based security, and delivers secure access to the appropriate application or data. This approach allows organizations to apply secure access no matter where their users, applications or devices are located.

According to Cisco’s latest CISO Survival Guide, almost all (98%) CISOs plan to spend money on secure access service edge (SASE), and 55% of them intend to prioritize 25% to 75% of future IT security budgets on it, according to

Cisco surveyed more than 100 CISOs and security leaders for this report. The biggest shift for CISOs this year is toward SASE, following the pandemic and related trend of working from anywhere in the world, said Dug Song, chief strategy officer at Cisco Secure.

“I think hybrid work is here to stay,” Song told SDxCentral in an interview. Most organizations have decided to maintain flexible work for employees even post-pandemic, which requires changes to their IT security programs.

………………………………………………………………………………………….

Many industry experts say SASE services must be built on a cloud-native architecture (like 5G SA core network) and distributed across multiple edge locations.

While several vendors including Cisco and Fortinet have rejected the cloud native approach, arguing that networking and security appliances still have a role to play both at the branch and the edge, it’s a principle that’s reflected in Gartner’s own literature and wholeheartedly embraced by VMware, CATO and other SASE vendors.

 

Specifically, VMware offers a cloud-native SASE architecture that has combined multiple solutions in it such as SD-WAN Gateways, VMware Secure Access, ZTNA solution, SWG, CASB, AND VMware NSX Firewall. VMware delivers all these solutions through PoPs. It delivers the network and security services in an intrinsic or sequenced manner.

Cato CMO Yishay Yovel told SDxCentral, “The feeling I have is that a lot of the market is trying to talk about SASE now in a generic way, like everybody has everything, or everybody has the same capabilities, and it doesn’t matter exactly how they’re done.”

Yovel also said that just because a vendor claims to offer the full SASE software stack, doesn’t mean it’s been implemented in a way that’s scalable.

Many of the SASE functions — cloud-based firewalls in particular — are compute-intensive, they usually have to be run in cloud data centers and can’t run on the cloud provider’s more numerous content delivery network edge locations.

This dramatically limits the number of locations a SASE vendor can offer if relying on public cloud infrastructure. For example, Google Cloud claims services in 146 edge locations around the globe, but only operates 21 global data centers, which it refers to as regions.

Scalability and availability are another challenge, Yovel noted. In many cases, these virtual appliances aren’t multi-tenant and have to be assigned to a specific customer account, resulting in additional resources being required should the customer bump up against the limits of a single instance.

Yovel argues that unless a vendor’s SASE software stack is unified, customers may miss out on the ability to share context across multiple security or network functions.  He explained that many functions, SD-WAN for example, are only aware of certain contexts like what application is being used, but this context could be used in conjunction with other contextual information like time, location, or identity to inform other parts of the SASE stack.

“We collect all the context elements. It doesn’t matter which part of these engines need them. Everything is built into a unified thing,” Yovel said.

The bottom line for today’s cybersecurity professionals is that both zero trust and SASE networking trends should be watched closely and integrated into forward-looking enterprise network architectural decisions.

…………………………………………………………………………………….

References:

https://www.sdxcentral.com/networking/sd-wan/definitions/software-defined-sdn-wan/

https://start.paloaltonetworks.com/gartner-report-roadmap-for-sase-convergence.html

https://www.paloaltonetworks.com/cyberpedia/what-is-sase

https://www.softwaretestinghelp.com/top-sase-vendors/

https://www.sdxcentral.com/articles/news/cisco-report-cisos-sase-spend-edges-toward-75-of-budget/2021/07/

https://www.sdxcentral.com/articles/news/cato-ribs-palo-alto-networks-other-sase-imposters/2021/07/

https://www.sdxcentral.com/networking/sd-wan/

https://www.sdxcentral.com/networking/nfv/definitions/network-virtualization-and-how-it-works/

https://searchcloudsecurity.techtarget.com/tip/Why-its-SASE-and-zero-trust-not-SASE-vs-zero-trust