WTF is SASE?

Apparently SASE stands for Secure Access Service Edge. Fine.

But what does that mean?

No one in industry has any idea, or rather everyone thinks it means something different, so they’re all using the term to mean whatever we already do so they can claim to participate in a market that was apparently made up by Gartner in 2019.

Unfortunately, this makes everything very confusing, because when everything is SASE nothing is.

It’s just like the early years of cloud when everyone was arguing with each other about what cloud really meant and whether or not something was actually cloud and customers just used stuff to achieve their goals and tiptoed around the bundle of vendors arguing with each other in the middle of the hallway, carefully avoiding eye contact. Occasionally you’d make a mistake and try to find out what a vendor thought cloud meant and their sales people would misinterpret curiosity for purchasing authority for reasons that remain unclear to me even now.

Isn’t it great that we keep doing this kind of thing?

As far as I can work out, SASE actually means “security: we should do that”. And every vendor is happy to sell you their stuff so you can do some security.

Firewalls? Yes. SD-WAN? Sure. SD-WAN Firewalls as-a-Service? Definitely.

Use a CASB to add MFA to your user endpoints for enhanced UX? Uh… okay.

Oh, and don’t forget to Zero Trust!

I’ve not encountered this level of acronym abuse since working for a mobile phone company’s engineering department in the late-90s. If every third word of a sentence is an acronym, it’s a fun time to pause and ask people what some of them mean, because half the time nobody actually does.

Security is a huge binfire of complexity, so I’m unclear on how making it harder to understand helps.

We hit this problem multiple times during #XFD6. Vendors would say their things was a SASE something but it’d take ages to figure out what it actually did. Is it SD-WAN? A cloud-based firewall control plane? Some sort of private wireless network? A VPN client?

Yes. And apparently all these things are SASE. But that doesn’t help me figure out what I’m looking for any more than saying I want to buy “some computer” helps me decide whether I want the latest iPhone or a vintage Cray supercomputer.

I’d really like vendors to abandon this SASE term and just tell me what your thing does. Weird catch-all classifications might help you plot an enchanted rhombus or whatever, but I don’t see how it helps anyone make computers more secure.

Happily, security isn’t a pressing issue, so it’s not like this really matters.

Carry on.

Bookmark the permalink.

One Comment

  1. Pingback: WTF Is SASE? - Tech Field Day

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.