The first blog I wrote about elastic cloud gateways prior to Black Hat 2019 referenced next-generation firewalls relative to the shift to application-centric, Layer 7 scanning, and the massive impact that had on the network security market. What I didn’t appreciate at the time is how similar the trajectory of the two spaces would be. In the 10 months since Black Hat, we’ve witnessed a massive amount of momentum in this area. In fact, recently completed ESG research on elastic cloud gateways found that 94% of organizations reported usage of, or some level of interest in, these types of solutions. With secure access services edge (SASE) having become common terminology within the network security space, I’m often asked what the difference is between ECG and SASE. The fact is, there are many more similarities than differences; however, the differences that do exist are important.
To start, ESG views elastic cloud gateways as an architectural approach to solve some of the key challenges organizations are facing today regarding network security: more sophisticated threats, the increasingly distributed and complex nature of the environment, and the need for centralized, consistent policy management across the implementation. When we think about the list of tools potentially included in an ECG architecture, it quickly becomes apparent that the entire network security stack is in play. However, for most organizations, it will be a use-case driven, incremental approach to consolidating these tools. For that reason, ESG doesn’t view this as a product category with a hard and fast set of capabilities, but rather a reference architecture to accelerate the consolidation of presently siloed network security tools and re-platform them into a cloud-delivered, micro-services based model.
The second difference, and somewhat related to the first, is how networking functionality fits within the scope of the ECG architecture. There is obviously a need for integrations between networking and security tools to facilitate an ECG approach. However, what form that takes and how quickly it evolves is more open-ended. While there are anticipated operational and security benefits to be gained by sourcing a consolidated networking and security platform from a single vendor, many research respondents cited more general vendor consolidation benefits as key drivers, pointing to high level interest in consolidation without a tactical plan for implementation. Specifically:
- 45% of respondents expect to gain from a strategic partnership in which the vendor better understands their business, computing environment, and strategic initiatives.
- 42% of respondents expect fast time to problem resolution via a single support contact.
- 37% of respondents anticipate vendor management and procurement efficiencies.
- 32% of respondents see an opportunity to take advantage of vendors' R&D and innovation.
All of these benefits are important, but don’t address how the IT organization is currently structured. Only 50% of respondents rate the collaboration between the network and security groups as very good and effective most of the time. That doesn’t point to a market ready to imminently consolidate. While this is in part due to siloed tools, the fact that these groups often have different chains of command and communications, workflows, and KPIs and performance metrics all serve to make collaboration more difficult.
The last major difference between ECG and SASE is the target of the protection. The main use case for ECG architectures will be securing access to the web and corporate applications, wherever they reside. Tools predominantly focused on protecting public-facing applications from external users (such as WAAP and fraud-prevention) are less relevant to this model and introduce additional organization complexities by involving the application security teams and developers. While some vendors may offer these capabilities, it will not constitute a mainstream approach to ECGs.
Because SASE is such a big idea, enterprises need a flexible framework to guide adoption, which reflects the fact that most organizations will not adopt a single-vendor approach consolidating tens of tools overnight. With that in mind, it’s no surprise that elements of flexibility were 4 of the top 5 ranked ECG attributes research respondents cited, including: integrations with existing endpoint agents, integration with on-premises DLP solutions, hybrid options to transition to a fully cloud-delivered approach over time, and integrations with a broad ecosystem of technology partners. The goal of the elastic cloud gateway architecture is to provide some clarity on how organizations should approach this fundamental shift in network security for the cloud-centric era.