A recent Dell’Oro Group report found that networking and security modernization are expected to double security revenue between 2022 and 2027. In particular, this growth is being fueled by technologies related to what is known as Secure Access Service Edge (SASE).
Gartner defines SASE as a combination of networking and security services that provide businesses with a streamlined and future-thinking approach to orchestrate their IT infrastructure. Gartner noted that SASE implementations entail many challenges for businesses that lack the resources to do it themselves. Thus, some are turning to managed service providers (MSPs).
Dell’Oro Group network security analyst Mauricio Sanchez said deployments at enterprise branches — as well as trends such as an increasing number of hybrid workers — are expected to drive total SASE revenues beyond $60 billion over the next five years. The market is divided between the two major components of SASE: Security Service Edge (SSE) and Software-Defined Wide Area Networks (SD-WAN).
“The last three years of the pandemic, and the subsequent need to modernize, have fueled great interest in SASE,” said Sanchez. “While angst about the macroeconomic environment is starting to lead to some belt-tightening, we expect growth in SASE to continue unabated and double again by 2027.”
MSPs Capturing SASE Business
Sanchez predicts that SD-WAN and SSE revenues will see a double-digit compounded annual growth rate (CAGR) over that same time period, while unified SASE revenue is anticipated to grow five times larger by 2027.
He said part of the reason behind more outsourcing of network security functions is enterprises have begun to realize legacy networks and security architectures are inadequate. They cannot provide the necessary security and performance in application environments that have become distributed, interactive, and mobile. Managed services give them a way to tap into the latest technologies without having to engage in a major internal IT overhaul.
Other analysts concur on the importance of network security in general and SASE in particular. Jay McBain, chief analyst for channels, partnerships & ecosystems at Canalys, said security is one of the fastest-growing categories in technology services for MSPs. “Zero Trust and SASE are important standards that customers are investing in to protect against emerging threat vectors and an ever-expanding surface area,” he said.
Gartner numbers largely marry up with those of Dell’Oro. By 2025, the analyst firm forecasts that 80% of enterprises will have adopted a strategy to unify web, cloud services, and private application access using SASE/SSE architecture. This is up from 20% in 2021.
Gartner recommends organizations evaluate multiple approaches to SASE adoption. Those with the necessary internal resources and IT skill sets to operate their own network security infrastructure should either select a single vendor for SASE or find two explicitly partnered networking and security vendors with deep integration. For everyone else, a managed SASE offering is the best option to reduce complexity, according to Gartner.
Vendor Partnerships for SASE & MSP Offerings Expand
It’s no wonder MSPs and MSSPs are seeing plenty of uptake in their managed SASE offerings.
“In the past 18 months, many notable SASE announcements were made, many around managed SASE offerings,” said Neil MacDonald, an analyst at Gartner.
Zscaler, for example, has seen an uptick in MSP activity within its channel program. It partners with service providers to develop comprehensive managed offerings that leverage its Zero Trust Exchange, which is a SASE offering.
“Zscaler has focused on MSSPs — those partners with a Security Operations Center that offer a full suite of security solutions in their managed portfolio,” said Jim Ortbals, vice president for global service provider, MSSP and distribution at Zscaler. “The market for this is huge because it isn’t just selling a device with a managed contract; rather, it requires a lot of services to take the customer on their full digital transformation journey across a variety of vendors. We have developed deep integrations that allow our MSSPs to build and deploy differentiated solutions.”
Zscaler offers MSP services such as Secure Internet Access (known as ZIA), Secure Private Access (ZPA), and Digital Experience (ZDX). Qualified partners can take ZIA, ZPA, and ZDX to market as part of the vendor’s managed service security program.
Through a partnership with Zscaler, for example, IBM delivers IBM Security Services for SASE to manage customer Zscaler platforms from solution design to continuous policy management. IBM Security Services for SASE cover a range of services, including: design and implementation per industry best practices; implementation of zero trust policies to enable secure application access; security policy design, analysis, and migration; legacy technology replacement and consolidation into a single-vendor solution; and dedicated security teams to support migration and ongoing management services.
Other examples of MSPs muscling in on the network security and SASE space include:
- BT partnering with VMware and Palo Alto Networks to offer their SASE services to existing customers.
- AT&T partnering with Fortinet, Cisco, and Palo Alto networks to take advantage of these vendors’ SASE offerings in a managed services context.
- Comcast partnering with Versa Networks.
- Verizon launching a managed SASE service.
- NTT using Palo Alto Networks’ Prisma Access solution, delivered as a managed service.
- Broadcom offering a native SD-WAN solution as part of its SASE solutions by partnering with HPE Aruba (Silver Peak), VMware, Cisco Meraki, Nuage Networks from Nokia, and 128 Technology.
Clearly, network security and SASE are hot areas. We can expect to see more MSPs offering these solutions and services in the months to come.