Have SASE, SSE Undermined SD-WAN? Analyst, Partners Weigh In

Security has always been part of the SD-WAN conversation, but customer needs continue to evolve.

James Anderson, Senior News Editor

February 22, 2023

8 Min Read
Magic Quadrant Leaders: Fortinet, VMware, Cisco, More
Shutterstock

The increasingly common convergence of networking, security and remote access solutions has relegated software-defined wide area networking (SD-WAN) to a line item in a larger SASE conversation, according to one analyst group.

GigaOm made that claim in its latest Radar for Software-Defined Wide Area Networks, where it assessed 19 different vendors and how they performed in different markets. Nine vendors landed in the analyst firm’s “Leader” quadrant. Aryaka, Cato Networks, Cradlepoint, Fortinet, HPE Aruba, Palo Alto Networks, Nokia, Versa and VMware claimed that honor.

The report also pointed to SD-WAN’s shifting level of priority in the eyes of IT buyers. Growing security and remote access demands have driven the changes. In the eyes of GigaOm and author Ivan McPhee, SD-WAN no longer functions as a catch-all for advanced networking features. Rather, it exists as one of the many features customers would like to consume on a converged platform.

GigaOm-Circle.jpg

Source: GigaOm

Segmentation

GigaOm broke down the 19 SD-WAN vendors based on how they target particular markets: cloud service providers (CSPs), network service providers (NSPs), managed service providers (MSPs), enterprises and SMBs.

In the CSP segment, only Cradlepoint scored “exceptional.” The CSP segment includes infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS) businesses that would bake SD-WAN into their offering.

In the NSP segment, which includes telcos, internet service providers and wireless providers, Cato, Cradlepoint, Nokia, Versa and VMware scored “exceptional.”

For MSPs, Cato, Nokia, Versa, Juniper Networks, Huawei, HPE Aruba and VMware earned “exceptional” rankings.

In the enterprise category, Aryaka, Forcepoint, Cisco, Graphiant, HPE Aruba, Huawei, Fortinet, Juniper, Palo Alto, Peplink, Versa and VMware were “exceptional.”

For SMBs, Barracuda Networks, Bigleaf Networks, Ecessa, Evolving Networks, FatPipe Networks, Graphiant, HPE Aruba and Peplink got the “exceptional” nod.

GigaOm-Numbers.jpg

Source: GigaOm SD-WAN Radar

GigaOm removed Citrix and Oracle from the Radar. It stated that Citrix has stopped selling SD-WAN subscriptions. It also noted that Oracle SD-WAN no longer met all the criteria. Oracle had been leveraging the technology of Talari Networks, which it purchased in 2018.

SD-WAN Undermined?

McPhee-Ian.jpg

Ivan McPhee

Report author Ivan McPhee said enterprises are seeking to cut down on costs and drive flexibility with “fully integrated networking solutions.” As a result, vendors vendors have brought together security and networking solutions into platforms with terms like secure access service edge (SASE), secure service edge (SSE) and what GigaOm calls secure service access (SSA).

The result is a “blurred” SD-WAN marketplace, with vendors constantly shuffling to pivot into a more converged approach, McPhee said.

“… Incumbent vendors [are] repackaging and repositioning legacy products as integrated platforms, acquiring new technologies, or making strategic alliances to fill the gaps in their portfolios,” he said.

And SD-WAN has slotted into a more …

… peripheral role as a result of the convergence, McPhee said.

“Moreover, this trend is undermining the importance of an SD-WAN, relegating it from being a core technology upon which enterprises rely to a line item on a request for proposal (RFP),” he wrote.

Partners’ View

Idris Odutoye is a technology advisor at ATA Trusted Advisors, which guides business through purchasing decisions for areas like SD-WAN. When asked if SASE and SSE have undermined SD-WAN, he said the answer depends on what customer needs.

Odotuye-Idris-e1663683226230.jpg

ATA Trusted Advisors’ Idris Odutoye

“So I wouldn’t say that SD-WAN has been ‘undermined’ more than I would say that SASE/SSE have evolved to meet the customer where they are in their security framework journey,” Odutoye told Channel Futures. “Some customers are fine using traditional SD-WAN solutions and overlaying like a ThreatBlockr- or ZScaler-type solution over top or going with a SASE/SSE model that has built-in security features to meet their needs. At the end of the day, customers are looking for a way to get the most out of their network investment – business continuity, resiliency, application performance visibility – and then making sure it is all secure at the edge and in the cloud. So there are flavors of accomplishing that for each customer type.”

‘A Supporting Effort’

Resourcive president Kyle Hall, who also advises on SD-WAN, said SD-WAN has not been undermined. He pointed instead to a changing customer conversation.

“I would say that technology leaders are having a discussion that is more encompassing than the ones that they were having two to three years ago. At the executive level, they are looking for a secure, reliable, high-performance network that requires as little of their staff’s dedicated time and attention as possible. We see SD-WAN as a component of that, but to maximize the value of the technology organizations need to consider adjacent point solutions that may be deployed or on a road map such as ZTNA, CASB, FWaaS and SWG,” Hall told Channel Futures.

Hall-Kyle_Resourcive-e1663695516653.jpg

Resourcive’s Kyle Hall

“By looking at this more broadly, an organization may find additional ways to drive value-creation initiatives through reduced operational costs. These most often come in the form of reduced staff time dedicated to network configuration and management and decreased costs in the network underlay, often enabled by SD-WAN. SD-WAN has become a supporting effort vs. the main line of effort.”

Hall said customers need to assess their SD-WAN needs in the context of their larger secure networking strategy.

“The selected solution will primarily be driven by understanding the current operational environment (staff, existing contracts, management preferences, etc.), the future technical requirements (application routing, cloud connectivity, failover methodology and edge vs. POP-based architecture) and the preferred management model (self, co-managed or fully managed),” he said.

An Evolving Dialogue

Odutoye noted that the early days of SD-WAN featured less conversation around security. Now SASE and SSE have entered the marketplace as a “natural innovative evolution” for customer needs, he said.

SD-WAN has seen multiple iterations and points of emphasis over the years. It distinguished itself from technologies like WAN optimization about a decade ago. Early conversations centered around the ability of SD-WAN to help businesses leverage multiple connections to ensure failover. Many partners and analysts called SD-WAN’s ability to leverage public internet a death knell to MPLS networks, while some telcos partnered with pure-play SD-WAN vendors as a way to enhance their MPLS networks.

Five years ago vendors, partners and customers were talking about the security component of SD-WAN. However, a platform that converged security and SD-WAN was by no means …

… a normal play. Many customers preferred (and still prefer) to slot the SD-WAN platform underneath an existing next-generation firewall.

Saturation and Consolidation

In the meantime, SD-WAN had caught fire as a marketing term in the years leading up to the pandemic. Vendors new and old were describing their platforms as SD-WAN. Analysts at one point numbered the SD-WAN market at about 80. The market was ripe for consolidation.

Some of the world’s largest network infrastructure companies – including HPE and Juniper – bought their way into the space. In addition, large cybersecurity providers planted a stake in the ground, with Palo Alto Networks buying CloudGenix and Fortinet developing a solution.

Amid that consolidation, COVID-19 was driving the importance of remote access as a component of networking. The hybrid work movement that kick started in 2020 caused SD-WAN visionaries like Frank Cittadino to hail the end of “branch-based SD-WAN.” Indeed, Gartner had already coined the term SASE in late 2019.

“I think all Gartner did was put an acronym to what customers have already started talking about, which was: How are you creating secure access at the edge? Is a service provider doing it with SD-WAN? Are you going to run security at the edge? Are you going to run it in the cloud?” Benjamin Niernberg, then with MNJ Technologies, told Channel Futures three years ago.

The security conversation continued to evolve as a result of increasingly distributed workforces. Some SD-WAN providers have made acquisitions to ensure they are offering zero-trust network access features. Secure service edge (SSE) has gained popularity in recent years. Vendors like Perimeter 81 have adopted the description.

Technology

GigaOm listed five minimum requirements for calling a solution SD-WAN: a virtual overlay network, centralized orchestration, built-in resilience, integrated security and dynamic traffic engineering.

It then rated the 19 vendors based on eight different criteria. Cato Networks claimed the distinction of scoring exceptional in all eight categories, as shown below.

criteria.jpg

Source: GigaOm

Channel Insights

GigaOm made mention of partner ecosystems in its report. The report listed Aryaka’s “channel-driven” mentality as one of its challenges. According to GigaOm, Aryaka fulfills 85% of its orders through the channel. Similarly it called Graphiant’s plans to do all business through the channel a challenge. It also dinged Bigleaf for relying “mainly on its partner network for support.”

However, agents, MSPs and system integrators that deliver SD-WAN solutions may see channel-reliance as a green flag.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email James Anderson or connect with him on LinkedIn.

 

About the Author

James Anderson

Senior News Editor, Channel Futures

James Anderson is a senior news editor for Channel Futures. He interned with Informa while working toward his degree in journalism from Arizona State University, then joined the company after graduating. He writes about SD-WAN, telecom and cablecos, technology services distributors and carriers. He has served as a moderator for multiple panels at Channel Partners events.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like