This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Changing the Security Game – Microsoft enters the SASE Market
Businesses around the world are being challenged by the increasing security risks over the last decade. In recent years, the trend towards hybrid work and work from anywhere (WFA) has compounded those challenges. The rise of Secure Access Service Edge (SASE) solutions has been a game changer for many organizations by enabling better security control, visibility, and mitigation capabilities, regardless of the worker modality.
2023 marks the year that SASE becomes mainstream: Microsoft is entering the market with their Entra ID Secure Service Edge (SSE) solution. SSE is a subset of SASE that covers the SASE security and network components and is the driver for many deployments. Microsoft has indicated that SSE will be part of Entra ID (previously Azure AD) and could be included in M365 E3 and E5 subscriptions
Microsoft’s release of their Global Secure Access Client (GSAC) will enable organizations to integrate their end user devices with the advanced Microsoft 365 security features regardless of where the user device is located and where the service is delivered from (on-premises data centre, cloud data centre, SaaS, or Internet). It is expected that Microsoft will leverage their 170+ points of presence around the world to enable SSE as a global solution and eventually expand their service offerings to a robust full SASE suite (but for now they are only releasing the SSE capabilities).
This is fantastic news for any organization that has invested in the Microsoft 365 ecosystem as it will allow these organizations to extend this investment and enhance the security for the work from anywhere workforce. Entra ID SSE will enable a Zero Trust Network Architecture (ZTNA) that is integrated with the organization’s existing user identities and authentication and allow them to extend that security to web, SaaS, non-web, and Internet applications. It will provide secure web gateway (SWG), cloud firewall (FWaaS), cloud access security broker (CASB), and data protection services that are integrated into the user’s identity with single sign-on (SSO).
This is nothing new for any organization that has already deployed a SASE solution – around 15% of organizations according to Gartner in 2021. However, adoption of SASE is expected to grow to 65% by 2025 – Microsoft’s entry into the market will accelerate and streamline that adoption.i
This is exciting for the security community as Entra ID SSE will enhance risk reduction capabilities, regardless of user, device, application, or content, anywhere in the world. It will provide a consolidated approach for security administrators while improving the end user experience. Security teams will be able to detect and mitigate threats using Microsoft’s advanced AI-based threat protection capabilities – users will be always secured.
Microsoft is later to the game than some of the SASE market leaders like Cisco, CATO Networks, Palo Alto Networks, Versa Networks, Forcepoint, and Fortinet. Microsoft’s SSE solution will be incomplete upon initial public release, but based on experience we expect it to be fleshed out quickly.
Microsoft’s entry into the SASE market is a pivotal moment for security teams as it will reduce the barrier to deployment from a technology and budget perspective. This will create greater competition in the SASE space and accelerate deployments. The Entra ID SSE unified platform will allow organizations to future proof their security investments, as the marketplace competition will accelerate innovation.
Scott is writing on behalf of the SCTC, a premier professional organization for independent consultants. Our consultant members are leaders in the industry, able to provide best of breed professional services in a wide array of technologies. Every consultant member commits annually to a strict Code of Ethics, ensuring they work for the client benefit only and do not receive financial compensation from vendors and service providers.