Something is Shifting in SASE: The Gravitational Tug of the Edge

First published on The Fast Mode.

About this time last year, I published an article entitled “Nothing is Certain Except Death, Taxes…and SASE.”¹ It chronicled the inexorable rise in the adoption of Secure Access Service Edge (SASE) solutions, in which integrated enterprise networking and cybersecurity are delivered via a single cloud-based platform. It also documented the increase in the number of single-vendor SASE solutions in which one vendor delivers both networking and security functions.

SASE revenue at that time was growing at a double-digit rate for both single-vendor platforms and dual-vendor solutions. Is that trend continuing one year later? According to the latest analyst forecasts, the answer is “Yes!” Dell’Oro projects a 12% compound annual growth rate (CAGR) for multi-vendor SASE solutions to 2029, with a 27% CAGR for single-vendor SASE.² And Gartner forecasts a 26% CAGR to 2028 for the combined single- and dual-vendor SASE market.³

The reason for this continued growth remains the same today as one year ago: SASE reduces complexity for IT teams, for whom tool sprawl is a pervasive challenge, it improves observability, and it dovetails nicely with two decades of experience enterprises have had with replacing capex-heavy on-premise systems with cloud-based “as-a-Service” alternatives. However, if one steps back far enough, one can see something is shifting in the SASE landscape…

The Revenge of the Edge?

There’s a gravitational tug emanating from the network edge today, a force pulling an increasing portion of computing tasks (data processing, storage, access and analytics) from the cloud back to network edges. And where computing goes, so goes the need for networking and security functionality.

Accordingly, while SASE is still cruising along at a double-digit growth rate, spending on edge hardware and software is also accelerating at a double-digit rate, with estimates as high as a 40% CAGR over the next 5-8 years.⁴

What’s Behind this Gravitational Tug from the Edge?

There are many intertwined factors directly causing, or at least enabling, the shift of computing resources back to the edge. Prominent among these are 1) Artificial Intelligence, 2) Wireless IIoT Networking, and 3) Digital Sovereignty. Each one is having an important influence on SASE roadmaps.

1. The Edge & AI

“Bring the model to the data, not the data to the model.”
This is a demand poolside CTO Eiso Kant reports hearing “over and over again” from technology leaders interested in his company’s frontier AI models.⁵ Given those models are trained for software development, it’s an approach that offers a level of security and control that is reassuring to dev teams.

 “Bringing the model to the data” is also appealing to companies wrestling with the high cost of moving large volumes of data around for model training or inference (i.e., run-time use in applications). And it becomes downright mission-critical for applications requiring ultra-low latency, as with autonomous vehicles, gaming, and financial trading systems.

Edge AI Impact on SASE Roadmaps

Examples of recent features SASE vendors have introduced to address Edge AI needs include:

• Applying global ‘security posture management’ approaches to AI models, data, and services
• Performing discovery and classification of the same with a goal of providing visibility into both sanctioned and shadow AI resources and usage
• Applying lifecycle management processes to models deployed at the edge, including management and monitoring of lineage, licensing and vulnerabilities
• Monitoring edge models for regulatory compliance
• Enforcing Zero Trust principles and practices for Edge AI access and usage
• Providing edge networking devices with enhanced compute, connectivity and security functionality

Going forward, expect to see more SASE vendors announcing such features in their solutions. All are most likely navigating the thorny roadmap challenge of AI agents as well. That is a fast-moving and wide-ranging topic that affects edge, core and as-a-service AI deployments. It includes enabling and securing agent-to-agent communication and agent interactions with external tools and APIs, and navigating competing protocols for standardizing these interactions, such as Model Context Protocol (MCP), Agent-to-Agent (A2A) Protocol, and Agent Communication Protocol (ACP).

2. The Edge & Wireless IIoT Networking

High Growth in Wireless Industrial Internet of Things (IIoT) Networking

As noted above, applications that demand ultra-low latency (and/or reliability), or involve high volumes of training or inference data, are prime candidates for edge AI deployments that ‘bring the model to the data.’ At the device level, such edge AI deployments are expanding due to advances in model compression algorithms and optimization techniques that make it possible to run ever-smaller models on ever-smaller devices. At the network level, wireless technologies like 5G/6G & Wi-Fi 7 are contributing to a rise in such deployments through their native support for ultra-reliable and low latency communications (URLLC), enhanced mobile broadband (eMBB), and massive machine-type communications (mMTC).⁶

Edge AI Impact on SASE Roadmaps

These trends are driving SASE vendors to adapt their roadmaps for IIoT-centric edge environments, like factory floors, vehicle fleets, ships at sea, satellite fleets, and more. These changes include:

• The use of agentless device fingerprinting to discover and classify IIoT/OT devices that cannot support embedded software agents
• The use of Zero Trust and Intrusion Detection/Prevention Systems (IDS/IPS) to help prevent or mitigate advanced attacks that may evade perimeter firewalls – if such firewalls exist
• The integration of intelligent edge routers, switches and/or gateways that feature onboard compute capabilities, or offer smart steering to compute resources based on device and application profiles
• The provision of ruggedized edge equipment, if the SASE vendor provides both hardware and software

SASE vendors whose roots are in wireless LAN/WAN (and networking in general) have had a field advantage in adapting SASE for such environments, but other SASE vendors are closing this gap, as evidenced by IoT & IIoT-focused product announcements over the past year. One essential stepping stone for leveling the SASE playing field in this domain will be enhancing their solution’s ability to identify and classify IIoT applications and devices.

3. Digital Sovereignty

Political, regulatory and economic conditions are driving powerful demands for digital sovereignty, that is to say, for keeping important digital assets within national or organizational boundaries. Sometimes these demands are narrow in scope, such as regulations governing the storage, access and sharing of personal health data. Others are broad, such as those addressed by the European Commission for Technological Sovereignty, Security, and Democracy, which views digital sovereignty through the lens of competitiveness, safety and the rule of law. Whether broad or narrow, sovereignty initiatives are increasing the demand for edge computing resources, which keep data and/or the computing resources close to the things or users which generate data or consume data services.

Digital Sovereignty’s Impact on SASE Roadmaps

Sovereignty is having a decentralizing effect on SASE architecture. SASE evolved as a cloud-centric paradigm that treated all people, places and things as more or less ‘dumb’ edges that were connected and protected via ‘smart’ cloud Points-of-Presence (PoPs), which were in turn managed by a global PoP orchestrator. Most SASE edge connectors were therefore simple on-ramps that routed all traffic and data through the closest PoP.

Some recent SASE changes vendors have introduced to accommodate evolving needs for sovereignty include:

• Offering the option to deploy SASE on a customer’s proprietary infrastructure
• Enabling the air-gapping of on-premise SASE resources
• Providing filtering for observability tools based on local data privacy laws
• Offering control over how and where data and logs are stored
• Confining traffic flows within regional or national borders
• Enhancing support for private clouds

For SASE product managers, it has been challenging to meet sovereignty demands while safeguarding the simplicity and reduced capex that are central to SASE’s value proposition. In the future, this is likely to become even more challenging as current geopolitics seem to be fueling something of a sovereignty arms race. Therefore, it is likely some product managers will need to decide which sovereignty demands should or should not be supported to maintain profitability, and/or to narrow their target markets in such a way as to limit the amount of product variance required to maintain a successful SASE business.

While this article has covered a number of challenging issues software vendors must navigate to create or maintain winning SASE products, it is worth restating the incontrovertible fact that demand for SASE solutions is robust and shows no signs of slowing. At the same time, demand for edge computing resources is also growing. This means SASE vendors have the chance to tap into dual growth trends to build financial success. As with so many things in life, it’s all just a matter of finding and maintaining the right balance.

———–

To learn more about the way edge computing is reshaping cybersecurity in particular, download Enea’s whitepaper “Edge Opportunities and Cybersecurity Risks: Six Key Frontiers”. It further explores the three edge categories touched on in this article—the AI Edge, the Wireless Edge and the Sovereign Edge—while also examining the Secure SoHo Edge, the Rugged Edge and the Space Edge. In addition, it details how vendors use Enea traffic inspection and threat detection software libraries to seize edge opportunities while mitigating edge risks.

Endnotes

1. https://www.enea.com/insights/the-future-of-sase-nothing-is-certain-except-death-taxes-sase-single-vendor-sase-transition/
2. https://www.delloro.com/news/single-vendor-sase-to-represent-90-percent-of-17-billion-market-in-2029/
3. https://venturebeat.com/ai/facing-ai-powered-threats-cisos-consolidate-around-single-vendor-sase
4. STL Partners projects a 35% CAGR for spending on edge computing, reaching $424B by 2030, https://stlpartners.com/research/edge-computing-market-sizing-forecast-fourth-release/, and Dimension Market Research forecasts a 40% CAGR to reach $702.8B by 2033, https://dimensionmarketresearch.com/report/edge-computing-market/overview/.
5. Machine Learning Street Talk podcast,”You don’t fine tune your way to AGI,” Eiso Kant, CTO poolside AI, April 2, 2035: https://www.youtube.com/watch?v=NDrosuKhXeo.
6. Not surprisingly, Gartner released its inaugural Magic Quadrant for 4G and 5G Private Mobile Network Services this year, reflecting the rising demand for private mobile networks in locations such as factories, warehouses, ports, airports and mines.