Investor SASE Guide - Executive Summary
Over the next few weeks, we will be releasing a 20k word Investor SASE Guide divided into six parts.
Part 1 and Part 2 have already been released at convequity.com.
We shall be discussing the competitive strengths, shortcomings, and valuation of 15 vendors throughout the six-part investor guide - useful for both public and private investors.
Consolidation, market clarity, and product maturity are negatively impacting ZS' SASE leadership.
CASB is quickly becoming the most important and value adding technology within the SASE stack thanks to its ability to deliver a data-centric security approach with highly granular access controls.
Phase 1 of SASE was multi-vendor but Phase 2 is going to be heavily tilted toward single vendor implementations. Vendors able to deliver true converged security & networking are better positioned to prosper.
If understanding data better is the key to better security, then vendors need a highly performant global network to offset the latencies. These two go hand-in-hand and they are the areas of SASE investors should focus their analysis.
Netskope's strengths in data and its network could make it the standard setter in the Phase 2 of SASE.
In this Investor Guide we introduce SASO, or Secure Access Service Omni. We believe SASE will eventually evolve into converged security & networking being delivered wherever it is most performant and cost-effective to do so. This is why we have a high long-term conviction on FTNT, who can deliver secure networking in all form factors.
The SASE market has rapidly evolved over the past 12 months. We've seen significant progress in product maturity, greater market adoption rates, and active M&A between SSE and SD-WAN vendors. The first phase of SASE consisted of enterprises using multiple different vendors to put together their SASE stack. This was largely a result of market confusion emanating from insincere vendor marketing and because no single vendor was mature or sufficiently comprehensive to deliver true SASE. However, in the past year, thanks to Gartner's SSE Magic Quadrant that seems to have cleared market confusion, consolidation, and product maturity, the market appears to have now begun its second phase.
In Phase 1, ZS was clearly the number 1 market leader, but the confluence of these factors is slowly disrupting their leadership. ZS rose to the top in large part thanks to its incredible S&M prowess that capitalised on the market confusion; however, ZS doesn't have this advantage anymore now that the market has gained more clarity. Thus far, ZS is also at a disadvantage due to the SSE and SD-WAN consolidation, because this is propelling the 'Single SASE Vendor' idea and the notion of true converged security and networking, but ZS remains in the SSE side only. And due to ZS' strongest aspects of SSE (SWG and ZTNA) maturing, and its weakest aspect (which is CASB) emerging as the main innovation catalyst, ZS is at serious risk of losing its market leadership over time.
Being strong in SWG and ZTNA but weak in CASB was enough to become the undisputed SASE leader because the former two were the most important during the ramifications of the pandemic. However, it's hard to say that ZS currently has the best all round package for SWG, as there are other SWG vendors with DNS and better RBI capabilities that improve the efficiency and efficacy of protecting employees interacting with the Internet. Furthermore, ZTNA is the component that has matured the most, leaving fewer differentiation opportunities for vendors.
Most detrimental to ZS' leadership is the rising importance of CASB. Historically, CASBs were applied to govern what SaaS applications employees can use and govern what they can see and do when using them. But more recently, CASB vendors are incorporating the underlying technology into other security solutions.
CASBs are way harder to create because they need to be interoperable with thousands of SaaS applications, be able to execute fine-grained controls, and be able to interact with thousands of different data types. And they are rising in importance because of the emergence of data-centric security approaches and because of the clear value-add the underlying technology can deliver by integrating it with SWG, ZTNA, and other solutions to improve their granular capabilities around access control.
So CASB technology is expanding from serving just SaaS applications and is being interwoven into the broader security stack. Moreover, CASB technology will become increasingly critical for effectively applying the principle of least-privileged access. ZS has poor CASB at a time when it is quickly becoming the most innovative and important area of SSE and SASE.
The surging popularity of ChatGPT and other NLP models that follow is raising grave data security concerns. Employees are copying and pasting sensitive corporate data, which has already led to data leaks at Samsung and compelled J.P. Morgan and Verizon, among numerous others, to ban the chatbot. And several European countries have launched an investigation into ChatGPT for the possible breach of data regulations. With these events and developments in mind, it seems as though those cybersecurity vendors with superior skills in handling data (leading innovators in CASB and DLP) will gain more competitive advantages.
If the best cybersecurity approach for the future is a data centric one, then Netskope has significant advantages over other SASE players. They helped define the CASB category throughout the 2010s and have the best DLP technology. They have also integrated its CASB technologies into its SWG and ZTNA offerings, thereby enabling them with greater granular controls for enforcing least privilege.
Inspecting and processing data to this level adds significant compute and latency, however. This is why Netskope made a decision a few years back to build out the NewEdge, which is its highly performant global network, to offset the performance hit associated with the in-depth data processing. With an incredible five 9s of SLA, NewEdge is one of the most performant global networks, with only NET claiming a higher uptime SLA. Netskope's data protection and global network are two strong moats with very high entry barriers, and as data increases in volume, velocity, and variety, we expect Netskope's value differentiation will become increasingly clear to the SASE market.
Data protection and network performance look like they will be the keys to SASE success in the intermediate term. However, investors ought to also consider how SASE will evolve architecturally in the future. To increase performance and the end user experience, we are already seeing some SSE vendors leveraging an agent on the endpoint to offload some of the SASE-related compute away from the edge PoP. FTNT goes much further by being able to deliver true converged security and networking in one single appliance which can be installed on-prem or at home offices. As SASE vendors strive to improve performance and differentiate, expect to see more balance between the cloud, edge, and on-prem.
A key architectural concept of SASE is the edge PoP, which is smaller but much closer to the end user than a cloud PoP, and hence can conduct SSE and SD-WAN in closer proximity to deliver superior user experience. FTNT can do this even closer. SASE die-hards will state that this requires the management of an appliance at each and every branch or retail store, for example. This is true, but IT admins still need to manage a router at each and every branch/retail store regardless, so why not replace it with an all-in-one appliance that can do the whole range of security and SD-WAN functionality? And with FTNT's software-defined approach, IT admins can easily manage and orchestrate the estate of FortiGates from a centralised single-pane-of-glass.
Different enterprises have different requirements, whereby some are better suited to go all SASE, and some might be better suited to have a combo of SASE and on-prem converged security/networking. We think the market will eventually evolve into realising that it is better for enterprises to mix and match and perform converged security/networking wherever it is most performant and cost effective to do so across their organisation. This is why we have introduced the Convequity Impulse for SASO, or Secure Access Service Omni, to reflect that converged security/networking will be demanded across all form factors (edge, on-prem, home, private cloud) in the future.
Note: full description included in Investor SASE Guide Part 1.
If the market does indeed evolve to SASO, then investors should note that those vendors which are vertically integrated will gain advantages. This is because to conduct converged security and networking on-prem requires powerful ASIC processors. Vendors with leading software-defined capabilities will also be at an advantage because IT admins need an easy way to manage the on-prem appliances. This is why we like FTNT and AVGO (subject to VMW M&A deal being approved) over the long-term, because both these vendors have these attributes - that is, hardware/software integration and software-defined excellence.
Ultimately, over time we expect those vendors which are the most accommodative with respect to delivering converged security and networking will emerge as winners. The Impulse for SASO aims to reflect this vision.
For institutional investors interested in a chat about SASE or anything cybersecurity related, feel free to book a 30 minute call with us to discuss. Alternatively, send an email to firstname.lastname@example.org to share your research/information requirements.