Is the Gartner SASE model the future of networking?

The Gartner SASE model foreshadows the convergence of network and security solutions, which will mean significant changes in network operations.

Futuristic car streaking through time with flames and lightning, symbolizing rapid evolution and future of cloud-based networ
Key takeawaysKey takeaways are generated with AI assistance. Because automated summaries can occasionally contain errors or miss important context, always refer to the full blog post for complete information.

Gartner's report “The Future of Network Security is in the Cloud” argues that as compute and services move from data centers to cloud and edge environments, network and security operations must shift accordingly toward a Secure Access Service Edge (SASE) model. The article explains how SASE requires integrated, cloud-native delivery of networking and security at the edge, driving convergence of teams and creating operational challenges around infrastructure complexity, skills, and investment. It highlights DNS as critical infrastructure for SASE—requiring a single source of truth, flexibility, and automation—and positions Adaptive DNS deployed at the edge as foundational to enforcing policies and routing traffic in SASE architectures.

What is SASE and why does Gartner think it will change how network and security teams operate?

SASE (Secure Access Service Edge) is Gartner’s model for delivering integrated network and security services from a distributed, cloud-native architecture located at the network edge rather than through a centralized hub-and-spoke data center. Gartner argues this shift is driven by cloud and mobile computing, which make capacity effectively limitless and move application and user activity away from central networks; as a result, IT must operate where users and developers are rather than forcing them through core infrastructure. Operationally, SASE drives convergence of networking and security functions, requires integrated vendor solutions to avoid costly custom integration, and forces realignment of skills and processes to enforce consistent security and policy at the edge in real time.

What operational challenges does Gartner identify that could slow SASE adoption?

Gartner highlights several operational roadblocks: the high cost and large structural change required to deploy SASE, a shortage of skills among many enterprise networking teams to manage cloud-native services, and the fragmented complexity of existing infrastructures. Fragmentation — a web of overlapping technologies like SD-WAN, virtualization layers, and disparate cloud services — risks inconsistent management and enforcement, poor performance, and expensive deployments when attempting to implement an integrated edge stack. Gartner therefore recommends strategic, staged investments and alignment of priorities now to reduce transition costs and complexity when SASE adoption accelerates.

Why is DNS important for SASE and how does Adaptive DNS address those needs?

Gartner calls out DNS as critical infrastructure for effective SASE implementations because DNS underpins all network communication, policy enforcement, and traffic routing. For SASE to work, DNS must be flexible, provide a single source of truth, and support network automation so policies can be applied consistently at the edge. Adaptive DNS—deployed with service points at the network edge—enables these capabilities by placing DNS where devices and compute live, facilitating enforcement of security policies and edge-aware routing, and avoiding fragmented or rigid hub-and-spoke DNS models that would hinder SASE objectives.

In its latest report on network trends, “The Future of Network Security is in the Cloud”, Gartner looks at how the momentum service delivery will change priorities well into the next decade.

As network and security services move out of the data center and into the cloud, as virtualized solutions replace single-use boxes, as mobility and edge computing grow in importance, Gartner sees a radically different future for business networks.  Two years ago, Gartner’s “NetOps 2.0” concept laid out the foundation of this change.  With the idea of the Secure Access Service Edge (SASE), Gartner is taking its idea of tomorrow’s service model to the next level.

What is SASE?

The idea of SASE (which Gartner’s analysts insist we pronounce “sassy”) is formulated around the ripple effects of shifting compute from data centers to a distributed network based in the cloud and on mobile devices.  As this shift occurs, Gartner predicts that security and network teams will have to operate where the action is – on the network edge – rather than trying to force developers and end users back into standardized services run (and controlled) by the network team through a “hub and spoke” model.

In other words, the power dynamic of network and security models is shifting for digital businesses.  IT teams used to set the boundaries of what was possible based on the capacity of existing networks.  As cloud computing allows for essentially limitless capacity, now the onus is on the IT team to catch up to what developers and end users can achieve.

That means addressing the needs of users wherever they happen to be.  For networking teams, that means that nobody’s going to be forced out of the cloud service they control and back through a core network and security architecture. The services have to be available in real time as part of a cloud native architecture, on a device, or wherever the network edge is for that particular user.  For security teams, that means monitoring traffic and enforcing every level of security once, for all users or devices.  Multiple enforcement layers will simply be too difficult to implement, and slow things down too much.

In Gartner’s view, the need for an integrated SASE solution will drive the convergence of network and security solutions.  IT buyers will want a single vendor to integrate all of these complex systems rather than go through the pain (and expense) of integrating them on their own.  Operationally, SASE will also drive a convergence of network and security teams as their functions and areas of interest increasingly overlap.

Preparing for a SASE world

The hard truth:  SASE is a Jetsons model projected onto a Flintstones world.  Even in 2019, Gartner’s grand vision of NetOps 2.0 is still far in the future for many large enterprises, let alone smaller businesses.  These aren’t systems you just turn on – they require massive investments, structural change, and realignment of skills.  Many enterprise networking teams struggle with the basics of cloud based services, and are hardly in a position to think further ahead.  Inevitable as these technological shifts may seem, it will take time to turn them from concept into reality.

Even if we’re early in the hype cycle, IT leaders should be thinking ahead to the SASE future, aligning their technology priorities accordingly.  Laying the foundation with strategic investments today can lead to lower costs and an easier transition when the time comes.  And for many enterprises, that time will come sooner than they think.

Network complexity is one area Gartner highlights as a roadblock standing in the way of SASE implementation.  Trying to implement an integrated networking and security stack on the network edge is going to be difficult when the underlying infrastructure is fragmented and controlled through a web of overlapping technologies.  Gartner points to the risk that all of this complexity will lead to “inconsistent management and enforcement, poor performance, and expensive deployments” when the time to implement SASE comes around.

Of course, the challenge of complexity is something most network teams face now.  Simply operating a large, complex network with SD-WAN, cloud native services, and virtualization layers is enough to make the heads of most network administrators spin.  If anything, Gartner is pointing out how that pain is only going to get worse over time.

Is your DNS SASE ready?

Gartner specifically calls out DNS as a piece of critical infrastructure which is needed for SASE technologies to be effective in the face of all this complexity.  This is a recognition of the key role that DNS plays in all network communications, as well as the roadblocks it currently throws up for digital transformation efforts.  Implementing security policies and controlling network traffic on the edge can only happen if the underlying DNS infrastructure is flexible, draws from a single source of truth, and facilitates network automation.

This is precisely why here at BlueCat we talk so much about the concept of Adaptive DNS.  Whether you’re preparing for the near future of NetOps 2.0 or the distant future of SASE, you’re going to need a DNS infrastructure which can flex and scale to deal with the growing complexity of network and security operations.

We’ve long recognized the strategic necessity of placing DNS everywhere – particularly at the network edge.  When you’ve got DNS deployed with service points right where devices and compute live, you can enforce security policies and route traffic in line with the SASE model Gartner envisions.  This approach sets BlueCat apart from solutions which either fragment DNS infrastructure or continue to insist on that rigid “hub and spoke” deployment model.

Learn more about BlueCat Adaptive DNS.

Or send a self-addressed stamped envelope (SASE) with $2.95 shipping and handling to…just kidding!


Published in:


An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

BlueCat and Cisco graphic stating “Get DDI data from BlueCat in Cisco Cloud Control” for AI-driven network operations

BlueCat DDI data boosts Cisco Cloud Control AI-driven operations

BlueCat’s integration with Cisco Cloud Control provides AI agents with access to trusted DDI data for network investigation and remediation.

Read more
Flock of geese flying in formation across a blue sky, framed by a pink graphic border, symbolizing coordinated network migrat

Automate your DDI modernization path by migrating with Micetro

Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.

Read more
Close-up of interlocked metal chain links symbolizing connected network objects and relationships in IPAM

How to map your network with user-defined links in Integrity X

Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.

Read more
Three armored figures walking toward a futuristic Las Vegas skyline with pyramids, glowing orb, and "Welcome to Fabulous Las

Your journey to intelligent NetOps begins at Cisco Live

Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.

Read more

📣  Now live: Explore BlueCat Horizon, our SaaS-first Intelligent NetOps platform.