To Buy or To Partner—That Is the Question: What Should SD-WAN Vendors Do to Develop Their “Secure” Offering?

Subscribe To Download This Insight

By Reece Hayden | 4Q 2021 | IN-6343

As the Software-Defined Wireless Access Network (SD-WAN—a virtual wireless area network overlay) market matures quickly, vendors must look forward and develop Secure Access Service Edge (SASE—a networking model that converges network functions and security solutions into a unified cloud-native service) capabilities. Although having a similar goal as SD-WAN, this fresh approach differs significantly as it is cloud native with integrated and comprehensive network security functions. But for vendors, the integration of security functionality has created a troubling dilemma: Should they buy (i.e., merge and/or acquire) or partner (i.e., forge a joint agreement to provide products together) with existing Network Security Providers (NSPs)?

Registered users can unlock up to five pieces of premium content each month.

Log in or register to unlock this Insight.


Two Opposing Strategies


A flurry of fresh announcements within the SASE market has brought this decision to the surface once again. On one side of the coin, Forcepoint—a global leader in data-first security—acquired Bitglass—a leader in the security service edge market—to complement its data-first SASE architecture. Forcepoint has announced that this acquisition will accelerate advanced data security within its SASE offering and assist enterprise deployment and use. Aryaka Networks and Palo Alto Networks have previously followed similar strategies by acquiring the NSPs Secucloud and CloudGenix, respectively. On the flip side, Alcatel-Lucent Enterprise has chosen to partner with Versa Networks and is hoping to enhance its SD-WAN offering by optimizing integrated network security functions. VMware continues to partner with Zscaler to offer integrated security SASE solutions. On both sides of the coin, the motive is the same. Vendors are responding to market demand by developing a full End-to-End (E2E) SASE product with integrated network security. But the means differ.

Pressing security concerns mean that SASE is likely to rule the market for years to come, but which strategy should appliance vendors follow to integrate security functionality: Should they buy or partner with NSPs?

Two Different Outcomes


The business impact from either buying (Forcepoint/Bitglass) or forging a partnership (Alcatel-Lucent/Versa) with an NSP will vastly differ.

Buying an NSP could have significant long-term benefits for vendors. In choosing to buy, the company will own the intellectual property, meaning that it has the flexibility to implement this property across its existing product offering. This ownership has drawbacks in terms of innovation costs, but it reduces competition as other companies will be unable to partner with and benefit from the NSP’s existing intellectual property. Taking steps to reduce competition is vital to success as the SD-WAN marketplace is already saturated. In terms of a company’s bottom line, buying rather than partnering could have a mixed outcome. Mergers and Acquisitions (M&A) do have significant costs, but they also offer the opportunity for synergistic savings. By integrating products, savings can be made within business services, procurement, and manufacturing.

Partnerships with NSPs are immediately beneficial as they provide vendors with the quickest “go-to-market” strategy. Each party is incentivized to move quickly, meaning that they can often benefit from a “first-mover” advantage. Within a saturated marketplace, this can benefit companies in terms of market share and supply chain procurement. In terms of the bottom line, partnerships do not require significant financial outlay as they are built on profit-sharing arrangements instead. These factors suggest that NSP partnerships offer a more risk-averse and flexible strategy that would allow vendors the option to change their path and pivot toward other NSPs, mitigating the risk of technological obsolescence.

One Choice Vendors Need to Make


The solution to this dilemma seems to lie within two critical areas: perception of the SASE market dynamic and the developmental phase of NSPs.

SASE remains in its early stages. This immaturity presents an opportunity for companies to benefit, through partnership, from the first-mover advantage. That being said, big players such as Cisco and Cato Networks have already—although not convincingly—gained this initial advantage within SASE. As a result, ABI Research recommends that vendors take a longer-term view of the SASE market. Rather than trying to beat first movers at their own game through M&A, companies can develop bespoke E2E solutions that outperform the first movers. As usual, a well-implemented acquisition rather than a rushed partnership is more likely to produce SASE that meets enterprise requirements. M&A would also reduce future competition. As the SASE market becomes more saturated, vendors that own the security technology will not need to compete in order to renew partnership agreements with NSPs. For these reasons, M&A could be a more prudent strategy that recognizes the longevity of the SASE market and avoids paying premium rates for partnership agreements in the future. However, pulling the reigns in slightly, it is important to note that there are significant differences among NSPs. Subsequently, SD-WAN providers cannot be NSP agnostic; instead, they must target the acquisition of Communication Service Provider (CSP)–focused NSPs so that they are not accidently dragged into the mature Information Technology (IT) enterprise network security marketplace.

Network security solutions remain undeveloped within the CSP and telco marketplace, and many continue to question which solution configuration is best in class (e.g., a secure web gateway, a cloud access security broker, zero trust network access, firewall as a service) for SASE and secure SD-WAN. This means that M&A could lead to competition problems in the future (e.g., technological obsolescence) as other players pivot to more suitable network security solutions. However, an adequate M&A strategy does not leave companies with a static solution. Instead, it provides them with a platform (and often a team of experts) on which innovation can take place to create a bespoke security solution. This security solution can then evolve in line with the company’s own SASE rather than relying on a partner’s disconnected innovation.

This market is here to stay. Enterprise demand for cloud native and security integrated solutions is growing. Vendors must ignore the temptation to look for a quick fix (partnerships) as big players (e.g., Cisco, VMware) are already benefiting from the first-mover advantage. Instead, it would be prudent for companies to take a long-term approach and consider the significant opportunities that acquiring an NSP with a focus on communications, not IT, can create for SASE. This is not to say that partnering with existing security providers is foolish—far from it. Partnerships offer a risk-averse go-to-market strategy that may end up benefiting those who wish to challenge the biggest SD-WAN players.