Verizon is adopting a two-pronged approach to the challenge the growing secure access service edge (SASE) vendor community has been mounting to the telco business model for the last couple of years.

Omdia view

Summary

Verizon is adopting a two-pronged approach to the challenge the growing secure access service edge (SASE) vendor community has been mounting to the telco business model for the last couple of years. On the one hand, it is about to change the way it takes security services to market, unveiling a combination of bundling of basic functionality with a freemium model whereby customers will be invited to pay for the more advanced version. Meanwhile, further down the road it plans to launch its own Verizon SASE service.

Bundle the basics and stimulate upgrades

Verizon has an extensive portfolio of security services covering everything from mobile devices and endpoints, through network and cloud security, to incident response and security operations center (SOC) services. Until now, it has offered them in the classic carrier fashion, as services delivered on top of whatever connectivity a business customer is buying from it, for example, private WAN/MPLS, broadband, or mobile.

The plan now is for all Verizon’s connectivity services to come with a “no frills” version of some of those security capabilities, particularly those around network and remote access using zero-trust access (ZTA) principles. Verizon has a ZTA service from its 2018 acquisition of the assets of software-defined perimeter (SDP) developer Vidder, SDP being one of the two main flavors of ZTA. This security functionality will not be optional: it will ship as default, and the connectivity services will not be available without it. Furthermore, it will be “free” in the sense that existing customers will not see any increase in what they pay to be able to start to use these security services.

This is already a fillip for Verizon’s salesforce, who can now argue that it is throwing in some free security services and thereby encourage customers to renew contracts. Once customers start to use those services, the hope is that the sales team will be able to highlight the benefits of an upgrade to the paid-for version, where the protection will be more extensive, the threat intelligence more comprehensive, and so on.

SASE is an existential threat to carriers

This is a fundamental shift in the way Verizon looks to monetize its security capabilities while at the same time enhancing the attraction of its connectivity services. It is also a timely response to the rise of SASE, which represents an existential threat to telcos around the world.

SASE is the term for increasingly popular service offerings that combine networking and security technologies, including secure remote access, and deliver them all as a service from the cloud. SASE services bundle four key components:

  • An underlying network over which the enterprise customer’s network will flow
  • Intelligent networking capabilities, also known as SD-WAN, for path selection, route optimization, and so on
  • Network security features such as firewalls and IDS/IPS for branch office connections
  • ZTA for remote workers

SASE services have been launched by a multitude of companies from different market segments, most of them tech vendors. There are network security vendors such as Palo Alto Networks and Fortinet, SD-WAN vendors including Versa, cloud access security broker (CASB) vendors Bitglass and Netskope, and network-as-a-service (NaaS) companies such as Cato. Conspicuous by their absence, however, are traditional telecoms operators. Indeed, since SASEs are underpinned by a network owned by their provider (even if it is only a series of points of presence on, say, Google’s Google Cloud Platform backbone), they represent a direct challenge, nay threat, to telcos, stealing their connectivity customers with the promise of networking and security all thrown into the mix.

This is a strategic play for Verizon

Telcos may, of course, build their own SASE services, and indeed, the US carrier says it is working on a Verizon SASE offering, which will be launched at some point after it makes the changes to how it markets security on its existing connectivity services. However, a SASE service will not necessarily protect the revenue it derives from the more premium services such as MPLS, so the current change in its security strategy is a significant one.

In “giving away” a basic version of some of its security services, it could be argued that Verizon is, in a sense, sacrificing its rings to save its fingers. However, by bundling these capabilities into its connectivity services it can

  • Create goodwill among its customers by helping them with their security challenges
  • Incentivize its salesforce to upsell the customer base to the paid security services.

And of course, in doing so, it has come up with an answer to the siren song coming from the SASE vendor community.

Appendix

Further reading

Omdia Market Radar: Zero-Trust Access (March 2020)

“Secure access service edge is not a new cybersecurity market segment” (June 2020)

Author

Rik Turner, Principal Analyst, Cybersecurity

askananalyst@omdia.com