The secure access service edge (SASE) market remains red hot, but vendors are probing new opportunities that could take advantage of more stringent regulatory data sovereignty laws requiring greater management and control over the transfer and storage of data.

Dell’Oro Group in a recent report predicted that the broader SASE market will nearly double over the next several years, shrugging off short-term macroeconomic uncertainty and riding a surge of enterprises seeking integrated and easier to manage networking and security services. The firm specifically forecast that the overall SASE market will hit $17 billion in revenues by 2029, surging at a 12% compound annual growth rate (CAGR) over that period.

Some of that surge will come from sovereign SASE deployments. These have been described as a way for organizations to maintain control over their data resources tied to specific regulatory frameworks, and typically involve several components built on top of traditional SASE that allows for more control over data storage, security, and transport.

“I think the bigger opportunity here is other than sovereign SASE is just the ability to have SASE under more direct control by the enterprise,” Mauricio Sanchez, senior director for enterprise security and networking at Dell’Oro Group, explained to SDxCentral. “For a lot of enterprises, going with something that's cloud delivered, that's over the top, that's [outside of their premises], that’s a big leap of faith. I think there's some desire, or there's always been a desire, of how do we wrestle control back, and I think [sovereign SASE] is one way that that goal can be accomplished.”

Brandon Butler, senior research manager at IDC’s Network Infrastructure group, concurred, noting that the sovereign SASE market aligns with growing interest in broader data sovereignty needs, or what IDC is labeling as digital sovereignty. This includes the need for enterprises to conform to regulatory obligations, which is becoming more challenging as those enterprises continue to delve deeper into the use of artificial intelligence (AI).

“We've seen a lot of movement from things like sovereign clouds that are being spun up for individual countries,” Butler said. “And with the AI era that we're in now, we're seeing more AI tools that have a sovereign aspect to them, where all of the data that is used for the AI system, there are very strict controls over that data staying in a certain geographic area.”

Butler added that this is initially being driven by enterprises in Europe and parts of Asia that are operating under increased data sovereignty rules.

“There are requirements for having detailed analytics to be able to ensure that a sovereign deployment is in fact sovereign,” Butler said of these requirements. “There are audits that can be done to ensure that sovereign technologies actually are in fact sovereign.”

This adds a level of complexity that will require SASE vendors to refine the simplicity of their offerings. Butler noted this includes having in-country operator partners that can deliver a robust networking experience for enterprises.

This type of geographical control might play into the hands of specific SASE vendors that have a broader software-based reach instead of relying on their own infrastructure. Both analysts pointed to firms like Fortinet and Versa as being well positioned to take advantage of that market.

“You can think of vendors whose pedigree is providing technology as much as the service or the outcome,” Sanchez said. “Any of these more traditional vendors that come from with the network pedigree or hardware pedigree or software pedigree, have an innate capability to be able to service that use case.”

What’s the sovereign SASE opportunity? And those vendors are touting that opportunity.

Versa CEO Kelly Ahuja told SDxCentral that the vendor sees several opportunity buckets, which could expand the SASE market base by up to 30%. This includes large enterprises that operate in several sovereign sensitive markets, telecommunication operators that want to provide a an in-line SASE package to enterprises in those markets, and hyperscalers that want to expand offerings on their sovereign cloud deployments.

“I think sovereign is going to open up a whole set of new opportunities for us,” Ahuja said, adding that these could include stringent use cases. “Some of these new use cases around tactical and other places, they're happening. They may not come out publicly, but it'll happen. The defense industry is massively looking at and deploying this approach.”

While vendors are understandably excited to grow the market, the full opportunity could remain muted.

“I think there is opportunity to grow this and that would spur more companies, more vendors to think about offerings,” Butler said. “But it's still early days in terms of some of these sovereign SASE architectures are just coming out, so it's definitely going to be a wait-and-see on how much uptake we actually get from them.”

Sanchez expressed a similar sentiment, stating he was currently “negative-neutral” on that opportunity in the near term.

“I always look at things with the 80-20 rule,” Sanchez said. “Is it going to be 80% of the market? No. It’s more likely to be the 20% at some point if anything.”