Fortinet drew a line in the sand for how it believes secure access service edge (SASE) will be delivered this week after announcing a strategic partnership with Orange Business Services. The collaboration will see Orange deploy Fortinet’s full security and networking stack across its global infrastructure and network backbone.

The approach encapsulates a growing divide between SASE vendors, which have largely relied on the major cloud and colocation providers for networking and hosting.

“The problem I found in the last five or six years of speaking with service providers and telcos is they were siloed. They had this networking team, and they had this security team, and they would come together, but it was usually after the services were built, and that created an opportunity for what I call independent SASE vendors,” Fortinet CMO John Maddison told SDxCentral. “It opened the door because telcos couldn’t really build a competitive product.”

Fortinet aims to change that beginning with Orange. “Orange is probably the first service provider to realize we can’t be siloed," Maddison added.

While hosting SASE or security service edge — Gartner’s term for cloud-delivered security services — in public cloud data centers allowed vendors to hit the market quickly, it also means they’ve effectively become service providers that don’t control the infrastructure on which their products run, he explained, adding that very few if any of the SASE vendors will ever be profitable given those overheads.

“The Zscalers, the [Palo Alto Networks] Prismas… they’re becoming their own telco long term,” Maddison said, adding that this is a problem for the service providers and telecoms reselling those services because if "you don’t own the technology, you don’t own your own destiny.”

Fortinet, instead, believes the best place for the SASE security stack is at the edge of the telco cloud, connected and managed by the communications service provider.

“I think the service providers are in a much better position to build a true SASE solution. They own the network already; they have points of presence around the world,” he said. They have “all the costs that an independent SASE vendor has to bear” covered.

Orange is far from the first service provider to embrace Fortinet’s vision for SASE.

Early last year, AT&T announced its first managed SASE offering would be powered by Fortinet. And last fall, Spain-based telecommunications giant Telefónica expanded its relationship with the security vendor to deliver SD-WAN and secure access service edge (SASE) functionality to its customers.

Fortinet also isn’t the only SASE vendor actively courting service providers either. Palo Alto Networks also won large contracts with AT&T, GTT, and Comcast Business last year, and last week announced a number of advancements to its Prisma SASE platform that specifically target managed service providers (MSPs).

The updates included a hierarchical multi-tenant dashboard and open APIs designed to help operators automate SASE deployment and management. However, Maddison argues dashboards and API hooks don’t go nearly far enough. “There’s a big difference between OEMing and building it yourself.”

Because of this, he expects very few SASE vendors will be able to compete in the MSP space.

“I don’t think there will be that many people doing what we’re doing. It’s a huge amount of R&D investment and time on both sides. I think more should be doing it, but I don’t think some of them can do it,” Maddison said.