Versa became the latest SD-WAN vendor to embrace the secure access service edge (SASE) architecture with a new platform aimed at addressing the challenges faced by remote workers.

Versa's Secure Access supports SD-WAN functionality, including quality of service (QoS) and identify-based policy enforcement, for remote workers without the need for dedicated CPE hardware.

"It's completely software only, meaning there's a client that runs on Windows, Mac, iOS, and we'll also be introducing an Android version," said Versa CMO Mike Wood, in an interview with SDxCentral. "We think, this is pretty unique in that it enables SD-WAN all the way down to that client."

Traditionally, he explained, CPE hardware would have been required to take advantage of SD-WAN type service.

SASE — pronounced sassy — stitches together elements of edge computing, security, and wide-area networking (WAN) into a single cloud-native package. The Gartner-coined category has gained widespread adoption among SD-WAN and security vendors since it was unveiled last August. Cisco, VMware, and Palo Alto Networks are now among the largest vendors to debut a SASE offering, albeit far from the first.

Wood explained that Versa had planned to release the platform later this year, but moved up the announcement after millions of Americans found themselves working from home as a result of the COVID-19 pandemic.

Like its CPE-based SD-WAN offering, Versa's SASE play is built around the Versa Operating System, which offers SD-WAN and security features including stateful and next-generation firewalls, denial of service protection, intrusion prevention, and URL filtering.

"The common architecture that Versa has places it in this uniquely differentiated position to be able to deliver services built on premises and in the cloud in our distributed cloud gateways in a way that I think that no other vendor is capable of doing," Wood said.

And while Versa believes that CPE hardware still has a place in the branch and in headquarters, "there are going to be instances or locations where that it might not be possible, where the CPE may not be something that is either easy to deploy or even makes economical sense," Wood said.

He added that network and security policy needs to be applied regardless of where the worker is connecting from and that it wouldn't make sense for them to carry a CPE device just to take advantage of SD-WAN features. Instead, Versa's Secure Access platform runs on dozens of points of presence (PoPs) located in public cloud data centers and in colocation facilities.

"We have dozens of Versa Cloud Gateways distributed around the globe," Wood said, adding that it's possible to spin up additional gateways "almost instantly" in public cloud providers like Amazon Web Service (AWS), Microsoft Azure, and Google Cloud Platform (GCP) as more users transition the SASE model. And because these PoPs are located in the public cloud or near public cloud gateways, Wood claim's Versa's SASE platform can provide a greater quality of service to customers.

The distributed nature of the network also enables Versa to deliver the service to customers via an agent. Once installed, customers are connected to the nearest PoP based on their location and connection type. From here the user is identified and network and security policy is applied.

These policies can also change based on factors such as location to ensure compliance or limit access to resources based on geography, Wood explained.

More importantly, enterprises don't need to be existing Versa customers to deploy its Secure Access service.

"You don't have to have Versa Secure SD-WAN deployed. In fact, you could have another vendors' SD-WAN solution deployed or you had no SD-WAN deployment," he said. "It's a great way for a business to experience secure SD-WAN with a very low barrier to entry."

With the launch of its SASE offering, Versa is also accounting for its large network of service provider partners with two models for resale.

The first is a white-label offering that uses Versa's network of cloud gateways. "I would say maybe the smaller service providers might do something like this," Wood said.

The second model involves deploying Versa Cloud Gateways into the service provider network, which according to Wood, is critical as it offers service providers a way to differentiate themselves from other service providers on the market. He added that any enterprise or service provider can license the Versa Cloud Gateway in order to build out its own network of PoPs. "They don't even have to rely on our system of cloud gateways, they can actually build their own system."

Versa Secure Access is available in North America, Europe, the Middle East, Africa, and select Asia-Pacific markets starting today. However, the offering is likely to evolve in functionality in the coming months. "We're not out claiming that we are a complete full-blown SASE solution," admits Wood. "Versa is steadily working to deliver a complete end-to-end SASE implementation which follows the Gartner definition of SASE."

While Versa claims to support most of the SASE feature set, there are several gaps, including remote browser isolation and deduplication, which the company is working to close.