Today, Microsoft’s identity and access group made numerous announcements about its Entra product family. The Entra name was introduced a year ago (May-2022) to bring together the long-standing and well-respected Azure Active Directory (AD) franchise with Microsoft’s cloud infrastructure entitlement management (CIEM) solution. While Azure AD kept its name a year ago, today, it was changed. Azure AD is now Microsoft Entra ID. The picture below summarizes the essential products part of today’s announcement.
For me, the critical announcement today was Microsoft’s introduction of its new SSE solution anchored to two new products, Microsoft Entra Internet Access and Microsoft Entra Private Access, and an existing one, Microsoft Defender for Cloud Apps.
Microsoft EIA is in public preview with limited functionality. It can only protect Microsoft 365 and Windows clients. General traffic protection, cloud firewall, threat protection, and support for other operating systems are slated for later this year.
Microsoft EPA is in public preview. No significant limitations were noted in today’s announcement.
Microsoft went out of its way to remain committed to supporting an open SSE ecosystem.
The naming scheme for Microsoft copies Zscaler’s naming scheme for equivalent products (Zscaler Internet Access [ZIA] and Zscaler Private Access [ZPA]). This is not the first time we have seen a vendor copy Zscaler’s product structure and naming. As they say, if you can’t fight them, join them.
CASB (cloud access security) requires a third Microsoft product, Microsoft Defender for Cloud App.
My SWOT analysis
Strengths
Unrivaled enterprise presence to facilitate awareness. Everyone knows who Microsoft is and generally enjoys substantial goodwill among its customer base. A large salesforce and partner ecosystem will open many doors.
Identity foundation. No other SSE vendor has the same identity vendor chops that Microsoft brings. SSE is identity-heavy, which Microsoft can exploit by owning the identity use cases end-to-end.
Azure Cloud. Most SSE vendors partner with cloud service providers like Microsoft Azure to stand up their SSE clouds. Whether cost models or the ability to exploit deeper integrations, the Entra team has a likely advantage.
Weaknesses
Severely late to market. Cisco, Palo Alto Networks, Symantec, and Zscaler have a multi-year start over Microsoft. Gaining momentum in a crowded market will take work.
No full SASE: SD-WAN still requires a third-party vendor. Single-vendor SASE vendors are gaining market traction.
CASB is still a separate product. Unclear how policy sets are defined, but from initial impressions, there will be no policy tie-ins with Microsoft Defender for Cloud App.
Opportunities
Costing model. Large enterprises that are strong Microsoft shops and take advantage of Microsoft’s Enterprise Licensing Agreement benefits could lead to significant uptake of Microsoft SSE solution.
Full SASE: Microsoft has strong networking chops that could facilitate servicing the full SASE opportunity, including networking and security.
Threats
Microsoft has a history of entering network security markets and then backing away. It tried entering the firewall market in the 2000s, then backed out, leaving customers stranded.
Rate of feature richness: Best-of-breed players likely will continue to drive faster innovation and feature richness.
Microsoft has several scheduled analyst briefings over the next month, including one focused on today’s SSE announcement in mid-August. We keenly await to hear more, but until then, please feel free to reach out with any questions.
[wp_tech_share]
Spring is time for renewal and we are fresh off some energizing discussions at vendor conferences by HPE Aruba, Juniper, and Extreme Networks. May is a great time to round up some of the major Wireless LAN (WLAN) vendor announcements of the first part of the year. We’re seeing four key themes emerging in manufacturers’ strategies and these trends will have impacts on the WLAN market and its evolution.
AI is everywhere – WLAN is no exception
Artificial Intelligence promises to solve some of the world’s most intractable problems, and the intractable problem in WLAN is network management complexity. Enterprise IT teams are struggling to solve bad coverage, interference, and congestion while at the same time, dealing with trouble tickets that are caused by application or WAN-level issues. When user experience is bad, it’s always the Wi-Fi that gets blamed.
Juniper Mist has led the market’s mindshare around AI-Ops and micro-services architectures for enterprise networking. Further enhancements to Mist were announced at Mobility Field Day, with Marvis (Juniper’s virtual assistant) now leveraging the summarization skills of ChatGPT. Juniper has also announced they will be gathering network and user feedback from Zoom’s videoconferencing application which will allow their AI engine to predict the quality of videoconferences that take place in the future.
Meanwhile, HPE has introduced the next generation of Aruba Central in Greenlake, with a whole new solar-system look. In their slick demo at Atmosphere, they highlighted the Time Travel feature that allows the IT team to rewind to the moment of a moment of network degradation and visualize the network metrics at exactly that moment.
High-end AI features tend to arrive first with the public cloud-managed solutions. In 4Q22, only 25% of the world’s units were shipped into public-cloud managed networks, giving them a premium feel and demonstrating that there is room to grow the market. These solutions generate the recurring revenue streams the vendors are chasing, with the added bonus of boosting margins.
AI-Ops is the next frontier of innovation in campus networking and manufacturers are hoping that the savings in enterprises’ IT expenses will be transferred to their bottom line. We are predicting the revenue from these features will continue to grow, and that pubic-managed WLAN solutions will make up over 40% of WLAN manufacturer revenues in 2027.
Wi-Fi 6E expands its foothold
Wi-Fi 6E APs have been slow to take hold in the market (for an explanation as to why this is, see Checking in on enterprise-class Wi-Fi 6E) with vendors such as Extreme, HPE Aruba and Cambium leading the pack in Wi-Fi 6E adoption. However, in the first part of the year, there have been some announcements that will help accelerate 6E take-up.
Commscope Ruckus kicked off the year by announcing a new 2×2 Wi-Fi 6E AP (the R560) aimed at the MDU market. Then, a couple of weeks ago, Arista presented the C330 AP, a 2×2 product that will be available in June. In their Atmosphere conference, HPE pointed to the 615 AP as their affordable 6E option and promised a new 6E AP to come for the hospitality segment. Juniper then introduced the AP24, a lower cost, 2×2 product. Finally, at their conference in Berlin, Extreme Networks revealed the availability of the AP3000, claiming it to be the world’s smallest and greenest Wi-Fi 6E AP.
The introduction of more Wi-Fi 6E 2×2 products will help to bring the average price down, which until now has remained higher than historical precedents set by WLAN technologies. However, we are predicting that the life-cycle of the protocol will be shorter than previous technologies. While some major vendors point out that Wi-Fi 7 standards have not yet been ratified by the IEEE, manufacturers in China are already shipping low volumes of Wi-Fi 7 enterprise-class APs, and Ruckus has revealed that the company is working on a Wi-Fi 7 / cellular combination product. Dell’Oro group is predicting that Wi-Fi 6E shipments will hit their peak in 2024 as the new 802.11be (Wi-Fi 7) APs gain traction.
Network Access Control moves to the Cloud
The Network Access Control market is dominated by Cisco ISE and Aruba ClearPass. Last year, Juniper made a move to shore up this leak in its portfolio by acquiring WiteSand, a startup focusing on cloud-native zero-trust Access Control solutions. Arista has made no secrets of its ambitions in enterprise networking sector, and at the end of April, the company announced Agni, its cloud-based NAC, expected in the second quarter. Tellingly, Arista has put effort into ensuring that a customer can easily migrate from an existing NAC system, such as ClearPass. At the end of April, Extreme Networks CEO, Ed Meyercord, let it slip on their earnings call that Extreme would also be “cloudifying” their NAC solution, with an official announcement to come.
The Network Access Control market is small, but these recent vendor announcements demonstrate that placing this function in the cloud is a strategic move to lock up WLAN and campus switching revenues. These are wise choices as we approach what Dell’Oro Group is predicting will be a difficult 2024. We expect campus networking revenues will contract as the market digests the tsunami of orders that have been tangled in backlogs. Vendors will be looking for all the enterprise stickiness they can get.
Campus NaaS broadens its appeal
The Campus NaaS market is emergent and messy, giving ample opportunity for new players to differentiate themselves. We’ve already discussed a framework for the types offers available, showing that new entrants like Shasta Cloud, Meter, Nile, and Ramen Inc have thrown down the gauntlet to incumbents (Dell’Oro Campus NaaS & Public Cloud-Managed LAN Advance Research Report) –but the Camps NaaS market just became even busier.
HPE Aruba announced Agile NaaS at Atmosphere, touting that the standardized NaaS SKUs will enable their MSP partners to sell 75 cents on the dollar of additional services. In Extreme Network’s April earnings call, CEO Ed Meyercord announced investing in R&D to package a solution that will simplify MSPs’ delivery of managed services. Our confidential discussions with several vendors confirm that there is a wide interest in this type of offer, with new announcements on the horizon.
Different service providers mean different things when they sell Campus NaaS; however, one common element is the generation of recurring, high-margin revenues. The size of the dent that new offers will make in the market, and the likelihood they can create new revenue streams, are two market uncertainties that are playing out at this very moment.
With these four key trends in the WLAN industry, manufacturers are increasing both the depth and breadth of their offers, enhancing their technological and commercial appeal. The WLAN industry has seen record growth over the past two years. As we enter a more challenging market environment, manufacturers will need improvements such as these to maintain their customer base while they turn their sites to expand to new markets.
[wp_tech_share]
But Market Growth is at Risk Due to Service Confusion
In 1880, Thomas Edison said “We will make electricity so cheap that only the rich will burn candles” and today, no enterprise can operate without power. Since the upheaval of a global pandemic, IT manufacturers are seeing Edison’s promise in a new light: converting Wireless LAN into a utility will accelerate enterprise productivity. Along the way, manufacturers stand to gain a steady stream of high-margin, recurring revenue.
Manufacturers of Campus LAN equipment (enterprise-class WLAN and Switching) generated $29B of revenue in 2022 with an anticipated 5-year CAGR of 2%. New entrants believe the market is ripe for an innovative service offer and incumbents are looking to accelerate market growth.
The Vision is Compelling, but its Instantiation Remains Unclear
Industry visionaries have therefore married the vision of “Wi-Fi as a utility” with the cloud-enabled “As-a-Service” (aaS) technology abstraction to create a compelling proposition – but it is rare to find two manufacturers who describe the service in the same way. With each variation having different commercial, financial, and technological implications, it’s a complex landscape for IT departments to navigate.
And so, the killer question remains unanswered: Will the Enterprise Campus NaaS opportunity succeed in expanding the campus network market? Or will it be relegated to a differentiating feature of existing solutions, fueling competition without growing demand?
New entrants to the Enterprise Campus NaaS market believe the former proposition is true. They have developed cutting-edge technology and innovative commercial strategies to meet enterprises’ needs. Meanwhile, incumbent vendors’ are positioning services that have deep feature sets, well-developed channels, and strong brand awareness.
A common framework for defining Enterprise Campus NaaS is critical for manufacturers to quantify the market opportunity and hone their strategies. For the service to flourish, their customers’ IT departments must be able to understand and compare the available services.
Defining the Cloud Consumption Model in a Campus Context
The three words “As A Service”, or aaS, have become synonymous with the cloud computing model. The aaS extension is appended to different words (e.g. Infrastructure, Platform, Software) to denote different levels of technology abstraction. When applied to campus network IT, the cloud consumption mode is often called NaaS, or Network As-a-Service. This term lends confusion as it can also denote Wide Area Network services.
Since terminology matters when new markets are being developed, we define Enterprise Campus NaaS as the delivery of campus connectivity at Layer 2 and Layer 3 of the OSI model (such as WLAN and switching) within the premises of an enterprise or organization by means of a service that adheres –at least partially– to the cloud consumption model.
To provide a common framework for comparing the offers on the market, we define the four key parameters of the cloud consumption model below and explore how these can be instantiated in campus networks.
Cloud Consumption Services Are Outcome-Oriented
With an outcome-oriented service, an enterprise no longer purchases technology. Instead, it purchases a service based on a result it expects to attain. For example, the Open Data Center Alliance has defined IaaS outcomes such as millions of IO operations, or GBs of disk capacity.
In a campus networking environment, an enterprise could purchase a solution defined by a consistent Wi-Fi signal level over a given area or a minimum download speed for a specified number of devices. However, due to the complexity of these models, many Enterprise Campus NaaS providers opt to structure their service around the underlying technology, charging a fee based on the number of APs or ports.
A truly outcome-based Enterprise Campus NaaS must be accompanied by an enforceable Service Level Agreement, which remains another impediment. Manufacturers are well aware of the challenges and costs associated with implementing SLAs.
The Cloud Consumption Model isElastic
An elastic “aaS” offer appears infinite. The purchaser of PaaS is not bound by the fixed dimensions of a server or hard drive; the service provider ensures the capacity and desired reliability are available.
For a university whose students have just discovered the latest bandwidth-hogging application, an elastic Enterprise Campus NaaS would absorb the unexpected traffic peaks with no costly design changes or additional hardware.
However, the tight coupling between WLAN hardware and its physical installation represents a challenge for service providers. Some of the offers on the market are designed to have a certain elastic nature, but their upper limits will remain constrained by the on-premises hardware installed.
Cloud Consumption Services have a Recurring Price Structure
In its simplest form, Enterprise Campus NaaS, is priced with a subscription fee: a conversion of capital cost (of APs and switches) to a recurring, operational expense.
This can be attractive for a distributed retail operation opening a new store, whose large, up-front cost of the network infrastructure disappears. The new location would increase the company’s IT bill in the same proportion as existing locations, simplifying cost attribution and recovery. In these types of service offers, the cost of financing the hardware is often blended into the monthly price.
For “aaS” offers that are also elastic and outcome-oriented, another commercial structure becomes a possibility: consumption-based pricing. With this model, a university network that benefited from an Enterprise Campus NaaS would have hardware in place for near-infinite usage, but the monthly bill would dip down in the quiet summer months.
Given the large cost of network hardware on premise, manufacturers may find it difficult to charge true consumption-based pricing. Enterprises will have to commit to prescribed contract lengths or minimum monthly charges, even if the service price varies somewhat according to usage.
Cloud Consumption Services are Maintenance-Free
Whether it’s IaaS, PaaS, or SaaS, hardware maintenance is performed by the service provider. For Enterprise Campus NaaS, maintenance, or life-cycle, services are the blurriest of the cloud consumption parameters.
Traditionally, campus IT manufacturers have shied away from delivering ongoing life-cycle services, avoiding direct competition with MSPs, their valued channel partners. However, last year Home Depot announced it was outsourcing portions of its campus network operations to HPE, whose executives have been emphasizing the long-term profitability of “aaS” offers. In contrast, Juniper Mist and Cambium Network’s Enterprise Campus NaaS announcements focus on enabling their channel partners.
Whereas new entrant Shasta Cloud is promising to revolutionize the way MSPs deliver Enterprise Campus NaaS to their clients, startups Nile and Meter are focused on delivering the full gamut of life-cycle services directly, as well as via channel partners.
The most difficult phase of the technology life-cycle to include in Enterprise Campus NaaS is the hardware end-of-life. A truly “evergreen” service, would include hardware upgrades as the 802.11 standards evolve –without an enterprise paying for them outright– but Enterprise Campus NaaS is still too new to have put this phase to the test.
How is the industry positioning Enterprise Campus NaaS?
Over the past 6 months, we have interviewed over a dozen industry participants who have commercialized, or are planning on commercializing, some type of Enterprise Campus NaaS. A minority of the services met all of the cloud consumption characteristics. However, all of the services met at least one criteria, with subscription-based pricing being the most popular. Fewer than a third of the Enterprise Campus NaaS offers had some form of elasticity or contained an evergreen provision to upgrade hardware at no additional cost.
With industry players approaching Enterprise Campus NaaS from different angles, it follows that their commercial strategies vary, with a focus on different customer verticals, segments and channels. However, there are three broad categories of Enterprise Campus NaaS that are beginning to emerge. As the market matures we expect to see vendor strategies consolidate according to which of the three types of Enterprise Campus NaaS they envision: Enabler, Turnkey, or Wi-Fi as a Utility, as depicted below.
Those who are navigating the complex Enterprise Campus NaaS landscape can look to history, at the evolution of the electrical power grid. Thomas Edison chose to back a power distribution system based on Direct Current —convinced that Alternating Current transmission systems were too dangerous to the public. The competing models battled it out for over a decade before Edison Electric merged to form General Electric, and AC distribution became the worldwide standard.
Enterprise Campus NaaS brings the allure of easy-to-manage, ubiquitous WLAN at a time when businesses depend on wireless connectivity more than ever. However, to effectively market the service, the industry needs to converge on some common definitions. Once that happens, enterprises will be able to take their Wi-Fi coverage for granted, thinking about it as much as they think about electricity — about once a quarter, when they pay their bill.
More information on the different approaches to Enterprise Campus NaaS and a quantitative analysis of the market will be included in the advanced research report entitled Campus NaaS and Public Cloud-Managed LAN, to be released in June 2023.
Happy New Year! Right before the holidays, we published our 3Q22 reports which provided a good overview of the market performance for the first nine months of 2022. Based on those results and while vendors have not reported their 4Q results yet, the Campus Switch market is estimated to have achieved a stellar double-digit growth, reaching a record-revenue level in 2022.
Now the big question is what’s next and what does that mean for 2023 performance? Should we expect a market pull-back, especially in light of rising macroeconomic uncertainties? And what other trends should we watch in 2023?
1) Market Performance to Remain Healthy in 2023
Despite the remarkable performance in 2022 resulting in a tough comparison for sales in the new year, we project that the Campus Switch market will continue to grow in 2023. Our optimism is underpinned by the healthy backlog witnessed in the market. On the latest earnings calls, almost every switch vendor reported near record-level backlog and most did not expect a return to normal in the next several quarters. As the supply situation continues to improve in the first half of 2023, it will help fulfill this backlog, providing a cushion for market sales not to crash, even when booking growth rates start to moderate. Furthermore, this backlog will be priced at a premium compared to what has been shipped in 2022, as explained later in this blog.
However, as we head into the second half of 2023, we believe that improvement in the supply situation, combined with macroeconomic challenges, will put a break on the panic-purchasing behavior that led to the extraordinary levels of backlog recorded so far in the market. We, therefore, expect a significant slowdown in bookings, followed shortly thereafter by a slowdown in revenue, as most of the backlog will have been fulfilled during the first half of the year.
2) Market Prices May Finally Start to Rise
As you know, almost every vendor had to increase its list prices by an average of 10-15% as a way to protect margin by passing some of the increased supply-related costs to customers. However, those list price increase actions have not yet started to impact recognized revenues as most of the products that have been shipped in 2022 are from orders placed ahead of the list price increase. However, as supply improves and as this old backlog starts to get fulfilled in 2023, we expect the market to start to benefit from this list price increase, although it may partially be offset by regional, customer, and product mix dynamics.
3) Wide Discrepancy in Regional Performance
2023 is expected to be a wild and uncomfortable year from a geopolitical and macro perspective. The war in Europe, the global energy crisis and inflation are expected to put pressure on market demand and curb enterprises’ appetite for spending. However, we expect this slowdown in demand to be more severe in certain regions compared to others. For instance, we expect the slowdown to be more severe in Europe than in the U.S. Additionally, China will also be dealing with the increased rate of COVID infections following the end of the zero-Covid policy.
4) 2.5/5.0 Gbps Campus Switch Adoption to Accelerate
We predict 2.5/5.0 Gbps shipments to grow in excess of 50% in 2023, showing an accelerated growth rate compared to 2022. This accelerated ramp is a reflection of improved supply but also increased demand. We expect a higher portion of Wi-Fi 6E and Wi-Fi 7 Access points (APs) to ship with 2.5/5.0 Gbps uplinks and to drive the need for 2.5/5.0 Gbps switches. Additionally, as employees return to their offices, even on a part-time basis, network traffic will surge, requiring higher-speed Wi-Fi APs and switches. Last but not least, we expect this growth in 2.5/5.0 Gbps switch shipments to be diversified among a wide variety of vendors, unlike during the prior years when Cisco used to comprise well in excess of two-thirds of the shipments in the market.
5) Network-As-A-Service Offerings to Increase and Open the Door for Heated Competition in the Market
Perhaps one of the main questions we have been getting in 2022 and expect to persist in 2023 is around Network-As-A-Service (NAAS) offerings. What is the definition of NaaS? What does it include? What is the target market? How are vendors charging for it? What is the delivery model? How are the different responsibilities being divided to provision, maintain and operate the network?
Given the complexity of the matter, we felt the need to address all the questions above and even more in an advanced research report that is planned to be launched in 2023. Stay Tuned!
In the new year, the time is ripe to reflect on our 2022 predictions and look to a fresh batch of 2023 predictions. A year ago, we made the following predictions for 2022:
Only a minority of enterprises will fully deploy SASE in 2022, but all will force SASE of their vendors
The physical Firewall market rebound will modulate, while cloud-centric security will continue to grow faster
Firewall-as-a-Service will begin to cannibalize carrier-class Firewall physical appliances
On our first prediction, we believe we were right. SASE, an architectural IT direction to transform and unify WAN-centric networking and security for branches and remote users, continued to gain interest and traction. However, how the enterprises deployed SASE networking versus security technologies remained extremely disaggregated and on different timelines due to the difficulty of changing too many parts simultaneously. The implications for the technology vendors were that irrespective of whether disaggregated or unified–or even whether single-vendor or multi-vendor SASE–they had to demonstrate to customers that they could help them on their SASE journey today and into the future. In other words, vendors were forced to show SASE capability even if customers didn’t yet take advantage.
Our second prediction was a split decision. We were right that cloud-centric security–the SaaS- and virtual-based variants of network security solutions–would grow faster than traditional network security solutions. While there will always be a role for hardware, the ongoing shift to the cloud limits the role that hardware can play in the enterprise, particularly in the data center. However, as corporate networks–or even cloud service provider networks–footprint expands in size, hardware firewalls play a role. We are wrong about how much appetite the market still had in 2022 after robust 2021. 4Q22 numbers haven’t come in, but if current trends hold, the full-year 2022 revenue growth of the hardware firewall market will match the 2021 rates.
Our third and last prediction was the boldest, and we were wrong. We still believe that cloud-based firewalling can and will eventually put pressure on the highest tiers of firewalls (carrier class), but 2022 was a different year. However, at the branch or even small data center level, we did some start on displacing lower-end firewalls.
Gazing in our crystal ball, we have the following three predictions for 2023:
1 – Security spending to remain stable in looming economic storms
Most economists predict that in 2023 the worldwide GDP growth rate will be weaker at 2.1% compared to the actual 6.0% and expected 3.0% growth in 2021 and 2022, respectively. Put in perspective, 2.1% growth would be the third weakest rate of growth in the last 20 years and only overshadowed by the Great Recession in 2009 and the Covid-19 drop in 2020.
While it would be folly to say security spend will break records in 2023, we expect it to remain stable against increasing economic storminess. Of late, security has and is expected to continue a board-level discussion and hence be a top investment priority. Attacks aren’t stopping even if the economy does. No CEO wants their mugshot on the nightly news because of a security breach.
2 – SASE to keep growing, but a split decision between networking and security components
SASE is the amalgamation of networking (SD-WAN) and security (security service edge [SSE]) technologies. Most enterprises have and will continue to purchase separate SD-WAN and SSE solutions to (eventually) integrate them to achieve the disaggregated form of SASE. We expect enterprises to continue to prioritize the security side of SASE but slow down the networking side as the economic pressure increases. As a result, we foresee the SSE-side of SASE to post another year of solid growth in 2023, but we anticipate that SD-WAN will see a marked deceleration in its growth.
3 – Increased cloud breaches to cause spending on cloud workload security to be over $6 B in 2023, which is over 4x higher than in 2020
This past Fall, we issued our first Advanced Research Report on the cloud workload security market, which goes by various names, including CNAPP, CWPP, and CSPM. We delved into this space because network security vendors have entered cloud workload security as a natural adjacency. We found a market in hypergrowth as enterprises that have or embrace the cloud find many new, thorny security problems. As a result, we expect that enterprises will have to spend the money and lead the cloud workload security market past the $6 B mark, which is 4x higher than in 2020.
A year from now, we’ll reevaluate and see what came true. Until then, all the best in the new year.
Watch This Video:
What’s next for SD-WAN, SASE, and network security in 2023?
