Security and networking have converged. This is not a new idea, but today's work environment has made it a must, and new technologies have finally made it possible. The availability of technologies such as mobile devices, high-speed connectivity, and cloud-based services, as well as digital transformation and the work-at-home and remote working environment, have permanently changed where and how people are able to work.
A combination of technologies is needed to support a dynamic mix of people, devices, and resources – none of which is in a fixed physical location. While the pandemic is relatively new, the challenges around provisioning security and network capabilities are not. The practice of using old security and networking architectures to support new business trends has resulted in inefficient traffic routing, serious gaps in security, and redundant equipment spending.
The issue of technology lagging behind and not meeting the security and networking needs of today’s dynamic workforce has led to questioning the value and utility of relying solely on on-premises security and networking and devices to connect locations primarily through dedicated Multiprotocol Label Switching (MPLS) links. Enterprises understand that IT infrastructure is no longer about connecting devices with fixed IP addresses to storage and compute resources that reside in fixed, on-premises datacenters.
Traditional SD-WAN is a broadly accepted technology that offers a software-defined architecture for managing and deploying security and networking functions and resources. One of the trends of this technology is the integration of security features, which are now critical to any SD-WAN portfolio. Integrating these security services is giving way to newer Secure SD-WAN and Secure Access Service Edge (SASE) offerings, which are addressing today's evolving security and networking requirements.
SD-WAN is a popular technology because it has proven to deliver as advertised. But SD-WAN alone does not solve all of today’s enterprise challenges. Cybersecurity remains a dynamic concern, but the industry is realizing that security functionality needs to be tightly integrated into the network fabric, which is where Secure SD-WAN comes in. And SASE takes this a step further. SASE is not a new technology offering, but a more rigorous and strategic approach for tightly integrating several existing security technologies. Some of these key security functions associated with Secure SD-WAN and SASE include secure web gateways (SWGs), cloud-based firewalls (FWaaS), cloud access security brokers (CASBs), and Zero Trust Network Access (ZTNA). These technologies are merging under a common control interface and policy management that enable secure connectivity between endpoints and resources from any location.
Today's dynamic secure connectivity and access needs require a tightly integrated and converged networking/security/policy framework that can be used by enterprises and service providers. Secure SD-WAN matches this framework, which is used to securely connect digital assets regardless of their location. With the increase in cloud consumption, many enterprises now have more users, devices, and data located outside of the traditional organizational perimeter than inside it. Decreasing the need for backhaul has been a driver of SD-WAN services since they optimize application routing to cloud resources as efficiently as possible. This means advanced Secure SD-WAN platforms can be used to effectively connect cloud-delivered security resources.
The need to address security and QoS issues, such as latency, are significantly increasing as more mission-critical applications migrate to the cloud. These can be conflicting requirements, however, considering the compute resources and time needed to decrypt and inspect all encrypted traffic to and from the cloud. The need for finer grain access controls that evaluate the security posture of the endpoint requesting access to resources can also increase latency.
Today’s requirements for highly secure, low latency access to digital assets regardless of location requires a tight integration of networking and security capabilities. SASE can deliver on this need when it offers cloud-based security services tightly integrated with a global fabric of PoPs that leverage Secure SD-WAN. Rather than driving traffic to the data center for inspection, Secure SD-WAN and SASE can place inspection engines at nearby PoPs. Endpoints connect to local PoPs based on identity and context, and traffic is inspected and efficiently forwarded as appropriate through the Internet or provider backbone. The design connects mobile and fixed users, whether managed or unmanaged, with resources in private datacenters or in the cloud.
As mentioned earlier, SASE is not a new technology, but instead the integration of several existing technologies. Large networking incumbents have taken notice of these trends and advantages offered and are acquiring many smaller SD-WAN and security companies. But the challenge they face is that the various security pieces of SASE have to be tightly interoperable with the underlying SD-WAN architecture.
SASE solutions need to effectively support a stack of security and networking services that can be delivered based on policy and use case. Your chosen SASE solution must deliver the low latency and scalability that is inherent in creating a stack of network security capabilities that can be used with a "single-pass" architecture that runs multiple policy engines in parallel rather than as a series of discrete inspections. Finally, the SASE solutions that offer true multitenancy enable cloud providers to spread costs over multiple customers to create attractive cost structures. The degree that a SASE solution offers true multitenancy is an important consideration.
Secure SD-WAN and SASE are attracting attention because they address today’s enterprise pain points. SASE does not require organizations to fundamentally change the way they approach IT. It enables organizations to evaluate where their resources reside and gives them the security and networking capabilities to address where current trends have already taken them and can support their future goals.