With almost no notice, IT staff across the globe had to deliver on one of the greatest challenges in modern history, when the whole planet was thrown into working from home (WFH) and conducting business virtually because of the pandemic. Software-defined WAN (SD-WAN) technologies and services were already being deployed prior to the pandemic, but now SD-WAN and emerging security and policy technologies such as Secure Access Service Edge (SASE) were being put to the test and had to prove their worth. It’s helpful to examine the progression of SD-WAN and related security technologies to set the stage for what’s ahead in 2022 and beyond.
What is SD-WAN, and why is it so promising for so many organizations’ networking initiatives? Simply put, SD-WAN is traditional overlay VPN technology on steroids. Using software-defined network (SDN) principles, SD-WAN provides application awareness with visibility and centralized policy control from an operational model. SD-WAN steers and prioritizes application traffic based on first, classifying applications correctly, and then applying flexible performance traffic steering policy objectives to ensure that applications can perform against their given goals.
SD-WAN deployments come in many form factors, from software-only to appliances of various cost points to hybrid and fully-managed services. In the WFH use case, IT staff can configure the experience for a given user group via centralized policies delivered by SD-WAN software on employees’ computers or by small, inexpensive appliances inserted into the home network that prioritizes company traffic from family traffic (i.e., Netflix and gaming).
As the enterprise network model evolves with WFH in the mix, organizations must ensure that employees working remotely can securely access company resources from any location and device. Security has quickly become the “killer app” for SD-WAN.
Traditionally security is designed with many appliances deployed within the perimeter of all enterprise sites to keep out threat actors. However, WFH removes company boundaries, and organizations need to provide the same level of security for the home office as for the larger office sites. Providing secure user access to resources can be done using two approaches. The first approach, secure SD-WAN, applies security functions within the SD-WAN appliance right at the user’s home. Various security functions live close to the user and are single tenant in nature (i.e., all security functions are assigned to the user and to the company for which they work). The challenge with this model is determining how to size the appliance so that it’s cost effective and doesn’t impact performance.
The second approach to securing SD-WAN is the new kid on the block, SASE. SASE moves the security function to the cloud in the nearest edge computing environment to the user's home. So, exactly what is it? SASE shares the resources of an edge cloud with multiple tenants, optimizing resources and security functions for multiple subscribers. Security functions can be shared between many subscribers in a multi-tenant model and scaled using cloud-native microservices architectures.
The most important aspects of SASE are:
- Located close to the user, application, and/or device to reduce latency
- Provides identity and access management to access the SASE cloud
- All traffic gets scrubbed through the SASE cloud regulated by Zero Trust policies, which include context, for example, time of day and location. (Zero Trust is a perimeterless IT security model that eliminates the notion of trust to protect networks, applications, and data.)
- Access to the SASE cloud from the user, device, and/or application via SD-WAN
SD-WAN, Secure SD-WAN, and SASE Standardization
The market looks promising for both the SD-WAN technology market and managed services market. Appledore Research estimates the total market for SD-WAN services will reach at least $22B in 2027. However, lack of common terminology and standards slows SD-WAN adoption, as proprietary solutions are developed, and confusion exists over the “flavors” of technologies and services. With SD-WAN service and related security standards now available, the industry has the definition and vocabulary of how a managed SD-WAN service should behave, which helps to eliminate confusion, provides assurance in the services offered, and helps propel the market.
So, is SD-WAN and SASE hype or reality? SD-WAN is real—it’s here today, and we'll see greater growth and deployment in 2022. Secure SD-WAN is real and being deployed today in some enterprises. SASE and Zero Trust are still in the hype and state-of-confusion state.
In 2022 and beyond, many secure SD-WAN and SASE deployments will be offered as managed services from a service provider with cloud-native technologies. How will enterprise IT professionals be assured of the services they are receiving? What is the common language, construct, labels, vocabulary, etc., that can be used to compare managed service offerings? The good news is that with available standards and new standards coming in 2022 to define SASE and Zero Trust, customers will be better informed to compare services and understand key definitions and frameworks when purchasing secure SD-WAN and SASE managed services.
Pascal Menezes is Chief Technology Officer at MEF.