The COVID-19 pandemic, and the sudden surge in remote workers it caused, is leading a growing number of network managers to wonder if their current SD-WAN deployments are up to the task of providing long-term fast, reliable, and secure connectivity to an increasingly dispersed workforce. Many network leaders are concluding that it now makes sense to switch to Secure Access Service Edge (SASE), a network technology that builds on and improves SD-WAN security, management, and performance features.
SD-WANs were a major step forward in safely and cost-effectively connecting multiple remote networks, explained Brad Willman, CIO of Entrust Solutions, a technology and staffing services provider. "However, without the help of third-party applications, SD-WANs cannot control certain security features, such as VPN remote access and web gateways," he noted. "SASE is an improvement on SD-WAN that smoothly integrates the security tools its predecessor lacked."
SASE represents the 'cloudification' of network security in a manner analogous to the way software-defined networking (SDN) is transforming network infrastructure, observed Marc Cohn, head of network virtualization for network testing firm Spirent Communications. Both SASE and SDN utilize virtualization networking, the widespread availability of powerful and low-cost cloud resources. "Migration to SASE is also fueled by increasingly complex security challenges coupled with the increased adoption of managed services," Cohn added. "SASE, in many ways, represents a 'security as a service' model."
SD-WANs require multiple third-party security applications to keep networks safe, an approach that makes it relatively easy for gaps to appear within a company’s cybersecurity infrastructure. "SASE helps to bridge these potential risks by incorporating all necessary cloud security into one solution," Willman said. "Furthermore, SASE helps to cut down on administrative complications and cybersecurity costs."
By consolidating security services, SASE effectively eliminates the complexity created by multiple edge appliances and cloud-based solutions while facilitating a more streamlined operational approach, said Jason Viera, CTO of Carousel Industries, an IT, managed services, and cloud services provider. "SASE improves visibility, performance, and security posture when organizations bring NetOps and SecOps together in a meaningful manner."
SASE also offers several other important advantages over SD-WAN, including centralized, policy-based administration that streamlines operations throughout the lifecycle, Cohn observed. Additionally, by exploiting benefits provided by the edge, SASE allows protection to be tailored to the needs of individual organizations, environments, and even websites. There's also another important benefit to SASE. "A reduction in costs, which is essential for any new technology," Cohn stated.
Viera suggested that organizations should take an iterative crawl, walk, and run approach to SASE deployment. "SASE, as an end-to-end offering, minus a few exceptions, is still very nascent, currently requiring many disparate solutions to achieve the desired outcome," he said. "Organizations will have to evaluate their current investments in SD-WAN and security solutions to create a roadmap that will, over time, move them toward a SASE architecture."
One of the biggest challenges facing SASE adopters is a lack of standardization, which can create significant confusion for any enterprise considering a transition to the new technology. "This was also seen in the early days of SD-WAN when concepts, labels, vocabulary, use cases, and so on all lacked a common language that leveled the playing field so that apples-to-apples comparisons could be made by buyers of a managed SD-WAN service," observed Pascal Menezes, CTO at MEF, a non-profit industry consortium that promotes the adoption of assured and orchestrated connectivity services. MEF is now planning to standardize SASE with a framework and services definition, "expanding upon all of our SD-WAN work over the past few years," Menezes said.
Menezes reported that MEF is preparing to release a white paper that will describe how the organization proposes to bring its work in software-defined networking, security, and policies to advance SASE framework and services standardization.
Like many early-stage network technologies, SASE is surrounded by a rapidly rising tide of vendor hype. To emerge as a mature technology, SASE will need to undergo additional scrutiny by open standards and open source leaders, Cohn said. He also noted that SASE proponents will need to establish a normalized language for proprietary concepts, best practices that new adopters can readily adopt, and address the challenges inherent in a multi-vendor environment.
The pandemic has forced many organizations to alter their daily operations, including a massive increase in remote workers. "For some companies, these alterations might be short term, but for others ... they will permanently change the company's structure," Willman observed. "Technologies such as SASE, which greatly improves cybersecurity for teleworkers [in] geographically separated office branches and other remote users, will likely become more crucial for successful business operations as we move into the post-pandemic business world."
Related Network Computing articles: