Desperately Seeking SASE: SD-WAN and Security Converge
Networking and security functions are becoming increasingly integrated, a trend that should have major benefits for networking and Information Technology (IT) managers. With networks serving the critical need of carrying all the traffic for business and consumer applications, you can expect this trend to accelerate with a movement known as secure access service edge (SASE).
Before we dismiss SASE as yet another overhyped buzzword, let’s take a minute to consider what it is and what it means. SASE isn’t a particular technology per se, but rather the description of increased integration of network and security services at the “service edge,” which is where devices and networks are connected. Most important, SASE instantiates services using a cloud software model. These services can include a variety of networking functions as well as security functions.
If this doesn’t sound familiar, it should. SASE is following in the footsteps of the remarkably successful SD-WAN market, which Futuriom recently estimated is growing at a compound annual growth rate of 34%. SD-WAN succeeded because it embraced a very simple concept – make lives easier for network and IT managers by enabling them to manage their networks using software from the cloud via a single, centrally managed WAN edge platform.
In our ongoing discussions with end users, automation and orchestration functions rank high as strategic drivers of SD-WAN technology. SD-WAN technology will now be able to do the same for SASE functions by delivering technology practitioners a more manageable, software-defined platform for integrated security and network services, all centrally managed and delivered from the cloud.
“The drive to accelerate digital transformation and adopt cloud services is not just changing networking, it’s also changing security,” said David Hughes, founder of Silver Peak and senior vice president of the WAN business at Aruba. “With SD-WAN, we have enabled our customers to move from data center centric, MPLS-based WANs, to cloud-centric WANs that fully leverage the Internet. Now customers are asking to leverage our edge platform to help them shift from a traditional perimeter-based security model, to a SASE approach. Our on-prem, zero-trust WAN edge can complement cloud delivered security services from their vendor of choice, with all security policy controlled via a single orchestrator.”
How SD-WAN Becomes a Foundation for SASE
In short, what’s happening is that SD-WAN is becoming a cloud-programmable platform for security and SASE components. It’s the Swiss Army knife for the enterprise edge.
With the explosion of devices, high-speed connectivity, and cloud-based services arriving on a daily basis, network managers, IT managers and chief information security officers (CISOs) have become overwhelmed with the number of security tools and alerts they need to manage. In parallel, they want the freedom to make investments in both networking and security technologies that best align to their changing business requirements. Here, it makes sense to combine the efforts.
The answer lies in driving more automation and integration into networking and security at the same time – the same strengths that brought SD-WAN to market.
There really isn’t any reason for security to be separated from the network. The network itself carries all the data in the world being connected to cloud applications, so it represents a rich resource for analytics and correlations. Security solutions can be deployed into the network directly to detect and respond to anomalies in activity.
According to Futuriom’s recent survey research, the top four benefits of SD-WAN adoption are improved security, better management/agility, bandwidth optimization/cost savings and faster cloud application performance. All of these benefits can come in one package – a SASE-enabled SD-WAN.
Industry consortium MEF defines an SASE service as “a service connecting users (machine or human) with applications in the cloud while providing connectivity performance and security assurance determined by policies set by the subscriber.”
Applying a SASE model, users will get a better way to adopt, orchestrate, and manage these discrete security components, plugging them into the network and managing them with software – all along with SD-WAN at the same time.
Best-of-Breed Technology
One of the biggest upsides in the convergence of SASE with SD-WAN is that it gives enterprises broad freedom of choice to adopt popular cloud security solutions, which can be integrated with their SD-WAN deployments.
Using an advanced SD-WAN edge platform, end users can set up, orchestrate, and manage third-party cloud security software that is integrated directly into the networking provisioning process. This will save valuable time in the configuration and management of security policies, while expanding the options for security functionality as cloud-delivered services.
New cloud-based security solutions are exploding, and a SaaS-based architecture gives practitioners an easy path to integrate and deploy third-party cloud security software using SD-WAN orchestration and management. Some of the SaaS functionality that can be quickly adopted in an SD-WAN architecture includes cloud access security brokers (CASB), secure web gateway (SWG), FWaaS, and zero trust network access (ZTNA) – often also referred to as a software-defined perimeter (SDP). Some of the most popular new tools, whether it’s something like a Zscaler or Netskope security service in the cloud for example, can be deployed using automated orchestration within the SD-WAN management console.
This ecosystem gives enterprises the benefit of expanding innovation using best-of-breed SASE components, while consolidating their management and orchestration layers on the network level. The SASE market is already expanding rapidly through technology alliances and should ease interoperability concerns as partner testing and certification programs come to market. Some vendors like Aruba have already extended their orchestration capabilities to integrate third-party cloud security services, enabling enterprises to automate consistent, network-wide security policies that combine the advantages of an advanced Zero Trust WAN edge on-prem, with cloud-delivered security services from their vendor of choice.
Make no mistake about it, SASE is the future of network security.
Silver Peak, now part of Aruba, has been named a leader for a third consecutive year in Gartner’s 2020 Magic Quadrant for WAN Edge Infrastructure. Get the full report.
Copyright © 2021 IDG Communications, Inc.