SASE Reality Check: Security and SD-WAN Integration Journey

By: Nav Chander, Head of Service Provider SD-WAN/SASE Product Marketing at Aruba, a Hewlett Packard Enterprise company.

Today, enterprise IT leaders are facing the reality that a hybrid work environment is the new normal as we transition from a post-pandemic world. This has meant updating cloud, networking, and security infrastructure to adapt to the new realities of hybrid work and a world where employees will need to connect to and access business applications from anywhere and from any device, in a secure manner. In fact, most applications are now cloud-hosted, presenting additional IT challenges to ensure a high-quality end-user experience for the remote worker, home office worker, or branch office.

Network security policies that are based on the legacy data-center environment where applications are backhauled to the data center affect application performance and user experience negatively within a cloud-first environment. These policies also don’t function end-to-end in an environment where there are BYOD or IoT devices. When networking and network security requirements are managed by separate IT teams independently and in parallel, do you achieve the best architecture for digital transformation?

So, does implementing a SASE architecture based on a single vendor solve all of these challenges?

SASE, in itself, is not its own technology or service: the term describes a suite of services that combine advanced SD-WAN with Security Service Edge (SSE) to connect and protect the company from web-based attacks and unauthorized access to the network and applications. By integrating SD-WAN and cloud security into a common framework, SASE implementations can both improve network performance and reduce security risks. But, because SASE is a collection of capabilities, organizations need to have a good understanding of which components they require to best fit their needs.

A key component of a SASE framework is SD-WAN. Because of SD-WAN’s rapid adoption to support direct internet access, organizations can leverage existing products to serve as a foundation for their SASE implementations. This would be true for both do-it-yourself as well as managed services implementations.Enterprises are operating a hybrid access networking environment of legacy MPLS, business and broadband internet 4G/5G and even satellite.

Today, enterprises can start their SASE implementation by adopting a secure SD-WAN solution with integrated software security functions such as NGFW, IDS/IPS, DDoS detection, and protection. Organizations can retire branch firewalls to simplify WAN architecture and eliminate the cost and complexity associated with the ongoing management of dedicated branch firewalls. The Aruba EdgeConnect SD-WAN platform provides comprehensive edge-to-cloud security by integrating with leading cloud-delivered security providers to enable a best-of-breed SASE architecture. Moreover, the Aruba EdgeConnect SD-WAN platform was recently awarded an industry-first Secure SD-WAN certification from ICSA Labs.

When it comes to SASE and SD-WAN transformations, enterprises may have different requirements. Some enterprises, particularly retail, retail banking, and distributed sales offices that require essential SD-WAN capabilities plus Aruba’s EdgeConnect advanced application performance features, can be included in a single Foundation software license that includes a full advanced NGFW, fine-grained segmentation, Layer 7 firewall, DDoS protection, and anti-spoofing. The EdgeConnect SD-WAN is an all-in-one WAN edge branch platform and includes a Foundation license that is simpler to deploy and support for enterprises with lean IT teams and can replace existing branch routers and firewalls with a combination of SD-WAN, routing, multi-cloud on-ramps, and advanced security. It has the added flexibility for an optional software license for Boost WAN Optimization, IDS/IPS with the optional Dynamic Threat Defense license, and automated SASE integration with leading cloud security providers, which provides a flexible SD-WAN and integrated SASE journey.

Then there are other enterprises that require more advanced SD-WAN features to address complex WAN topologies and use cases. An Advanced EdgeConnect SD-WAN software license includes the flexibility to support any WAN topology, including full mesh and network segments/VRFs to account for merger and acquisition scenarios that require multi-VRF/overlapping IP address capability. The Advanced license supports seven business-intent overlays that allow enterprises to apply comprehensive application prioritization and granular security policies for a wide range of traffic types. Like the Foundation license, the Advanced license also supports the same optional software licenses for WAN Optimization option, IDS/IPS option with Dynamic Threat Defense license, and automated SASE integration with leading cloud security providers.

Many enterprises will benefit from a secure SD-WAN solution that can retire branch firewalls, simplify WAN architecture, and gain the freedom and flexibility benefits of an integrated best-of-breed SASE architecture. Aruba’s new Foundation and Advanced licenses for Aruba EdgeConnect SD-WAN enable customers to transform both their WAN and security architectures with a secure SD-WAN solution that offers all the advanced NGFW capabilities and seamless integration with public cloud providers (AWS, Azure, GCP) and industry-leading SSE providers. This robust, multi-vendor, best-in-breed approach for SASE adoption will mitigate the risk associated with relying on a single technology vendor to supply all the necessary components while enabling a secure cloud-first digital transformation enabling enterprises to embark on their own SASE journey.



Source link