Modern IT environments are highly distributed, with applications spread across private data centers, multiple public clouds, and numerous edge locations. At the same time, hybrid work initiatives remain in place, and employees are distributed across corporate, home, and remote locations. Also, IoT and Industrial IoT mean more connected devices in virtually any location.
The key to making these complex environments work effectively is ensuring that all applications, employees and devices are securely connected. That’s easier said than done. Legacy network and security architectures—such as hub-and-spoke topologies and castle-and-moat models—forced all traffic through the data center security stack. This offered a high level of security, but caused performance issues, especially when connecting to cloud-based apps.
To solve these problems, SD-WAN technology was developed, allowing organizations to bypass the security stacks of data centers and provide direct internet access from remote locations. Although SD-WAN technology offered some level of security by being able to segment traffic, its security posture evolved over time: Vendors built ecosystems with security vendors to enable one-click integration with cloud or on-premises deployments enable.
Enterprises today are working to create a more robust framework of integrated security and network technologies called the Secure Access Service Edge (SASE). This is essentially a combination of SD-WAN and other network technologies and security services, the latter now being referred to as security edge (SSE). SSE includes a range of security features to provide the required level of secure connectivity with features such as Zero-Trust Network Access (ZTNA), Data Loss Prevention (DLP), Cloud Access Security Brokers and more.
In the future, network and security vendors are working to enable tighter integration with third-party vendors or provide a fully integrated product with SD-WAN and SSE. With the rapid adoption of SD-WAN to support direct internet access, organizations can leverage existing products to serve as the foundation for their SASE implementations. This applies to both do-it-yourself and managed services implementations.
If you’re still in the planning stages for an integrated SASE deployment, you’re not alone. Last year, just over a third of respondents to an Enterprise Strategy Group (ESG) survey said they had started implementing a SASE framework and products. Just over half (55%) said they plan to use SASE, but it may take some time before anything is implemented.
Starting with SD-WAN for the network-first approach
Why do we think SD-WAN is a good place to start? When ESG asked companies about the technologies they would adopt, SD-WAN was in the top three choices overall and the best answer for companies that were taking a network-centric approach to SASE, as opposed to a security-centric or converged approach.
The SD-WAN ranking in the top three also makes sense when you consider the top five networking use cases. Given the complexity of these environments, it’s not surprising that improving operational efficiencies through centralized cloud-based management is the number one answer, closely followed by optimizing global connectivity, providing direct internet access for remote locations and employees, and streamlining the available bandwidth . Note that more than a third of respondents said they will use the technology to enable secure connectivity for remote workers and locations.
SD-WAN as a SASE foundation
SD-WAN can also offer great value for organizations that aren’t ready to go all-out when it comes to security. Organizations that choose to take a hybrid approach to SASE—based on each site’s needs and existing security technology—can leverage SD-WAN hardware to host third-party or peer-to-peer products while achieving operational efficiencies and reduced costs . This still enables organizations to migrate to the cloud when they are ready, while maintaining an optimized security posture.
Managed Service Providers (MSPs) and Telcos also want to extend their value to organizations already using managed SD-WAN services; Combing through these additional security features is a great way to deliver additional value and implement a SASE framework. Given their experience with universal customer premise equipment, these vendors should be well-positioned to add value to SASE through either a hybrid or cloud-based approach and migrate easily between the two.
SD-WAN can be the basis for building a SASE framework. However, it is imperative for organizations to understand what networking and security capabilities their chosen SD-WAN vendors or MSPs have today (third-party or in-house) and will have in the future to enable a seamless transition to a full SASE implementation. This includes evaluating how all these technologies integrate and whether a multivendor approach or a fully converged approach is more desirable for the business.
Ultimately, it’s about providing secure connectivity in a highly distributed, modern IT environment. With increasing complexity and the need to bring security and network operations teams together, organizations must work diligently to address cultural and procedural challenges to ensure operational efficiencies and ultimately positive customer experiences, no matter where applications or users reside. Ultimately, SD-WAN should enable organizations to deploy a robust SASE framework best suited to their environment.
SD-WAN is an easy first step to improve security and experience for all remote offices. Businesses need to understand that SD-WAN and SASE are not an either/or proposition. However, it is important to adopt an SD-WAN platform that enables the seamless deployment of a SASE framework. SD-WAN should be an intermediary, not an obstacle, and it’s an easy first step in an organization’s journey to SASE.
ESG is a division of TechTarget.