SD-WAN in the SASE world

Coined by Gartner last year, Secure Access Service Edge (SASE) is a term that combines network security functions with wide area network (WAN) capabilities to support the dynamic secure access needs of organisations. But why is it important when many decision-makers are still coming to grips with software-defined networking (SD-WAN) and edge security services?

To understand the impact of SASE one must first get a top-level view of the state of the networking market. On the one side, there has been an influx of focused SD-WAN vendors who have been adding security as part of their offering. On the other, there are the incumbent security vendors who have decided to introduce SD-WAN functionality to their product stack.

The latter see it as a feature while the former understand its complexities given the cloud-based nature of their approach. In an SD-WAN environment, applications must be streamlined across the network and have security integrated (either natively or through service chaining ). The challenge with the most incumbents is that they want to deliver all security aspects through their own brand irrespective of whether that is best suited to the platform, application, or device.

Most SD-WAN vendors are all about choice. They give customers the freedom to service chain their own security solutions into the mix, giving them the best of both worlds. SASE is an evolution of this approach as it gives the SD-WAN vendors the ability to choose which security vendors they partner with. In fact, the SD-WAN discussions of today will make way for SASE discussions in the future. As more data moves into the cloud and edge computing grows, attention will increasingly turn to network optimisation and security throughout the data journey.

And it is in this space where SASE can play an important role.

A new dynamic

Given the nature of their business, security vendors will also focus on security often to the detriment of the SD-WAN. Understanding how an application functions over the network will be a precursor to deploying the right security functionality for the organisation.

Cynics argue the SASE classification gives those incumbent security vendors more license to ‘bully’ their way into network discussions. However, the choice aspect of security must never be forgotten. Already, SD-WAN vendors are introducing more built-in functionality into their offerings in order to combat this security-led tactic by the security vendors. Expectations are that there will be consolidation between security and SD-WAN vendors with mergers and acquisitions becoming par for the course.

But there is still significant education required to happen in the market around SASE. It is easier for larger corporates with more resources to embrace. For mid-market companies and SMEs, a term like SASE just adds to their confusion. For them, it is not about having to worry about the bits and bytes of security, SD-WAN, or SASE. They just want their networks to work, be secure, and effectively transfer and manage data.

Partner approach

This means that finding a trusted partner who understands the business roadmap and is willing to work with the customer to evolve their network and security requirements is fundamental to getting SASE done right.

It is not good enough to look at current needs, but also remain cognisant of how the network of the company will evolve in the future. Working with a partner that goes beyond a traditional single vendor option helps to give the business a variety of choices better suited to requirements. Sure, ticking boxes might be fine for the short-term, but organisations can look to trusted partners, to help them find ways, and deploy solutions that secure their technology investments for the future.

Ensuring the success of SASE in the future requires an intimate understanding of what is currently working on the network, how it is secured, and how it will have to evolve as the digital market continues changing.

Greg de Chasteneuf, CTO at Saicom