Networking and security functions are becoming increasingly integrated.
With networks serving the critical need of carrying all the traffic for business and consumer applications, this trend will accelerate as more organisations move towards a secure access service edge (SASE).
Before we dismiss SASE as yet another overhyped buzzword, let’s consider what it is and what it means. SASE isn’t a particular technology per se, but rather an increased integration of network and security services at the “service edge.” This is where devices and networks are connected. Most importantly, it represents services using a cloud software model, which includes a variety of networking and security functions.
If this doesn’t sound familiar, it should be. SASE is following in the footsteps of the remarkably successful SD-WAN market, which we recently estimated is growing at a compound annual growth rate of 34 per cent. SD-WAN succeeded because it embraced a very simple concept - make lives easier for network and IT managers by enabling them to manage their networks using software from the cloud via a single, centrally managed WAN edge platform.
In our ongoing discussions with end users, automation and orchestration functions rank high as strategic drivers of SD-WAN technology. This technology will now be able to do the same for SASE functions by delivering a more manageable, software-defined platform for integrated security and network services, all centrally managed and delivered from the cloud.
I recently had an interesting discussion with David Hughes, founder of Silver Peak and senior vice president of the WAN business at Aruba, about how the drive to accelerate digital transformation and adopt cloud services isn’t just changing networking, it’s also changing security.
The company’s SD-WAN edge platform enables customers to move from data centre centric, MPLS based WANs, to cloud-centric WANs that fully leverage the internet. David said that customers are now asking to help them shift from a traditional perimeter-based security model to a SASE approach, leveraging this platform. This on-prem, zero-trust WAN edge complements cloud delivered security services from their vendor of choice, with all security policy controlled via a single orchestrator.
How SD-WAN becomes a foundation for SASE
In short, SD-WAN is becoming a cloud-programmable platform for security and SASE components. It’s the swiss-army knife for the enterprise edge.
With the constant explosion of devices, high-speed connectivity and cloud-based services, network managers, IT managers and CISOs have become overwhelmed with the number of security tools and alerts they need to manage. In parallel, they want the freedom to make investments in both networking and security technologies that best align to their changing business requirements. Here, it makes sense to combine the efforts.
The answer lies in driving more automation and integration into networking and security at the same time – the same strengths that brought SD-WAN to market.
There really isn’t any reason for security to be separated from the network. The network carries all the data being connected to cloud applications, so represents a rich resource for analytics and correlations. Security solutions can be deployed into the network directly to detect and respond to anomalies in activity.
According to our recent survey, the top four benefits of SD-WAN adoption are improved security, better management/agility, bandwidth optimization/cost savings and faster cloud application performance. All now come in one package – a SASE-enabled SD-WAN.
Industry consortium MEF defines a SASE service as "connecting users (machine or human) with applications in the cloud, while providing connectivity performance and security assurance determined by policies set by the subscriber."
Users gain a better way to adopt, orchestrate and manage these discrete security components, plugging them into the network and managing with software – at the same time with SD-WAN.
Greater choice of technology
One of the biggest upsides in the convergence of SASE with SD-WAN is that it gives enterprises broad freedom of choice to adopt popular cloud security solutions, which can be integrated with SD-WAN deployments.
Using an advanced SD-WAN edge platform, end users can set up, orchestrate and manage third-party cloud security software that is integrated directly into the networking provisioning process. This saves valuable time in the configuration and management of security policies, while expanding the options for security functionality as cloud-delivered services.
New cloud-based security solutions are exploding. SaaS-based architectures give organisations an easy path to integrate and deploy third-party cloud security software using SD-WAN orchestration and management. SaaS functionality that can be quickly adopted in an SD-WAN architecture include cloud access security brokers (CASB), secure web gateway (SWG), firewall as a service (FWaaS) and zero trust network access (ZTNA) – often also referred to as a software-defined perimeter (SDP).
Some of the most popular new tools, such as Zscaler or Netskope security services in the cloud, can be deployed using automated orchestration within the SD-WAN management console.
This ecosystem gives enterprises the benefit of expanding innovation using best-of-breed SASE components, while consolidating management and orchestration layers on the network level.
There’s no doubt that SASE is the future of network security. The market is already expanding rapidly through technology alliances and should ease interoperability concerns as partner testing and certification programs come to market. Some vendors like Aruba have already extended their orchestration capabilities to integrate third-party cloud security services.
Enterprises can now automate consistent, network-wide security policies that combine the advantages of an advanced zero trust WAN edge on-prem, with cloud-delivered security services from their vendor of choice.