Convergence of Security and WAN Architecture: Why Has SASE Emerged?

The way we work continues to evolve. Whether you’re working at a company's headquarters, a remote location, or have a hybrid setup, an employee expects uninterrupted access to technical resources. This shift, driven by the adoption of cloud technologies and increasingly more dispersed teams, has accelerated the evolution of Wide Area Networking (WAN) into the flexibility and agility of Software Defined WAN (SD-WAN). 

However, the ability of SD-WAN topology to transcend physical and organizational boundaries has left it vulnerable to cyber threats – hence the demand for enhanced security measures, and the rise of Secure Access Service Edge (SASE).

What is SD-WAN, and Why Do Businesses Love It?

To understand the logic of SASE, it’s necessary to understand SD-WAN. We’ve written several articles about SD-WAN, but here’s a primer on the basic structures, overlay, and underlay of SD-WAN.

Within these basic structures, though, SD-WAN providers can (and do) create complicated products and services that overlap and blur the lines that define what SD-WAN is. Fortunately, Gartner has come to the rescue, providing a handy list of the attributes you can expect from a software defined wide area network.

Licensed software. As a bare minimum, SD-WAN software should include the following features.

• Routing functionality (e.g., Border Gateway Protocol, or BGP)

• Application-aware dynamic path selection (such as Layer 7 traffic steering)

• Virtual private network functionality (VPN)

• A basic firewall

• Form factors for branch, data center, and cloud locations

• Dedicated SD-WAN appliances with integrated software

• Software deployed on third-party hardware as a virtual network function (VNF), virtual machine (VM), or container

• Software deployed in the public cloud

An orchestrator. Either on-premises or in the cloud, the orchestrator manages and gives visibility into the SD-WAN network, providing the following.

• Configuration (typically zero-touch)

• Network management

• Analytics and visibility

• Troubleshooting functionality

• Reporting

• API support

Advantages of SD-WAN

Ease of Connectivity Procurement

SD WAN’s ability to run on almost any network underlay (including MPLS connections that might already be part of your network infrastructure) means that it’s easy to procure connectivity for your SD WAN. Fiber, coax, fixed wireless, satellite – it’s all good. 

Lower Network Connectivity Costs

The value headlines of SD-WAN are hard to ignore – compared to the traditional business network solution of MPLS, SD-WAN can save you between 50% and 84% on your networking costs.

These savings depend on your choice of overlay and underlay, which, in turn, relate to your geographical location, business need, and local infrastructure – nevertheless, you can expect to make sizable savings.

It’s also common for businesses migrating to SD-WAN to achieve improvements in their throughput and bandwidth.

Ease of Management

As a software-defined solution, SD-WAN has been designed with the needs of IT network administrators in mind. Most SD-WAN solutions are managed by either an online or locally hosted graphical user interface (GUI). 

This provides visibility and control, all the way to the application layer, and it’s usually packaged in an intuitive and user-friendly user interface.

What is SASE?

Secure Access Service Edge, or SASE, is another acronym prone to abuse and misuse from vendors, so once more we’ll call on Gartner to offer some clarity on the definition, courtesy of their market guide for single-vendor SASE.

There are three primary models for your SASE adoption.

• Single-vendor offering, managed by the customer

• Single-vendor offering, fully managed by the vendor

• A two-vendor arrangement, with one vendor providing the SD-WAN, and another providing Security Service Edge (SSE) services as a security add-on.

SASE allows the integration of traditionally separate network capabilities and tools with vital security functions like firewalling, intrusion detection and prevention, data-loss prevention, and secure web gateways. Combining network and security in this way helps reduce complexity and makes both functions easier to manage.

Typically, a cloud-centric environment, you can expect the key security elements to include the following.

• Secure Web Gateways (SWG), providing features such as URL filtering, Application ID and control, malware protection, and firewalls.

• A Cloud Access Security Broker (CASB), which automatically controls access and verifies users across the network.

• Zero Trust Network Access (ZTNA), which ensures no users can access files, folders or applications unless specifically granted access.

A successful SASE adoption usually results in an improved user experience – the SD-WAN component provides better network performance and connection to the day-to-day business-critical applications and processes. The SSE features of SASE reduce the risk of cyber-security incidents across the entire network and provide visibility into your security posture and vulnerabilities. Navigating this transformation is where the Lightyear Telecom Operating System comes into play. As well as evaluating your enterprise migration, Lightyear can help early adopters of SD-WAN ensure they’re still getting the best deal for their evolving business needs. If you’re investigating SASE options, our platform can give you the data and context you need to guide your decisions.