SD-WAN vs. SASE: A Comparison Guide

Everyone loves an acronym, right? 

Not really. But in the right context, understanding the terminology allows you to correctly identify the most suitable solution. And it makes it easier to spot when someone’s trying to sell you a lemon.

In this blog article, we are comparing two of the hottest network architecture options on the market right now – weighing up their similarities and differences – to help you decide on the right option for your enterprise. 

SD-WAN (rhymes with “plan”) = Software-Defined Wide Area Network

SASE (rhymes with “classy”) = Secure Access Service Edge

But What Do These Acronyms Actually Mean?

Good question! And one that some providers find surprisingly difficult to answer. There’s still no universally accepted industry standard definition of these terms, despite strong efforts. 

This lack of clarity leaves customers vulnerable, so if you’re shopping for network options, read on to find out what you’re getting with SD-WAN and SASE.

Let’s start with SD-WAN. 

Say you’re looking to hook up different geographic locations on your network – not just different machines in your building, but different offices and branches, or remote workers. Until recently, using the public internet (i.e., standard broadband) for this task had several drawbacks.  Chief among them were instability and unpredictable performance, which falls well short of the Quality of Experience required for enterprise wide-area networks (WANs).

One of the more effective solutions for site-to-site traffic is Multiprotocol Label Switching (MPLS) – your own private, dedicated network, provided and managed by one carrier. 

MPLS introduced several improvements for site-to-site traffic.  For example, in an MPLS network data packets are “labeled” to make them travel along assigned routes in the network.  MPLS providers set up a series of MPLS routers to ensure that site to site traffic never hits the public internet. In practice, this is the first widely adopted methodology of a middle mile network. This ensures efficiency, and allows you to set priority tags for different kinds of data. Voice and Data calls will be transmitted with the highest prioritization and seek the best route possible. Sensitive information can be kept secure on dedicated private lines. Non business critical applications can be deprioritized so the data does not compete with business critical applications, like voice and video for example..

SD-WAN allows customers to create site-to-site networks very similar to MPLS and some deployments leverage existing MPLS solutions as WAN links. SD-WAN equipment also sets up site-to-site connections over the public internet using proprietary software. There are other bonuses too. It’s waaay more flexible – so you can quickly scale up or alter your network to suit your business needs. And because the whole system is software-based, you aren’t necessarily tied to one carrier.

So, what’s SASE?

Simply put, SASE combines SD-WAN functionality with comprehensive security features, and adds a cloud-centric, middle-mile network for additional security, functionality, and transparency across your WAN.

What Do SD-WAN and SASE Have in Common?

• Independent topology. SD-WAN and SASE are carrier agnostic, meaning the links and nodes are separate from the architecture of your internet service provider.  This allows consumers to select the best available bandwidth option from any available carrier.

• Connect geographically diverse sites. These solutions allow users to securely connect far-flung locations for consistent transmission of data.

• Provide access to corporate-network resources. Users can access any networked features and resources, like shared drives, or LAN portals.

• Flexibility and scalability. As these are software-defined networks, they can be built out or reconfigured with comparative ease.

• Centralized control. One of the great advantages of SD-WAN and SASE over MPLS is the ability to roll out network-wide changes from a single control point.

• Application visibility and control. Both software defined topologies provide a centralized management portal with Layer 7 Application visibility and control.

What Are the Differences Between SD-WAN and SASE? 

SASE provides middle-mile cloud networking as standard. To explain the middle mile, let’s imagine you’re sending something to a cloud-based app.

Once the data leaves your device, it’s transferred to a local Point of Presence (POP). From there, it makes its way to the network server, via various other POPs in different physical locations. This second part of the journey is known as the middle mile. 

A feature regarded as an essential component of SASE is managed-network infrastructure in the middle mile – which means that a SASE provider can offer optimizations beyond your Local Area Network (LAN).

By strategically installing carrier-specific gateways at different geographic POP locations, SASE providers can control connections and routing, and inspect traffic between different endpoints. 

These Gateway POPs can be placed in data centers for maximum access to cloud service providers – which means if your business is heavily reliant on cloud-based apps and services, a SASE network can potentially offer you lowerlatency, packet loss, and jitter.

While some SD-WAN solutions incorporate middle-mile networking, it’s by no means a given. 

SASE = network + security in one platform. Middle-mile management means your SASE can also provide extensive security options (the “secure access” at the “service edge” that spawned the acronym).

Traffic can be inspected at the Gateway POPs, which means SASE networks can include perimeter security along with endpoint and user-identity protections. 

As a result, SASE is often described (and marketed) as an all-in-one solution for both your network connectivity and security needs.

This can provide huge benefits for companies looking to simplify their network- management architecture, however, larger companies with comprehensive security measures already in place may find it difficult to assimilate multiple security systems, and may be better served by a slimmer SD-WAN solution. 

In summary, both acronyms are bywords for network flexibility and control. The addition of middle-mile network management and built-in security features means that SASE can provide reduced latency and better security between branch offices, remote workers, data centers, and cloud-based services.

However, in some settings, SASE might be overkill, creating unnecessary security overlaps and bottlenecks. In these cases, SD-WAN may provide a better fit. 

Deciding on the right topology to suit your enterprise can be a challenge. Get in touch with Lightyear, and we can help scope out a solution based on your needs