In the ever-evolving landscape of networking and security, two buzzwords have been making the rounds: software-defined wide area network (SD-WAN) and secure access service edge (SASE). With the confusion surrounding them and SASE (the newer of the two), you may wonder: “Does SD-WAN have a future in a SASE world?” Let’s explore the benefits of SD-WAN, the hype around SASE, how they fit together, and whether SASE is an automatic choice for all SD-WAN customers.
The Emergence of SD-WAN
SD-WAN emerged around 2014 as a natural evolution of WAN technology, solving problems associated with network security, scaling, and management that organizations experienced with the internet and virtual private networks (VPNs). It was in response to the growing need for a more agile, open, and cloud-based network architecture that could adapt to the increasing cloud adoption and growing bandwidth requirements of modern businesses, without blowing the budget.
By leveraging different types of connections, including broadband internet and LTE/5G, SD-WAN enables organizations to create a single network infrastructure that significantly reduces the lengthy provisioning times and costs associated with traditional MPLS networks.
The Benefits of SD-WAN
SD-WAN offers several other benefits that have contributed to its adoption, including centralized management, cost efficiency, enhanced performance, and improved security.
- Centralized management: SD-WAN allows companies to set the same policies across all network devices, making it easier to manage the network via a graphical dashboard. Centralized management simplifies the administration of network policies, reducing the time and effort required to manage the network.
- Cost efficiency: SD-WAN transitions companies away from expensive private circuits to the cheaper transports, making it a cost-efficient solution. By leveraging broadband internet and cheaper connections, SD-WAN can significantly reduce the costs associated with traditional MPLS networks.
- Enhanced performance: SD-WAN supports diverse connection types, boosting bandwidth and performance while simplifying administration. Intelligent path selection techniques route traffic over the most efficient path, improving application performance and the user experience.
- Improved security: SD-WAN provides robust protection against a wide range of threats, enabling the transformation of routers into multilayered security devices with application-aware enterprise firewalls, intrusion prevention systems (IPS), URL filters, and continuous DNS monitoring.
The Rise of SASE
As SD-WAN was catching on in the networking world, SASE emerged in 2019 and began gaining traction. It represents a new approach to networking and security to address the challenge of mass cloud technology adoption and the increasing need to manage and secure the explosion of cloud application traffic.
SASE is the convergence of wide area networking and network security services into a single, software-defined security architecture for highly distributed applications and users. Solutions comprise multiple components, including SD-WAN, cloud access security brokers (CASB), firewall as a service (FWaaS), secure web gateways (SWG), and zero-trust network access (ZTNA), all delivered as a single cloud service at the network edge. In addition, many SASE solutions include antivirus/malware inspection, VPNs, data loss prevention (DLP), and other security capabilities.
The Hype Around SASE
Here’s why SASE is creating a buzz:
- Converged services: SASE consolidates numerous networking and security functions in a single, integrated cloud service, reducing complexity and improving speed and agility by simplifying the network architecture and making it easier to manage and secure.
- Cloud-based security: SASE extends control to devices and remote users, providing converged, cloud-delivered, managed security services. This cloud-native approach enables organizations to secure their networks irrespective of the location of devices or users.
- Identity-based security: SASE capabilities are delivered as-a-service based on the identity of the entity, real-time context, and enterprise security and compliance policies. An identity-centric approach to security ensures that the right users have the right access to the right resources at the right time.
How SD-WAN and SASE Fit Together
SD-WAN and SASE are complementary, not competing, technologies. SD-WAN is a subset of SASE, delivering important networking functionality while SASE goes further by converging SD-WAN with other network and security services to create a holistic WAN connectivity and security fabric.
SD-WAN focuses on securely connecting an organization’s branch offices to the data center, while SASE extends this focus to endpoints and end-user devices, inspecting traffic at various global points of presence (PoPs) rather than backhauling traffic to the data center.
SD-WAN is a critical building block for delivering a more flexible and secure network ecosystem. It’s a standalone solution that’s leveraged by SASE to manage, control, and monitor connectivity among data centers, branches, and edges.
In contrast, while SASE offers numerous benefits, it’s not a one-size-fits-all solution and not a solution all organizations need to deploy. Organizations should carefully evaluate whether deploying a SASE solution would be beneficial and base their decision on their own specific needs and circumstances, including factors such as cloud adoption, the size of their remote workforce, the complexity of their network, and their distributed security requirements.
Prospective users should also recognize that the transition to SASE takes time as IT rethinks the best way to connect a remote workforce to distributed applications and information resources. Implementing a SASE solution requires careful planning and consideration. Organizations need to assess their existing technologies, determining what can be repurposed within a SASE framework and what needs to be replaced.
Additionally, it’s important to note that while some vendors offer all-inclusive SASE solutions, some organizations may need to integrate multiple solutions from different vendors. Smaller organizations with IT teams that handle both networking and security may choose to deploy a unified SASE solution as it’s easier for them to deploy, manage, and troubleshoot. However, larger organizations with significant networking and security investments may prefer a more modular approach.
Clearly, SD-WAN does have a future in a SASE world. They are complementary technologies, with SD-WAN serving as a foundational component of SASE. While the transition to SASE will occur gradually, SD-WAN can offer significant benefits in terms of cost-efficiency, enhanced performance, and improved security. As the landscape of networking and security continues to evolve, the integration of SD-WAN and SASE will likely play a significant role in shaping the future of this industry.
To learn more, take a look at GigaOm’s SD-WAN Key Criteria and Radar reports. These reports provide a comprehensive view of the market, outline the criteria you’ll want to consider in a purchase decision, and evaluate how a number of vendors perform against those decision criteria.
If you’re not yet a GigaOm subscriber, you can access the research using a free trial.