SASE, the Future of SD-WAN and Network Security

Featured article by Dennis Thankachan, Lightyear’s co-founder and CEO

SASE is a new way of thinking about traditional WANs (wide area networks), SD-WAN, and network security. In this blog post, we will introduce the SASE (secure access service edge) concept, outline its pros and cons, and explore how SASE will impact the future of WAN protection.

Understanding SASE

Data and system security are serious issues for large organizations, and companies should implement state-of-the-art cybersecurity strategies. SASE is an emerging cloud-based cybersecurity innovation directed at helping digital organizations secure their networks while providing wide-area access to internal systems and applications.

What are the characteristics of a SASE platform?

A SASE platform consists of four primary characteristics that make it a next-generation cloud security solution.

Identity-Based

A unique user identity, rather than an IP address, is associated with every network connection and determines how access rights are determined and security controls are deployed. Identity authentication and access based on roles can help companies develop one set of networking and security policies for users instead of applying different policies to each user based on IP addresses.

Full Edge Support

SASE creates one network for all of a company’s data centers, branch offices, cloud resources, and remote workers. SD-WAN technology handles physical edges, mobile clients, clientless browser access systems, and connects remote workers.

Native Cloud Architecture

The SASE architecture has been designed as a flexible, highly accessible platform. It leverages cloud computing and data scalability to extend service availability across multiple geographical locations.

Globally-Distributed Security

SASE systems ensure that full networking and security capabilities are available everywhere and deliver the best possible experience to all edges since distance-based latency doesn’t throttle speeds.

What Separates SASE from SD-WAN and Cloud-Based Gateways?

SASE is a cloud-based service that combines SD-WAN capabilities with built-in security protocols. SD-WAN by itself enables wide-area access to centralized systems, but SD-WAN configurations must be augmented with traditional firewalls or security appliances in order to secure the network

In an SD-WAN, the virtualized devices that are spread over many WAN nodes execute (i) traffic prioritization and (ii) bandwidth optimization features. SASE executes these features on a per-device basis to make networking decisions such as where to send traffic. In other words, SD-WAN handles application traffic on the WAN itself, whereas SASE handles it on the given device using the application.

This makes SASE unique from other existing cloud-based gateway solutions, which traditionally serve requests from a data center or decentralized network. Since traffic is being managed at each edge as needed, applications run faster and with fewer security vulnerabilities.

SASE on the Rise

Networking professionals are increasingly adopting SASE platforms to replace their SD-WAN systems or are upgrading legacy systems to SASE, bypassing SD-WAN. What’s behind the rise in SASE networks?

Capabilities and Advantages of SASE

SASE offers significant benefits to businesses and their IT teams, including:

Simpler and More Affordable

A single security platform makes it easier to manage vendors and reduce complexity. Having network security and WAN management in the same platform allows deeper insight into the network and optimizes for threat mitigation.

More Transparency

SASE configurations provide fewer records per device, resulting in less clutter from system processes and different endpoints. This gives security professionals an easier and clearer picture of activity on the network at a glance.

Challenges Surrounding the Proliferation of SASE

As with any emerging technology, SASE does face some growing pains despite the significant benefits it offers over legacy cloud computing solutions.

Lack of Vendor Knowledge and Expertise

Since SASE includes security protocols unlike those seen in SD-WAN and other cloud-based gateway solutions, it represents an entirely new skillset that vendors must learn. This creates some risk that vendors may perform suboptimal work designing or deploying SASE infrastructure. SD-WAN providers are being forced to become security vendors, and not all of them will be up for this task.

Compatibility and Interconnectivity Concerns

While SASE protocols unify security services across a WAN, SASE providers must first offer hardware and SaaS solutions built to work with each other. Hardware incompatibility issues and the use of proprietary systems can inhibit SASE deployment in large-scale organizations.

Selling IT Pros On SASE

Companies have spent millions on their existing SD-WAN configurations and security solutions, and they don’t want to be told it’s already time to upgrade. Additionally, organizations may have invested in security technologies that have not yet been made available by leading SASE vendors. Not only that, but network architects themselves are hard to sell on new technology when their existing systems are doing the job, and as these new products strive to check more boxes for the enterprise, these projects become heavier lifts that often involve both network architecture, security and application teams

Moving to SASE: A Gradual Process

Moving away from legacy SD-WAN systems will require careful planning and frequent adjustments. Decisions will be made because of the organization’s changing needs, business processes, cultural environments, and regulatory concerns. Flexibility will increase over time as change is embraced rather than avoided. IT employees will be able to work where they choose and only connect the resources they need to those areas.

The Future of Security is in the Cloud

SASE technology intends to make cloud-based business solutions safer and more efficient. So what comes next? Below are just a few of the directions SASE is heading.

Crowdsourcing Data and Storage

Cloud storage is expensive, slow, and insecure, so it may be worth looking at alternative solutions. Crowdsourcing data means large cloud players will be giving away their storage as a cheap alternative to traditional cloud options. By doing so, there is still a free option involved for consumers.

Server-Free Cloud Architecture

Serverless cloud computing is an emerging technology that’s supposed to revolutionize the way companies design and release new applications. It shifts away from traditional server models, which typically require you to install software packages in a server or virtual machine. Instead, serverless computing allows developers to create apps and websites without worrying about infrastructure components such as servers and virtual machines (VMs).

While SD-WAN may have initially caught our eye to provide better service to branch offices and other distributed locations, SASE technology has more to offer. As is true for any evolving technology, there are still setbacks and unknowns surrounding SASE solutions. However, there is little doubt that SASE and SD-WAN will continue to evolve to provide users with improved secure connectivity services.