Enterprises are increasingly using the cloud software-as-a-service (SaaS) to keep pace with evolving market trends, changing customer requirements and growing competition. However, traditional network architectures have not been built to handle the workload and complexity of most digital transport needs. They typically require backhauling all traffic, including cloud-destined traffic, from branch offices to a hub or headquarters data centers or users in home office/coffee shops where advanced security inspection services can be applied. The fact that business-critical services are often distributed across multiple clouds, poses a greater challenge, as the delay caused by backhaul impairs application performance results in a poor user experience and loss of productivity.
Unlike the traditional WAN architecture, the Software-defined Wide Area Network (SD-WAN) virtual WAN architecture is designed to fully support applications hosted in on-premises data centers, clouds, and a variety of SaaS services, while delivering the highest levels of application performance. Hence it has become increasingly popular.
SD-WAN offers a more agile and cloud-friendly approach to WAN connectivity. With workloads shifting to the cloud in large numbers, SD-WAN gives enterprises a more reliable alternative that allows them to leverage any combination of transport services – including MPLS, LTE and broadband internet services to securely connect users to applications while providing the following benefits:
- Performance – SD-WAN provides higher capacity and multiple connection types allowing flexibility; so that business critical traffic can be automatically rerouted to links with higher bandwidth.
- Network simplicity – SD-WAN simplifies the infrastructure of layered networks commonly deployed.
- Reliability – SD-WAN includes various transport mediums all which can provide alternative paths.
- Remote access – SD-WAN offers cloud access so that even personnel in distant branches can access the cloud applications.
- Cost savings – SD-WAN technology allows enterprises to use connection types that are less expensive than MPLS. Furthermore, SD-WAN can reduce the overall operating price tag by leveraging low cost local Internet access, providing direct cloud access, and reducing the amount of traffic over the backbone WAN.
Advanced SD-WANs are business oriented, designed to deliver optimal application performance under changing network conditions. Using continuous monitoring and self-learning, advanced SD-WANs automatically respond in real-time to any changes in the state of the network and adapt to any change in the network that could impact application performance, including network congestion, shutdowns and transport outage conditions, allowing users to always connect to applications without IT involvement. Due to the ability to actively use multiple forms of WAN transport simultaneously, advanced SD-WANs prevent businesses from facing complete interruption of business-critical traffic of applications such as voice communication and video. Thereby maintaining high performance of applications and quality of experience to users.
Although SD-WAN adoption is growing and despite its agility and cost benefits, its devices are not designed to address all the networking and security challenges modern enterprises have to deal with as follows:
- Although SD-WANs are equipped with some standards and methods for security, there is no support of advanced on-site security features. Hence a breach in a single unit may affect the entire enterprise.
- Some businesses find it difficult to understand this technology and adapt to it resulting in the need to hire skilled personnel, which might be expensive for small enterprises.
- Not all the SD-WAN solutions are able to support WAN routers as a result the SD-WAN ethernet connections may interfere with the WAN architecture.
- In SD-WANs all the units and connections are centralized and built for site-to-site connectivity. This often generates errors.
- SD-WANs require frequent firmware updates in the routers. Some routers do not have this ability.
SASE – A Boost for the SD-WAN
Secure Access Service Edge (SASE) is a cloud-delivered service that combines the functionality of WAN with extensive security capabilities such as Cloud Access Security Broker (CASB, Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS). In fact, SASE provides a holistic solution of networking and security capabilities anywhere needed, offering better support to the growing dynamic and secure access needs of modern hybrid enterprises whose users, workloads, devices, or applications get secure access wherever they are located.
SASE offers the following benefits:
- A cloud-based architecture approach to WAN infrastructure that enables SASE to provide service to any edge endpoint, including mobile users while maintaining performance and security. This means that enterprises are exempt from dealing with routine activities such as upgrades, patches, and maintenance which are handled by the SASE suppliers.
- Flexible, consistent security due to delivering a comprehensive range of security services, such as NGFW, IPS, CASB, and SWG. With the entire network and security infrastructure delivered as a single cloud-native platform, enterprises benefit from increased visibility, fewer silos, and enhanced security.
- Simplified management through simplifying the network architecture by consolidating key networking and security functions from disparate point products into single solutions.
- Cost savings as the enterprises no longer need to purchase and manage multiple point products and solutions so IT personnel can focus on core business functionality rather than infrastructure maintenance.
- Optimized performance by enabling the enterprise users to connect in an easy and secure way to the internet, applications, and corporate resources wherever they are located.
- Improved user experience thanks to the fact that all security controls are automatically applied for the user, mitigating the risk of user errors occurring.
SD-WANs Optimized for SASE
The goal of SASE is to deliver the best quality of experience for cloud-based applications without compromising on security. To achieve that, SASE requires SD-WANs to support the following SASE functions:
- Identify application traffic and enforce security policies as specified by the business purposes.
- Automatically maintain cloud application definitions and TCP/IP address range up to date, on daily basis.
- Automatically switch to a secondary cloud security enforcement point so that any application runs without interruption.
- Automatically reconfigure secure connections to cloud security enforcement points as needed.
- Allow deployment of new security innovations from any vendor to easily address unknown future threats.
SD-WANs Integrated With SASE – The Winning Combination
An ideal solution that is suitable for each and every enterprise security and networking use case does not exist. However, a solution that combines SD-WAN, which includes advanced networking functionality and security features, with SASE, can certainly address most WAN network and security requirements due to the benefits SASE architecture can deliver.
Analyst reports, referring to the global Secure Access Service Edge post-COVID-19 market, estimate that the SASE market size is projected to grow from USD 1.2 Billion in 2021 to USD 4.1 Billion by 2026, recording a Compound Annual Growth Rate (CAGR) of 26.4% from 2021 to 2026.