Does the choice of SD-WAN enable a better SASE architecture?

SD-WAN is an important part of SASE, but security has taken the more dominant focus during Covid.

Where does SD-WAN really stand?

‘Is SD-WAN an important first step to a SASE architecture?’ is a question I get asked often. Before Covid my answer was in many cases ‘yes’ but the landscape has changed a lot.

The earlier drivers of SD-WAN were simple and compelling – to pull network infrastructure out of the dark ages and make it agile and cloud-ready. The technology benefits were an order of magnitude better when it came to performance, cost and manageability.

The business case was straightforward, but the complexity lay in navigating the landscape of 50+ vendors possessing hugely varying capabilities.

Cloud-based applications like Office 365 and Amazon Web Services (AWS) were much faster with SD-WAN, primarily due to the ease of aggregating multiple dedicated internet access (DIA) and low-cost broadband connections at enterprise locations into a single, stable connection with ease and efficiency comes a potential security nightmare – necessitating a cloud-security strategy to be a parallel consideration to SD-WAN. But this was still relevant when the bulk of the workforce belonged in the office.

Was SD-WAN enough during Covid?

Covid shifted the IT focus from the office to the work-from-home user. Employees now needed complete networking and security capabilities for 24×7 access from home in all parts of the world.

Most enterprise remote access infrastructures were designed to support a portion of a company’s workforce, and were simply not ready to handle the full corporate user base; this exposed several choke points in performance and security that left IT struggling to manage.

Ransomware and other bold attacks on employees and corporations have been on a steep rise through Covid, seeking to exploit these gaps left from quick adaptation to the new normal.

SASE is the starting point for an architecture that looks at networking and security in a more comprehensive manner.

Does SASE have more questions than answers?

While the enterprise need for SD-WAN could easily be solved by a single vendor, SASE is an overarching framework that may require multiple vendors. The approach of IT solutions for discrete user groups in isolated silos has to be done away with and needs to give way to ‘solving for a single hybrid user’ irrespective of their location.

This makes the SASE transformation a journey of multiple steps, driven by many important questions.

  • Can hardware-based SD-WAN solutions still meet SASE needs?
  • Is there a recommended step-wise deployment for SASE?
  • Can all hybrid users come under a single Zero Trust Network Architecture (ZTNA) model?
  • How do the security solutions of SWG and CASB provide consistent protection for the WFH and enterprise users?
  • Is there a vendor that can deliver the major security blocks of CASB, SWG and FWaaS in a single, cloud-based solution?
  • Does SASE protect an enterprise from intrusion and phishing attacks?
  • Should SaaS optimization be executed by SD-WAN or the SASE cloud?

Does the Roadmap to SASE need to be bumpy?

In its report, Gartner highlights that SASE deployments are still in small numbers today and why it is a complex topic without a straightforward solution. For one of the few times I can remember throughout my years of enabling enterprise customers to solve their WAN and security challenges, we, as an IT community, have an opportunity to think holistically about network transformation.

But, that opportunity isn’t without risk. More than once I have been called into situations where failure to plan or ask the right questions have led to wrong choices and some costly missteps.

In a webinar Bluewave hosted with CATO networks, we break down the way an enterprise needs to analyze the SASE roadmap based on their unique requirements.