A recent Gartner Magic Quadrant (MQ) report shared that 70-percent of SD-WAN (software-defined wide-area network) customers will have implemented SASE (secure access service edge) architecture by 2024, compared to 40-percent in 2021.
This upward trajectory of SASE architecture deployments with SD-WAN, is no coincidence. SD-WAN is a foundational component and integral part of SASE architecture, and existing SD-WAN-enabled organisations are well-positioned to reap benefits from SASE.
SD-WAN – the journey so far
SD-WAN tech has come a long way from just a few years ago. Remote working and usage of SaaS apps, is increasing more than ever before.
Analysts like Gartner observe that the market continues to migrate from traditional branch routers at branch locations and headquarters, to SD-WAN which is a decentralised architecture and better suited for cloud workloads.
Users also used to connect from branch locations over secure private line connections, but there is currently a massive shift in how they work, where they work, and more applications being hosted in cloud instead of data centre.
The data centre is not the centre of an enterprise’s universe like it used to be.
Before, enterprise applications used to be hosted in the data centre and employees needed to connect back to the data centre to access business applications for work. Enterprises would build security perimeters around the data centre to protect everything within it.
But this is not enough anymore.
Users also used to connect from branch locations over secure private line connections, but there is currently a massive shift in how they work, where they work, and more applications being hosted in cloud instead of data centre.
There are more employers working from remote locations now, and they are connecting to more applications that are hosted on the cloud Internet.
Internet breakout function – Why not use the Internet to reach apps that are hosted in the Internet?
Sending cloud traffic destined for the Internet, back to the data centre does not make sense.
It adds delay, degrades application performance, and consumes costly leased line bandwidth. Not to mention, backhauling the traffic back to the data centre for security and risk inspections adds unnecessary latency to application performance.
Hence, SD-WAN that supports adaptive Internet breakout, is key to enabling a SASE architecture.
Two, perimeter-type defences around the data centre, is simply not adequate anymore. Remote workers are accessing applications that are hosted on the cloud Internet now. And so, this has necessitated the transformation of WAN and security architectures with SASE.
With these realisations, two things have also happened.
First, intelligent and application aware technology like SD-WAN have become more relevant and there is rapid adoption of it.
Two, perimeter-type defences around the data centre, is simply not adequate anymore. Remote workers are accessing applications that are hosted on the cloud Internet now. And so, this has necessitated the transformation of WAN and security architectures with SASE.
How SASE works – better together with SD-WAN
HPE Aruba’s Derek Granath puts it well, describing SASE as a term coined by Gartner in 2019.
“It’s a model for a framework or an architecture that describes the necessary WAN edge functions combined with cloud-delivered security services, all delivered and managed in the cloud.
“None of these are new capabilities or new technologies. It’s just the integration of these networking and security functions have been given a name – SASE.”
The necessary WAN edge functions Derek spoke about include SD-WAN, routing, basic security to protect branch locations, advanced segmentation, intrusion detection and prevention capabilities, and WAN optimisation, according to Derek.
Cloud-delivered security services include firewall as a service, secured web gateway, cloud access security broker (CASB), zero trust network access (ZTNA), data loss prevention, sandboxing, and more.
Cloud-delivered security services include firewall as a service, secured web gateway, cloud access security broker (CASB), zero trust network access (ZTNA), data loss prevention, sandboxing, and more.
Instead of thinking of how to update threat intelligence and remediation measures at thousands of firewall appliances at hundreds of branch locations, a SASE architecture helps streamline these into cloud security enforcement points.
These cloud security enforcement points are usually located at data centres where commonly used SaaS apps are also hosted. They also tend to be located closer to the end user, helping reduce latency and increase application performance. A more streamlined management also reduces cost and increases efficiency.
Automated orchestration of best-of-breed security
According to the results of a recent Ponemon Institute survey, over 70-percent of respondents across 1800 networking and security IT professionals, prefer multi-vendor integrations that simplify deployment and ongoing operations without compromising either capabilities. Gartner had also weighed in with their opinion that enterprises should consolidate vendors to cut complexity and cost.
Derek observed, “Enterprises likely want to transform these architectures at a pace that makes sense for their business. And most enterprises prefer best-of-breed WAN tech and best-of-breed cloud security.”
Over 70-percent of respondents across 1800 networking and security IT professionals, prefer multi-vendor integrations that simplify deployment and ongoing operations without compromising either capabilities.
But how to deploy this easily and in a way that is easy to update? Derek shared this is possible with Integrated Orchestration. This is enabled by configuring secure at least two IPsec tunnels between branch locations and cloud security enforcement points.
“By integrating the orchestration between a best-of-breed SD-WAN solution and cloud security vendor via API, we can automate the configuration of these tunnels as well as the configuration of the application-specific security enforcement policy,” Derek said.
This can mean the onboarding of hundreds to thousands of branch sites in minutes instead of months, with minimal error.
Aruba Orchestrator
Aruba Orchestrator, a component of Aruba EdgeConnect SD-WAN platform, provides this unique ability to centrally define and assign policies based on business intent to secure and control all WAN traffic across multiple branch offices. This speeds up and simplifies multiple branch deployments and ensures consistent policies across applications.
There is centralised and automated control of the entire SD-WAN topology, with specific detail into and monitoring of WAN performance across a distributed enterprise, even capability to segment users, applications, and WAN services into secure zones.
This capability is an important foundation, which also frees up resources usually spent manually configuring IT, to instead evaluate and adopt new security technologies as and when they emerge.
A convenient drag-and-drop feature enables enterprises to automate and accelerate the integration of best-of-breed security vendors – Check Point, Forcepoint, McAfee, Netskope, Palo Alto Networks, Symantec, Zscaler, and secure DNS – significantly reducing the amount it takes to incorporate cloud-based security services into the existing network and security infrastructure.
This capability is an important foundation, which also frees up resources usually spent manually configuring IT, to instead evaluate and adopt new security technologies as and when they emerge.
In summary, it is very possible to enable direct and secure access to apps and services across multi-cloud environments regardless of locations and devices used, with the freedom of choice to deploy best-in-class security vendors with automated orchestration.
The goal of a SASE architecture is to more intelligently connect users to their applications for best quality of experience without compromising any security. The explanations shared above are reasons why SD-WAN and SASE complement each other and work better together, further fortifying HPE (Aruba and Silver Peak)’s leadership positions in the Gartner Magic Quadrant for WAN Edge Infrastructure for the fourth consecutive year.
