NC Nov-Dec 2023

OPINION: SASE
THE DRIVERS FOR SD-WAN
With the growing migration of applications
to the cloud, we have seen increased levels
of SD-WAN adoption. SD-WAN deals with
centralisation and automation, as it
effectively optimises application traffic and
supports reliable access to applications in
the cloud. SD-WAN also reduces vendor
lock-in, as organisations can mix and
match software and hardware from different
providers with centralised control at the
software level. Which, in turn, enabled
companies to do more in the cloud.
But instead of being built around users,
SD-WAN architecture is tailored around
how a particular facility or site accesses
applications and services located on the
corporate network, in the cloud, or in a
data centre. When designed, most users
were expected to work on-site with traffic
routed through a dedicated WAN or LAN
port. Remote working was generally
supported by a handful of gateways across
the world with associated VPNs. The
experience was slower and less flexible than
in the office, but at that time remote
working wasn't as widespread and,
importantly, this approach still supported a
secure connection to their office.
LOSING SIGHT OF THE SECURITY
RISKS
Hybrid working models are now the norm,
and the experience of working in the office
must be replicated whether users are at
home or on the move. This means giving
users the flexibility and freedom to work
securely on any device, in any location.
This model requires scalable networks and
security policies - not just to support a
working anywhere culture, but so corporate
policy and configurations can be applied
for remote workers as they are on-premise.
This is important because any data sent
from a remote device could be unprotected
while in transit to the cloud, which
effectively turns SD-WAN into a security risk
in a hybrid work environment.
Visibility also presents an issue. For an
office, the analytics and reporting process
are simple because all traffic flows through
a single network device. However, with
remote working, people use their own
broadband, and sometimes their own
device, leading to a loss in visibility.
The outdated, decentralised model means
it's impossible to collect data for every
packet centrally and report on statistics such
as bandwidth consumption, security
compliance, or traffic flows to applications
in the cloud. This lack of visibility presents
significant security concerns as without the
ability to track which resources users are
accessing, organisations are increasing the
shadow IT landscape and unnecessarily
inviting new risks to their networks.
SPEED AND EASE OF PERFORMANCE
Over the years there has been significant
investment in SD-WAN, which is perhaps
why most companies seem reluctant to
move away from the technology
completely. Instead, they want to find a
way to make the existing infrastructure
work for hybrid working. And as a result, I
predict that in just five years we'll see SD-
WAN used as an access technology with
most of its current functionalities shifting to
a SASE overlay framework.
The potential performance and security
benefits are huge. With data routing
through a centralised SASE framework,
users can become truly device and
location-agnostic without compromising the
security and compliance of the data for the
packet's entire journey. With some providers
offering hundreds of SASE gateways across
the world, it also supports more localised
access to reduce latency. And, it even
improves the connection between public
and private network services, as the
centralised design negates the need for the
installation of a transitory SD-WAN hub.
SASE also enables network
administrators to monitor and analyse
traffic flows and application performance
in real-time, at a regional, brand or even
user level. Simplifying data visibility with
one centralised framework enables
administrators to reduce the number of
tools they need to monitor performance;
they can now view network performance
and how it connects with specific
applications, as well as whether the data
is secured and compliant on one single
platform. This improves the speed at
which issues can be discovered, assessed,
and resolved.
And of course, that's without considering
the quality and cost. Undoubtedly, the
ability to deliver high-quality networking
over cheaper internet circuits was a key
driver for SD-WAN adoption. Yet, it still
required relatively expensive licenses and
hardware. So even with though the total
cost of ownership (TCO) came down, the
reliance on specialist hardware and
licence fees persists.
Many Internet telco circuits have fallen
considerably in price, and sometimes now
offer a more affordable solution overall with
better performance than SD-WAN on a
cheaper circuit. But with SASE there are
more cost optimisation opportunities as it
only needs a secure connection to a device
which supports SSL or IPsec.
PERFORMANCE AND PEACE OF
MIND
Whether using a public, private or hybrid
network, and no matter what the location
or device, SASE augments the visibility and
security of data as it moves across their
global network. This not only improves
performance, but it critically offers
organisations true peace of mind. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2023 NETWORKcomputing 13