NC Nov-Dec 2023
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
OPINION: SASE<br />
THE DRIVERS FOR SD-WAN<br />
With the growing migration of applications<br />
to the cloud, we have seen increased levels<br />
of SD-WAN adoption. SD-WAN deals with<br />
centralisation and automation, as it<br />
effectively optimises application traffic and<br />
supports reliable access to applications in<br />
the cloud. SD-WAN also reduces vendor<br />
lock-in, as organisations can mix and<br />
match software and hardware from different<br />
providers with centralised control at the<br />
software level. Which, in turn, enabled<br />
companies to do more in the cloud.<br />
But instead of being built around users,<br />
SD-WAN architecture is tailored around<br />
how a particular facility or site accesses<br />
applications and services located on the<br />
corporate network, in the cloud, or in a<br />
data centre. When designed, most users<br />
were expected to work on-site with traffic<br />
routed through a dedicated WAN or LAN<br />
port. Remote working was generally<br />
supported by a handful of gateways across<br />
the world with associated VPNs. The<br />
experience was slower and less flexible than<br />
in the office, but at that time remote<br />
working wasn't as widespread and,<br />
importantly, this approach still supported a<br />
secure connection to their office.<br />
LOSING SIGHT OF THE SECURITY<br />
RISKS<br />
Hybrid working models are now the norm,<br />
and the experience of working in the office<br />
must be replicated whether users are at<br />
home or on the move. This means giving<br />
users the flexibility and freedom to work<br />
securely on any device, in any location.<br />
This model requires scalable networks and<br />
security policies - not just to support a<br />
working anywhere culture, but so corporate<br />
policy and configurations can be applied<br />
for remote workers as they are on-premise.<br />
This is important because any data sent<br />
from a remote device could be unprotected<br />
while in transit to the cloud, which<br />
effectively turns SD-WAN into a security risk<br />
in a hybrid work environment.<br />
Visibility also presents an issue. For an<br />
office, the analytics and reporting process<br />
are simple because all traffic flows through<br />
a single network device. However, with<br />
remote working, people use their own<br />
broadband, and sometimes their own<br />
device, leading to a loss in visibility.<br />
The outdated, decentralised model means<br />
it's impossible to collect data for every<br />
packet centrally and report on statistics such<br />
as bandwidth consumption, security<br />
compliance, or traffic flows to applications<br />
in the cloud. This lack of visibility presents<br />
significant security concerns as without the<br />
ability to track which resources users are<br />
accessing, organisations are increasing the<br />
shadow IT landscape and unnecessarily<br />
inviting new risks to their networks.<br />
SPEED AND EASE OF PERFORMA<strong>NC</strong>E<br />
Over the years there has been significant<br />
investment in SD-WAN, which is perhaps<br />
why most companies seem reluctant to<br />
move away from the technology<br />
completely. Instead, they want to find a<br />
way to make the existing infrastructure<br />
work for hybrid working. And as a result, I<br />
predict that in just five years we'll see SD-<br />
WAN used as an access technology with<br />
most of its current functionalities shifting to<br />
a SASE overlay framework.<br />
The potential performance and security<br />
benefits are huge. With data routing<br />
through a centralised SASE framework,<br />
users can become truly device and<br />
location-agnostic without compromising the<br />
security and compliance of the data for the<br />
packet's entire journey. With some providers<br />
offering hundreds of SASE gateways across<br />
the world, it also supports more localised<br />
access to reduce latency. And, it even<br />
improves the connection between public<br />
and private network services, as the<br />
centralised design negates the need for the<br />
installation of a transitory SD-WAN hub.<br />
SASE also enables network<br />
administrators to monitor and analyse<br />
traffic flows and application performance<br />
in real-time, at a regional, brand or even<br />
user level. Simplifying data visibility with<br />
one centralised framework enables<br />
administrators to reduce the number of<br />
tools they need to monitor performance;<br />
they can now view network performance<br />
and how it connects with specific<br />
applications, as well as whether the data<br />
is secured and compliant on one single<br />
platform. This improves the speed at<br />
which issues can be discovered, assessed,<br />
and resolved.<br />
And of course, that's without considering<br />
the quality and cost. Undoubtedly, the<br />
ability to deliver high-quality networking<br />
over cheaper internet circuits was a key<br />
driver for SD-WAN adoption. Yet, it still<br />
required relatively expensive licenses and<br />
hardware. So even with though the total<br />
cost of ownership (TCO) came down, the<br />
reliance on specialist hardware and<br />
licence fees persists.<br />
Many Internet telco circuits have fallen<br />
considerably in price, and sometimes now<br />
offer a more affordable solution overall with<br />
better performance than SD-WAN on a<br />
cheaper circuit. But with SASE there are<br />
more cost optimisation opportunities as it<br />
only needs a secure connection to a device<br />
which supports SSL or IPsec.<br />
PERFORMA<strong>NC</strong>E AND PEACE OF<br />
MIND<br />
Whether using a public, private or hybrid<br />
network, and no matter what the location<br />
or device, SASE augments the visibility and<br />
security of data as it moves across their<br />
global network. This not only improves<br />
performance, but it critically offers<br />
organisations true peace of mind. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2023</strong> NETWORKcomputing 13