Software-defined architecture is coalescing virtualized networking with security components to form a Swiss-army knife for the enterprise edge, argues this expert.
Networking and security functions are becoming increasingly integrated. With networks serving the critical need of carrying all the traffic for business and consumer applications, this trend will accelerate as more organizations move towards a secure access service edge (SASE).
SASE is not a particular technology in itself, but rather, an increased integration of network and security services at the ‘service edge’. This is where devices and networks are connected. Most importantly, it instantiates services using a cloud software model, which includes a variety of networking and security functions.
If this does not sound familiar, it should be. SASE is following in the footsteps of the remarkably successful SD-WAN market, which is growing at a compound annual growth rate of about 34%.
SD-WAN succeeded because it embraced a very simple concept: make lives easier for network and IT managers by enabling them to manage their networks using software from the Cloud via a single, centrally-managed WAN edge platform.
Software-defined is the future
In ongoing discussions with our end users, automation and orchestration functions rank high as strategic drivers of SD-WAN technology. This technology will now be able to do the same for SASE functions by delivering a more manageable, software-defined platform for integrated security and network services, all centrally managed and delivered from the Cloud.
I recently had a discussion with senior representatives of an SD-WAN and a WAN business about how the drive to accelerate digital transformation and adopt cloud services is not just changing networking but also changing security. They said customers are now asking to shift from a traditional perimeter-based security model to an SASE approach, leveraging the software-driven platform. This on-prem, zero-trust WAN edge complements cloud-delivered security services from their vendor of choice, with all security policy controlled via a single orchestrator.
In short, SD-WAN is becoming a cloud-programmable platform for security and SASE components. It is the Swiss-army knife for the enterprise edge.
SASE’s software-defined foundation
With the constant explosion of devices, high-speed connectivity and cloud-based services, network managers, IT managers and CISOs have become overwhelmed with the number of security tools and alerts they need to manage.
In parallel, they want the freedom to make investments in both networking and security technologies that best align to their changing business requirements. Here, it makes sense to combine the efforts. The answer lies in driving more automation and integration into networking and security at the same time—the same strengths that brought SD-WAN to market.
There really is no real reason for security to be separated from the network. The network carries all the data being connected to cloud applications, so it represents a rich resource for analytics and correlations. Security solutions can be deployed into the network directly to detect and respond to anomalies in activity.
According to our recent survey, the top four benefits of SD-WAN adoption are: improved security, better management/agility, bandwidth optimization/cost savings and faster cloud application performance. All now come in one package: an SASE-enabled SD-WAN.
Industry consortium MEF defines a SASE service as “connecting users (machine or human) with applications in the Cloud, while providing connectivity performance and security assurance determined by policies set by the subscriber.” Users gain a better way to adopt, orchestrate and manage these discrete security components, plugging them into the network and managing with software—at the same time with SD-WAN.
Greater choice of technology
One of the biggest upsides in the convergence of SASE with SD-WAN is that it gives enterprises broad freedom of choice to adopt popular cloud security solutions, which can be integrated with SD-WAN deployments.
Using an advanced SD-WAN edge platform, end users can set up, orchestrate and manage third-party cloud security software that is integrated directly into the networking provisioning process. This saves valuable time in the configuration and management of security policies, while expanding the options for security functionality as cloud-delivered services.
New cloud-based security solutions are exploding. SaaS-based architectures give organizations an easy path to integrate and deploy third-party cloud security software using SD-WAN orchestration and management. SaaS functionality that can be quickly adopted in an SD-WAN architecture include cloud access security brokers (CASB), secure web gateway (SWG), firewall as a service (FWaaS) and zero trust network access (ZTNA)—often also referred to as a software-defined perimeter (SDP).
Some of the most popular new tools can be deployed using automated orchestration within the SD-WAN management console. This ecosystem gives enterprises the benefit of expanding innovation using best-of-breed SASE components, while consolidating management and orchestration layers on the network level.
There is no doubt that SASE is the future of network security. The market is already expanding rapidly through technology alliances and should ease interoperability concerns as partner testing and certification programs come to market.
Some vendors have already extended their orchestration capabilities to integrate third-party cloud security services.
Enterprises can now automate consistent, network-wide security policies that combine the advantages of an advanced zero trust WAN edge on-prem, with cloud-delivered security services from their vendor of choice.