Is SASE just an extension of SD-WAN?
With the emergence of the networking term SASE, is it now time to look at SD-WAN's approach to secure access to the network edge?
Secure access service edge (SASE) is an emerging networking concept that has garnered quite a lot of attention since Gartner defined the term in their 2019 “The Future of Network Security Is in the Cloud” report.
Networking is one of those industries where emerging technologies are very often interlinked with existing architectures and solutions. SASE is no different, and the comparisons with SD-WAN, along with the benefits of each technology, were inevitable.
The natural emergence of SD-WAN and SASE
Software-defined WAN, or SD-WAN for short, was the next step from traditional WAN infrastructures, providing overarching control of the entire network via centralised software. With this, advanced features such as load-sharing of the network traffic was now easily achieved without complex routing protocols.
Additionally, SD-WAN provides organisations with the ability to easily manage their network, including streamlined processes for adding new branch sites along with centralised configuration of network policies.
One of the focal points for enterprise networking, has always been security. While not a “baked-in” component of SD-WAN by definition, most vendors now offer integrated security solutions as standard.
With SASE, this type of security is at the very forefront of the equation instead of being an additional solution. This key aspect is one of the main reasons behind the emergence of this new term, though it’s not necessarily a new concept for SD-WAN adopters.
The main difference between the two technologies lies in their deliverance and connectivity objectives. SD-WAN’s core objective is about connecting geographically separate branch sites, offices and operational locations to each other and company HQ’s, with a flexible, adaptable approach that can accommodate different network conditions.
SASE’s core aim is to connect users (and the network at large) with secure access to business resources which may be distributed across the cloud, private data centres, or other colocation facilities.
Security is equally important in SD-WAN and SASE, but require different approaches
Though SASE’s emphasis on security is obvious, the same can also be said for SD-WAN. While not all providers have “baked-in” security with their offerings, there are plenty that make security core to their solution offering.
When security is treated as part of the solution instead of an afterthought, SD-WAN can deliver enterprise level security for businesses. The reason why SASE may seem more secure at first glance is because of the way its security tools are set up and delivered to the end user.
More specifically, SASE’s security tools reside in every part of the network transaction. They are a part of the user device, in the form of a security agent, and in the cloud, as part of the software stack.
With SD-WAN, this level of security is only achieved if specifically defined as part of a vendor’s wider solution. However, by employing technologies such as Firewall as a Service, and Zero Trust network access, the level of protection offered by SD-WAN and SASE are extremely similar.
The technologies relationship with the cloud
One of the most important things to note about SASE is that it represents a cloud-first approach to enterprise networking. It uses a combination of the public cloud and private data centres to provide the best performance possible to the end user.
Essentially, the SASE stack controls optimal traffic routes based on current cloud resources so that it can provide low latency access to whatever node is necessary.
In the case of SD-WAN, such a cloud-first approach was not originally the goal. However, the importance of cloud access has only increased as more and more businesses move towards cloud-centric solutions themselves.
To that end, there are a variety of SD-WAN providers who offer cloud-enabled solutions that work in virtually the same way as SASE. As such, performance levels are comparable and the network is more accessible providing greater support for cloud-native applications.
As we have seen, SD-WAN and SASE’s approach to enterprise networks differs in their methodologies. However, despite the fact that they have different objectives, they are both capable of providing businesses with secure and advanced networking.
While SASE has a strong emphasis on security at its foundation, so do cloud-centric, security-first SD-WAN platforms. With remote and mobile working on the rise, both technologies will also become increasingly common.