Details

Published on 21 September 2023

(Credit: Zoonar GmbH / Alamy Stock Photo)

SASE offers streamlined provisioning and enhanced security when adding remote offices, WFH sites, and mobile workers to enterprise networks.

Stated simply, secure access service edge, also known as SASE, is a cloud architecture that combines network and cloud-native security technologies and delivers them as a single cloud service.

As a result, SASE enables enterprises to use a single management console to bring together their network and security tools. This recasts network expansion by providing a simple security and networking tool that's independent of where employees and resources are located.

With the number of remote workers increasing and more organizations using cloud services to run applications, SASE offers a fast, affordable, and scalable SaaS product that covers both networking and security functions.

Network Expansion to Date and Going Forward

“Irrespective of SASE, there’s been a general trend to make network deployments easier over the past decade,” explained Mauricio Sanchez, Senior. Director, Enterprise Security & Networking Research at Dell’Oro Group, a network infrastructure market research and analysis firm. "The classic case is dropping shipping a box somewhere (a router, a Wi-Fi AP, etc.) and having it automatically provision its network policy by itself once it gets plugged in."

Fast forward to what’s happening with SASE, that ease-of-deployment and auto-provisioning is extending to the security and endpoint side. “On the security side, the user/SASE security policy is now starting to be attached to the network provisioning workflows, which gets us one step closer to secure networks out of the box,” said Sanchez.

"On the endpoint side, it's a conversation about how to get endpoints (laptops, iPads, phones) secure connectivity." As a result, SASE solutions are now extending to help provision that secure connectivity a lot faster and better than before.

What SASE Solutions Include

SASE requires little to no hardware and uses cloud technology to bring together (SD-WAN) with network security functions. They include Firewall-as-a-Service (FWaaS), Software-as-a-Service (SaaS), Secure web gateways, Cloud access security brokers, and Zero Trust Network Access.

Beyond Provisioning to Zero Trust Network Access (ZTNA)

Enterprises beset with adding a growing number of remotes and WFH locations still need to face ZTNA. Any SASE solution worth its beans is going to be able to show how it helps improve zero-trust in the organization. “When lighting those new remote sites or users, it’s vital to leverage zero trust philosophy and make sure those remote sites/users only get the access they need and no more,” explained Sanchez. Otherwise, he added, it’s as good as leaving the back door open.

Why the growth in enterprise networks?

SASE has taken center stage in network planning as enterprises face a two-headed challenge or provide secure access to far-flung locations (many of which are gaining broadband access per the Broadband Equity, Access and Deployment program (BEAD) while simultaneously supporting employees working from home. IT security staff can also use SASE to cover mobile connections and the attached devices.

BEAD: BEAD provides $42.45 billion to expand high-speed internet access by funding planning, infrastructure deployment, and adoption programs in all 50 states. With the funding amounts per state recently announced (each received $100 million), the focus has shifted to the actual deployment of broadband services to unserved and underserved areas in a bid to finally close the Digital Divide.

WFH: Security is of paramount importance when supporting WFH as workers had not planned that their home would be their office and often know little about broadband access networking and security challenges. While some large U.S. employers are trying to get WFHomers back in the corporate office, working from home full time will continue forward.

Mobile Workforce: Beyond federal and state-funded broadband rollout efforts already underway, the rapid emergence of 5G networks has network and business planners looking to better secure connections to fast-growing mobile workforces, be they in sales, support, field service, etc.

SASE to the Rescue for Network Expansion

Having scrutinized the SASE market for years, Sanchez has found items network planners should look for in bringing on a solution:

• Agent deployment: “Good SASE solutions have a mechanism to deploy/install agents via an email invitation.”
• Agentless: “For transient users that don’t want to download an agent, there are SASE solutions that support agentless modes (through the web browser isolation).” It’s a bit like taking Zoom or Teams calls within a web browser, he added.
• Hardware on-prem: Though not cheap, there are still some vendors that offer equipment for the home. These little hardware boxes set up a secure extension of the corporate LAN in the home environment.

The Final Word on SASE for Secure Network Expansion

It's easy to be wowed by vendors that have long lists of "nerd" knobs and overlook operational fit, warned Sanchez. "There's no point in buying a SASE solution that has 300 different features if none of those are going make deployment and day-to-day operations successful."

Related articles:

• What to Consider When Choosing a SASE Vendor
• Top 10 Things to Look for in a SASE Architecture
• SASE Implementation: Five Steps to Take Before You Go Live

Details

Published on 21 September 2023

(Credit: NicoElNino / Alamy Stock Photo)

SD-WAN gives enterprises a wide array of services to build and enhance their networks to meet today’s ever-changing business needs.

SD-WAN has won over businesses worldwide largely because it enables IT managers to control and manage their network more easily than had been previously possible by past approaches that required them to manage underlying hardware for WAN networks.

SD-WAN enables you to deliver benefits, including higher performance and lower latency. These benefits of SD-WAN result in a heightened user experience.

What is SD-WAN? A Quick Introduction

A software-defined wide-area network (SD-WAN) is a virtual WAN architecture that allows enterprises to leverage any assortment of transport services to securely link uses to desired applications. The list of transport services includes broadband Internet, Multiprotocol Label Switching, and Long-Term Evolution (wireless).

The increasingly popular and flexible SD-WAN architecture provides a network overlay and decouples network software services from hardware-provided WAN links. SD-WAN gives you a wide array of cost-effective and versatile services with which to build and enhance your enterprise network to meet today’s ever-changing business needs.

The Benefits of SD-WAN

The rising need to connect branch offices more easily and effectively and those working from far-flung home bases has IT teams embracing an SD-WAN architecture. The benefits of SD-WAN are many and varied. They include – but are not limited to – central management of network operations with visibility, a simplified WAN infrastructure, increased security via a smooth transition to SASE, heightened business agility, and reduced WAN costs.

1. Enhanced connectivity and reliability

SD-WAN helps to improve network connectivity by allowing different devices on a network to share files and data. SD-WAN can improve employee productivity and connectivity by eliminating the need for traditional network links between locations. By managing traffic centrally, SD-WAN can prevent network congestion, thus improving overall network performance.

SD-WAN can help improve connectivity by routing data through multiple servers rather than the traditional network infrastructure. That improves performance and reliability.

2. Increased bandwidth and efficiency

By deploying SD-WAN, you can optimize network performance while providing more reliable and secure access to applications, data, and cloud services. SD-WAN will select between available transport options, selecting the optimal transport for a given application.

With SD-WAN, businesses can scale bandwidth up or down with little notice. You can also distribute bandwidth to accommodate flash conditions or new applications. In an important distinction, the SD-WAN – not a service provider – controls bandwidth allocation. That helps businesses ensure that lifeblood applications receive the required bandwidth when needed.

3. Easier network management

SD-WAN reduces network complexity by centralizing network management and control in a single platform. The resulting benefits are simplified operations and a reduction in network maintenance costs.

Lower administration costs and greater control together provide a level of network visibility unavailable with traditional network approaches.

Network management becomes easier as an SD-WAN solution enables automatic workload balancing and WAN congestion management for best performance and low routing costs.

4. Improved cybersecurity and protection

Because the SD-WAN architecture routes traffic over multiple links and provides better bandwidth utilization, it ensures that data is securely transmitted between different locations.

SD-WAN also offers your business secure traffic segmentation and provides an additional layer of security to ensure that unauthorized parties do not access data. That helps to protect organizations against data breaches and other cybersecurity challenges.

When SD-WAN is understood as a conceptual delivery model for services, it can then underpin many best practices for security. It’s not a matter of SD-WAN versusSASE but the knowledge that SD-WAN delivers the foundational building blocks of SASE. The network is still one of the best places for many security controls. The WAN edge creates an efficient and effective policy enforcement point and one that also provides the means for better observing and controlling zone boundaries and related security requirements. With ZTNA (Zero Trust Network Access), the coin firmly lands on the "default deny" posture, being the most advantageous and robust compared to the less secure "default permit."

5. Ability to adapt to changes in demand

With SD-WAN, businesses can scale bandwidth up or down with little notice. You can also redistribute bandwidth to accommodate flash conditions or new applications. In an important distinction, the SD-WAN – not a service provider – controls bandwidth allocation. That helps your business ensure that lifeblood applications receive the required bandwidth when needed.

6. Increased flexibility

An SD-WAN provides increased flexibility since it can use multiple transport options. A tremendous amount of flexibility is realized by configuring remote sites forMPLS, broadband, cellular, and more. That makes connecting branch locations lighter lifting, regardless of their physical location or carrier restrictions.

An SD-WAN solution enables automatic workload balancing and WAN congestion management for best performance and low routing costs.

7. Reduced costs

SD-WAN helps you reduce costs, in part from savings from switching to less expensive IP circuits, which can easily be right-sized. Add in SD-WANs reduced deployment costs, reduced IT management expenses, and lighter use of IT management, savings build.

For example, an SD-WAN handles connections and encryption, which saves on the costs of the firewalls needed for VPN links. The SD-WAN intelligently automatically builds the required tunnels between an organization’s locations.

The network administrator sets the routing policies for the operation. With the introduction of this technology, it is possible to optimize internal processes related to information management and enterprise network management, significantly improving application and employee productivity.

8. Improved application and network performance

When you consider that networks support applications that use varying levels of services, SD-WAN becomes a natural solution as it provides flexible pathways per application. The resulting benefit of SD-WAN is that it prevents performance-intensive applications from clogging networks and hurting low-latency applications. With SD-WAN, data flow becomes reliable, and networks no longer experience vulnerabilities due to dropped data packets or blocked or lost data.

Perhaps the most important advantage of your use of SD-WAN is enhancing the cloud application performance. That is because the solution identifies the easiest or the best route. Connecting over the Internet using an SD-WAN system provides the shortest route to the application, which boosts performance.

9. Improved user experience

To keep businesses competitive and their remote workers productive, SD-WAN lets you deliver a superior user experience. Stated simply, this means that application access and use must be seamless and secure. SD-WAN is the most effective strategy for remote users to connect with applications and workloads running on cloud providers. SD-WAN helps you achieve this goal by providing a simplified, automated, operationally efficient, and secure cloud on-ramp.

But your success with SD-WAN depends on selecting a secure solution designed for your business today and in the future. An advanced SD-WAN offering for evolving companies is capable of centrally connecting, unifying, automating, and orchestrating access, connectivity, and security across disparate environments.

10. Increased uptime

SD-WAN offers more flexibility and the ability to overcome the high bandwidth costs of MPLS services by integrating internet transport options, including fiber, wireless, and cable, into the WAN. This results in the formation of a virtual overlay across all selected transport offerings.

With features like load balancing and measuring the quality of each link, SD-WAN provides the high uptime businesses demand by using a mix of internet connections. Because an SD-WAN uses multiple connections, an organization’s entire network will not go down if one link goes down. Your SD-WAN won’t use that connection until it’s back up. That boosts network uptime.

How to Choose the Right SD-WAN Solution for Your Business

To realize the many benefits of an SD-WAN for your business, it is paramount that you select a provider that meets the evolving needs of your enterprise. No one size fits all. Different organizations have differing needs and priorities. Below are helpful tips designed to help you find the optimal match.

Step 1: Look for solutions that support your goals and needs.

While it may sound vague, you should look for solutions that meet your specific goals and needs. An SD-WAN that works well for businesses in the auto industry may not be the best fit for companies in the agriculture industry, as each have specific (and varying) needs.

In fact, SD-WAN solutions also vary by the size of your company’s network, data traffic, and type of core applications. It is best to focus on the specific needs of your company and align those with current and future business goals.

Step 2: Check user reviews and testimonials

Checking user reviews and testimonials can help you zero in on the SD-WAN that fits best. Vendors publicize customer case studies and even use cases.

To get a more balanced and candid take on a vendor's SD-WAN offering(s), attending the vendor’s annual users’ group (or annual customer event) could pay big dividends as vendors typically share their product roadmap and detail enhancements they are considering based on requests from actual customers. Product sunsetting is often discussed.

Step 3: Verify compatibility with existing equipment.

As with most any technology purchase of value, have your IT team verify the compatibility of the service with the equipment you are currently using. Most companies cannot afford the disruption and cost of equipment rip and replace. Prospective vendors should be able to provide supporting documentation and more. Consult a solutions engineer from your short list of potential suppliers.

Step 4: Evaluate the solution's user interface and ease of use.

Often, the most technically advanced solutions are built for the most tech-savvy end-users and to perform the most advanced capabilities. That is fine, but it is crucial to your business success and SD-WAN selection that the package features a simple user interface and provides general ease of use for all workers.

The time required to get employees up to speed on a new tech system should be minimal. Time is truly money. And a challenging user interface – or difficulty using an SD-WAN can slow your advance.

Step 5: Assess customer service offerings.

When attempting to ascertain the level of customer service a vendor offers with its SD-WAN offering, it is tough to know if the customer is king or just simply another in a lengthy list of businesses using their product.

In a world of constant outages, disruptions, cyberattacks, and other painful anomalies, it is essential to get details on your prospects’ backup plans, mean time to repair, if they or their channels provide customer service, and who is your single point of contact in the event of problems. Finally, does the vendor have a service organization, or does it farm this function out?

Details

Published on 14 August 2023

(Credit: Juan Roballo / Alamy Stock Photo)

A Dell’Oro Group forecast report finds great and growing interest in single-vendor SASE over multi-vendor solutions.

Single-vendor SASE solutions are expected to grow twice as fast as multi-vendor approaches, according to a recent forecast report by Dell’Oro Group, a global infrastructure research firm.

The report results signify that more enterprises are opting for one company – as opposed to many - to deliver and support advanced security systems. Dell'Oro names 11 vendors capable of delivering single-vendor SASE solutions.

Secure Access Service Edge (SASE) is an enterprise networking technology category introduced by Gartner in 2019. It converges the functions of network and security solutions into a unified, global cloud-native service. SASE allows an architectural transformation of enterprise networking and security. That, in turn, lets IT provide an agile and adaptable service to its users. It combines WAN edge services with Secure Service Edge tools and services to securely connect remote users and sites to data, cloud services, and the enterprise.

“Since we started tracking the SASE market in 2019, multi-vendor solutions have represented most of the market compared to single-vendor. However, in 2023 we anticipate that single-vendor SASE will become most of the market,” said Mauricio Sanchez, Senior Director, Enterprise Security and Networking at Dell’Oro Group. "As single-vendor SASE solution maturity increases, so has the comfort of purchasing it all from a single vendor. The pressure to go after best-of-breed from multiple vendors is slowly diminishing," added Sanchez.

Benefits of a single vendor SASE solution

There are multiple benefits to the single-vendor approach. They include:

No finger-pointing between vendors: When problems arise, single-vendor SASE eliminates the possibility of the painful and time-consuming finger-pointing that sometimes occurs between vendors in multi-vendor SASE.

Improved IT team productivity and effectiveness: SASE requires five major components spanning networking and security to work together, and in single-vendor SASE, they are all provided by the same vendor as a tightly integrated and validated technology stack.

Clearer SLAs (service level agreements): Regarding uptime or performance, SLAs associated with single-vendor SASE are not muddled by the complexities of dealing with multi-vendor SLAs in multi-vendor SASE.

(Hopefully) better pricing: One would expect to get better pricing from a single vendor than (best-of-breed) multi-vendor. However, this may not always be the case.

Disadvantages of a multi-vendor SASE solution

Enterprises often find problems when dealing with multiple vendors in any part of the market or with any technology. The same is true for SASE. Some of the common disadvantages include:

• Risk of vendor finger-pointing when things go south.
• Reduced IT effectiveness because of having to manage components across multiple vendors.
• Cloudier SLAs because they are dealing with two vendors.
• Likely higher cost

Perhaps more interesting is why enterprises go multi-vendor, Sanchez said. “There is an argument for best-of-breed. Some enterprises may find that they can only address their security and networking requirements using multiple vendors.”

Right here, right now. The 11 single-vendor SASE providers

The Dell’Oro forecast report identifies 11 vendors that can deliver complete SASE systems. They include:

• Aruba Networks
• Aryaka
• Cato Networks
• Check Point Software
• Cisco
• Forcepoint
• Fortinet
• Juniper Networks
• Palo Alto Networks
• Versa Networks
• VMware

The SASE market forecast

Single-vendor SASE cumulative market is projected to reach $34 B between 2022 and 2027, according to the Dell’Oro forecast report, while multi-vendor SASE solutions will continue to occupy a significant part of the market, with an expected enterprise spend of $29 B between 2022 and 2027. The combined SASE market is anticipated to grow at a five-year compound annual growth rate (CAGR) of over 30 percent between 2022 and 2027.

The report's many projections should help IT leaders with the SASE selection process, which can be challenging. Knowing the basics of the security solution, combined with market intelligence, should help teams ask the right questions in discussions with potential vendor suitors.

Over the years, the Dell’Oro Group, like others, segmented its coverage of the SASE solutions market by technology (SSE versus SD-WAN) and implementation (unified versus disaggregated). It further segments SSE across Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Zero-Trust Network Access (ZTNA), and Firewall-as-a-Service (FWaaS) technologies.

A final word on SASE implementation

Since it is a security architecture made up of six distinct elements, enterprises looking to start implementing SASE might choose a single-vendor system for speedier results. "In the vast preponderance of cases, dealing with a single vendor is going to see a faster pilot, purchase, and deployment cycle,” added Sanchez.

Related articles:

• SASE Implementation: Five Steps to Take Before You Go Live
• Enabling SD-WAN and SASE – An Ideal Edge Computing Use Case
• Prepare to Converge: Aligning the Priorities of Networking and Security