Burwood Group

View Original

Software-Defined WANs Drive Strong Network Security Postures All the Way to the Edge

No matter where your organization is on its digital transformation journey, the end goal should be secure access for data and applications across the cloud. The explosion of remote and hybrid workforce requirements along with hybrid cloud initiatives and increasingly sophisticated cybersecurity threats have made this journey complex. The destination is even harder to reach—thus driving the need for IT leaders to rethink how they view network and security solutions. 

Organizations can no longer view their network and security architectures as two separate technologies with point solutions managed in silos. Instead, a holistic approach must be taken. 

This blog explores the options available to organizations looking to enhance their perspective on managing their network operations and security postures together as one. The focus should be on folding in security transformation and leveraging software-defined wide area networks (SD-WANs) as core elements when implementing Secure Access Service Edge (SASE) technology to arrive at the desired destination. 

Starting with SD-WAN 

According to a recent IDC MarketScape report, SD-WAN remains one of the fastest-growing segments of the network infrastructure market. This is due to the technology's ability to deliver multiple benefits: (1)  

  • Improves application experiences for users. 

  • Integrates connectivity and security operations. 

  • Connects networks seamlessly to cloud platforms and hosted applications. 

  • Reduces network and security management costs. 

This trend is likely rooted in SD-WAN reducing the need to deploy multiple standalone physical appliances to handle specific security functions. It also allows enterprises to simplify security by consolidating branches at the network edge.  

An Agile Networking Alternative  

The increase in remote workers during these past two years and the increased use of the cloud and mobile apps means more endpoints are bypassing on-premises corporate virtual private networks (VPNs). To address this reality, networking and security technologies have converged under a collective security and policy management authority, delivered primarily through cloud-based services.  

This approach uses software-defined networking (SDN) principles for configuring and implementing WANs. There are also principles for virtualizing physical infrastructure devices, so network functions run as-a-service rather than as hardware on-premises. This makes it possible to secure connectivity between endpoints and resources from any physical location, including remote worker devices. 

SD-WAN is ideal for this paradigm. It’s cloud-friendly, providing organizations with an agile, affordable, reliable, scalable, and more secure alternative compared to MPLS (multi-protocol label switching) and VPN options. SD-WAN also provides higher network availability and redundancy that eliminates single points of failure. 

SD-WAN Sets the Stage for SASE Success 

Coined in 2019 by Andrew Lerner at Gartner, SASE is an extension of SD-WAN. The technology combines network security functions—such as web gateways, cloud access, firewalls, and zero trust—with SD-WAN capabilities. This approach supports the dynamic, secure access needs of organizations (2) as SASE is considered the next step in digital transformation. And SD-WAN is a critical component in setting the stage for this networking renovation.  

Because SASE technology runs on a single cloud platform, organizations can simplify their WAN implementations. There’s also VPN functionality as part of the SASE architecture, which enables secure connections that are particularly helpful in addressing the increased demand to connect remote workers and branch offices. 

Why Upgrade Network and Security Together? 

Today’s requirements for security and scalability create the demand for organizations to improve both their network and their security—not one or the other. Some organizations, however, can start by upgrading one or the other. 

Distributed networks require policy-based security at the network edge, so users can gain secure access from anywhere. SASE leverages zero-trust network access, which is critical to authenticating and authorizing users using a least-privilege model. SASE also helps prevent malware from infiltrating networks through segmentation and monitoring while delivering additional key benefits: 

  • Streamlines network and security operations while improving security postures through centralized management across branch networks. SASE provides vital functions such as L7 deep packet inspection. IT gains complete visibility into all network activity with a single cloud platform and no silos of network and security infrastructure tools. 

  • Reduces complexity by consolidating point security solutions into an efficient as-a-service model—with simplified policy enforcement throughout the network. In addition to eliminating the need to deploy and integrate multiple appliances, SASE provides a single interface to manage your SD-WAN connections, resulting in lower operating costs and giving IT more time to focus on other core business functionalities.

  • Generates higher capacity bandwidth with flexible optimization to change WAN connection types based on changes in traffic volume—through a flexible consumption model that scales to meet dynamic operating requirements. By abstracting network transport services and enabling a software-defined approach to WANs, SASE improves network performance to reduce the high costs associated with MPLS bandwidth and trombone routing. 

SASE also supports multiple connection types to expand vendor options. This avoids the challenges connected to technology vendor lock-in and enables more cost-efficient connections compared to MLS.


Citations

1 - IDC MarketScape: Worldwide SD-WAN Infrastructure 2021 Vendor Assessment by Brandon Butler, IDC, November 2021

2 - Say Hello to SASE (Secure Access Service Edge) by Andrew Lerner, Gartner, December 2019