What is Network-as-a-Service and Why WAN Transformation Needs NaaS and SASE

The networking industry loves a good buzzword as much as any other IT sector. Network-as-a-Service (NaaS) certainly fits that billing. The term has been around for at least a decade has come back in vogue to describe networking purchased on a subscription basis.

But what’s particularly interesting for anyone moving away from a global MPLS network or otherwise looking at WAN transformation is the impact NaaS will have on evolving the enterprise backbone. For all of its talk, SASE as understood by much of the industry, will not completely replace a global MPLS network; the Internet is simply too unpredictable for that. Only by converging SASE with NaaS can companies eliminate costly, legacy MPLS services.

What is NaaS (Network-as-a-Service)

Exactly what constitutes a NaaS is open to some debate. All agree that NaaS offerings allow enterprises to consume networking on a subscription basis without having to deploy any hardware. According to a recent Network World article, IDC’s senior research analyst Brandon Butler wrote in a recent whitepaper “NaaS models are inclusive of integrated hardware, software, licenses and support services delivered in a flexible consumption or subscription-based offering.”

Cisco in its recent report flushed that out a bit further defining NaaS as “a cloud-enabled, usage-based consumption model that allows users to acquire and orchestrate network capabilities without owning, building, or maintaining their own infrastructure,” writes industry analyst, Tom Nolle.

Gartner identifies the specific attributes of a cloud service. According to Gartner’s Andrew Lerner, “NaaS is a delivery model for networking products. NaaS offerings deliver network functionality as a service, which include the following capabilities:

  • elf-service capability
  • on-demand usage,
  • Ability to scale up and down.
  • billed on an opex model
  • consumption-based, via a metered metric (such as ports, bandwidth or users), (not based on network devices/appliances).

NaaS offerings may include elements such as network switches, routers, gateways and firewalls.”

For those running datacenter networks, Network World reports NaaS offerings will allow them to purchase compute, networking, and storage components configured through an API and controlled by a common management package. (Personally, I find the focus on the appliance form factor a reflection of legacy thinking. Gartner’s view of a consumption-based model based on bandwidth or users, not appliances, I think to be more accurate but let’s leave that aside for the comment.)

But for those involved in the WAN, NaaS is also increasingly coming to describe a new kind of backbone, one that’s programmable, sold on a subscription basis, and designed for the cloud. “I see NaaS as a way to describe agile, programmable backbones and interconnections in a hybrid, multi-cloud architecture,” wrote Shamus McGillicuddy, vice president of network management research at Enterprise Management Associates in an email.

Terminate Your MPLS Contract Early | Here’s How

NaaS Must Meet SASE

But here’s the thing, with the proliferation of threats any networking service cannot be divorced from security policy enforcement and threat prevention. It’s why SASE has emerged to be such a dominant force. The convergence of SD-WAN with four areas of security — NGFW, SWG, CASB, and ZTNA – enables enterprises to extend security policies everywhere will also being more effective and more efficient. (Just check out what our customers say if you want first-hand proof.)

But SASE alone can’t replace MPLS. Converging SD-WAN and security still doesn’t address the need for a predictable, efficient global backbone. And the public Internet is far too unpredictable, too inefficient to support the global enterprise. What’s needed is to converge SASE with a backbone NaaS – a global private backbone delivered on subscription basis.

Cato: The Global SASE Platform That Includes NaaS

The Cato SASE Cloud is the only SASE platform that operates across its own global private backbone, providing SASE and backbone NaaS in one. With the Cato SASE platform, enterprises not only converge security with SD-WAN, but they also get predictable, optimized global connectivity.

“Cato Networks operates its own security network as a service (NaaS) providing a range of

security services including SWG, FWaaS, VPN, and MDR from its own cloud-based network,” writes Futuriom in its “Cloud Secure Edge and SASE Trends Report.” (Click on the link to download the report for free)

The Cato private backbone is a global, geographically distributed, SLA-backed network of 65+ PoPs, interconnected by multiple tier-1 carriers. Each PoP run Cato’s cloud-native software stack that along with security convergence provides global routing optimization and WAN optimization for maximum end-to-end throughput.

Our software continuously monitors network services for latency, packet loss, and jitter to determine, in real-time, the best route for sending every network packet. In fact, according to independent testing, is the only backbone NaaS in the world to include WAN optimization and, as a result, increases iPerf throughput 10x-20x over what you’d expect to see with MPLS or Internet. The backbone is fully encrypted for maximum security and self-healing for maximum uptime.

The Cato Socket, Cato’s edge SD-WAN device, automatically connects to the nearest Cato PoP. All outbound site traffic is sent to the PoP. Policies then direct Internet traffic out to the Internet and the rest across the Cato backbone.

SASE and NaaS Better Together

Converging SASE and backbone NaaS together also offers unique advantages compared to keeping the two separate. Deployment becomes incredibly quick. Customers can often bring up new locations on Cato — complete with SD-WAN, routing policies, access policies, malware protection rules, and global backbone connections – in under two hours and without expert IT assistance.

Convergence also allows for deeper insights. Cato captures and stores the metadata of every traffic flow from every user across its global private backbone in a massive data lake. This incredible resource enables Cato engineers to do all sorts of “what if” analysis, which would otherwise be impossible. One practical example – the Cato Event screen, which displayed all connectivity, routing, security, system, and Socket management events on one queryable timeline for the past year. Suddenly it becomes very simple to see why users might be having a problem. Was it a last-mile issue? A permissions issue caused by a reconfigured firewall rule? Something else? Identifying root cause becomes much quicker and simpler when you have a single, holistic view of your infrastructure.

What is Network-as-a-Service and Why WAN Transformation Needs NaaS and SASE

Converging the backbone, SD-WAN, and security into one service enables all events to be presented in a single screen for easy troubleshooting.

WAN Transformation That Makes Sense

In short, converging NaaS and SASE together results in better WAN transformation, one that reduces cost, simplifies security, and improves performance all without compromising on the predictability and reliability enterprises expect from their networks.

Hard to believe? Yeah, we get that. It’s why we’ve been called the “Apple of networking.” But don’t take our word for it. Take us for test drive and see for yourself. We can usually get a POC set up in minutes and hours not days. But that shouldn’t be a surprise. We’re an “as a service” after all.