From SD-WAN to SASE: How the WAN Evolution is Progressing
Gartner’s introduction of a new network and security category known as Secure Access Service Edge or SASE (pronounced “sassy”) marked a turning point for the industry. Prior to Gartner’s “The Future of Network Security Is in the Cloud” SD-WAN was one of, if not the biggest industry buzzword in the 2010s, but SASE stole the spotlight when we kicked off this decade.
When first introduced to the topic of SASE, some may wonder if SASE is just a repackaging of SD-WAN. In simple terms: SD-WAN is a subset of SASE. SD-WAN appliances deliver important networking functionality while SASE goes further by converging SD-WAN with other network and security services to create a holistic WAN connectivity and security fabric.
Here, we’ll explore how the WAN evolution is progressing from SD-WAN to SASE and take a closer look at the relationship between the two.
SD-WAN: A step forward in WAN evolution
SD-WAN grew in popularity throughout the 2010s as a more agile and cloud-friendly approach to WAN connectivity. With workloads shifting to the cloud in large numbers, SD-WAN gave enterprises a more reliable alternative to Internet-based VPN and a more agile, more affordable alternative to MPLS for a number of use cases.
By abstracting away underlying network transport services (xDSL, MPLS, 4G LTE, etc.) and enabling a software-defined approach to the WAN, SD-WAN helped enterprises improve network performance as well as address challenges such as the high costs of MPLS bandwidth and the trombone-routing problem. Additionally, SD-WAN can deliver additional resilience and fault tolerance in the last-mile.
As a result of these benefits, enterprises have adopted SD-WAN at an impressive clip. Case in point: SD-WAN became the 3rd most popular primary use case in Cato’s 2019 Networking Survey and became the most popular in the 2020 survey.
What SD-WAN appliances alone can’t deliver
While the data shows that SD-WAN adoption is growing, there was another salient takeaway in the 2020 Networking Survey. It has become clear that SD-WAN alone can’t bring the complete WAN transformation modern digital enterprises need. Despite the cost and agility benefits of SD-WAN, enterprises that adopted SD-WAN appliances were consistently let down by their networks after digital-transformation.
Many of the drivers of dissatisfaction for users of SD-WAN appliances stem from the fact that modern networks are about more than just site-to-site connectivity and using public Internet bandwidth for cloud services.
SD-WAN appliances move enterprises closer to where they need to be, but simply aren’t designed to address all the networking and security challenges modern enterprises face. Specifically, SD-WAN appliances have these shortcomings:
- Lack of a global backbone. SD-WAN appliances sit atop the underlying network infrastructure. This means the need for a performant and reliable network backbone is left unaddressed by SD-WAN appliances alone.
- Lack of advanced security features. SD-WAN appliances help address many modern networking use cases, but don’t help with security requirements. As a result, enterprises often need to manage a patchwork of security and networking appliances from different vendors (Like CASBs) to meet their needs. This in turn leads to increased network cost and complexity as each appliance must be sourced, provisioned, and managed by in-house IT or an MSP.
- No support for the mobile workforce. By design, SD-WAN appliances are built for site-to-site connectivity. Securely connecting mobile users is left unaddressed by SD-WAN appliances.
SASE: The next leap forward
As we’ve seen, SD-WAN delivers some important benefits, but SD-WAN appliances alone are not a holistic solution. That’s where SASE comes in. SD-WAN is an important part of SASE, but it isn’t the only part.
The primary benefit of SASE is the creation of a single, global network that connects and secures all enterprises’ edges — sites, sd-mobile users, and cloud resources — without compromising on the cost savings, agility, or reach of the Internet or the predictability and performance of MPLS. Edges use any local Internet access to send their traffic to the nearest PoP of the SASE global network where traffic is optimized, secured, and sent to its destination.
Cost-savings, agility, and cloud-friendliness are key benefits of SD-WAN. SASE delivers those benefits as well as additional networking functionality. SASE also builds security into the underlying cloud-native architecture to eliminate the need for a patchwork of security appliances. Further, by providing an underlying private network backbone, SASE becomes the holistic solution enterprises have needed for years.
Key characteristics of SASE include:
- Cloud-native architecture. A multitenant cloud-native approach to WAN infrastructure enables SASE to service any edge endpoint, including the mobile workforce, without sacrificing performance or security. It also means the complexities of upgrades, patches, and maintenance are handled by the SASE vendor and abstracted away from the enterprise.
- Global network backbone. A private network backbone, such as Cato’s which consists of 70+ PoPs and offers a 99.999% uptime SLA, enables SASE to deliver reliability appliances alone cannot.
- Convergence of networking & security. SD-WAN is just one piece of the broader WAN networking and security puzzle. In addition to SD-WAN, SASE provides features such as NGFW, IPS, CASB, DLP and SWG. With the entire network and security infrastructure delivered as a single cloud-native platform, enterprises benefit from increased visibility, fewer silos, and enhanced security.
- Simplified management. By doing away with the need for multiple appliances and complex integration and providing a simple management interface, SASE makes managing the WAN simple. As a result, opex and network complexity go down and IT is free to focus on core business functionality instead of infrastructure maintenance.
Simply put: by converging network and security, SASE can provide enterprises with a holistic solution network that security appliances alone cannot.
SASE is the enterprise WAN standard of today
There will never be a single one-size-fits all solution for every enterprise security and networking use case. However, SASE is a truly transformational approach to the WAN. By combining SD-WAN and other networking functionality with advanced security features, SASE can legitimately address most WAN network and security requirements at scale, and this opinion isn’t just marketing hype. Industry experts agree. Because of the benefits SASE architecture can deliver, Gartner projects a minimum of 40% of enterprises will have specific plans to adopt SASE by 2024.
Cato purpose-built the world’s first true SASE platform and has been recognized as a leader in the space. If you’d like to learn more about what SASE can do for your enterprise, you can become a certified SASE expert. We also invite you contact us, sign up for a demo, or download our “The Network for the Digital Business Starts with the Secure Access Service Edge (SASE)” eBook.