The emerging Secure Access Service Edge solution (or SASE) has been called “the future of network security in the cloud” by Gartner. By deploying connectivity and security solutions in the cloud, SASE allows organizations to extend firewalls, secure gateways, and zero-trust access—essentially all cybersecurity fundamentals—to any employee seeking remote access to critical resources, regardless of their location or the device they are using. It has rightly been praised for its simplicity, scalability, and ubiquitous protection.
SASE may seem like the perfect solution, especially for organizations struggling to provide connectivity and security to the furthest reaches of their distributed networks, which is usually their remote workers operating from home offices. However, SASE is not a cure-all. While cloud-based security is certainly a powerful solution, the reality for most organizations is that not all of their networking happens in the cloud. Data centers, company headquarters, traditional branches, and remote offices all still exist, which means that applying solutions as if everything is in the cloud will quite likely be chaotic, including creating substantial security gaps just waiting to be exploited.
For SASE to be effectively deployed, other elements must also be in place—ones that that enable SASE functionality to be extended into physical networks. The most notable of these solutions is SD-WAN—software-defined wide area network. SD-WAN can be leveraged by SASE to manage, control, and monitor connectivity between data centers, branches, and edges. For SASE to do what it needs to do in a hybrid network, it needs an SD-WAN solution sitting as close to users to provide efficient networking and effective security.
Fortinet’s Nirav Shah, explains some of the challenges of relying exclusively on a SASE solution, and explains how SD-WAN is necessary for building the foundation for a more secure, flexible, convertible network ecosystem.
First of all, it’s important for us to understand the core definition of SASE—secure access service edge. It’s all about the convergence of networking and security.
If you think about what happened during COVID-19, and now post-pandemic, it’s about users working from anywhere and enabling anytime access from any device. And in this case, SASE as a framework makes sense as we talk about cloud-delivered security.
One of the core components of SASE, along with cloud-delivered security, is SD-WAN. At the end of the day, SASE’s outcome for the large or mid-market enterprise is to provide consistent security and the best quality of experience. While cloud-delivered security provides that security to users working from anywhere, SD-WAN actually enables that quality of experience. SASE would be incomplete if it doesn’t have SD-WAN as part of the framework.
It’s important to remember that when you look to implement a SASE framework, you should look for a solution that converges security and networking — not just stitching them together, but having a unified policy so it’s easier for them to transform.
As I touched upon, the hybrid workforce today is basically about working from anywhere. One of the big requirements that users have is getting the best quality of experience, regardless of where they work from.
To achieve this, you need to have SD-WAN sitting next to users. Why? Because the first thing users want is access to their SaaS cloud business applications, and it’s about finding the most optimized path.
That’s where SD-WAN plays a big role. Yes, security inspection is required. But before you even send the traffic out, you need to make sure that users utilize a thin or light-weight edge SD-WAN appliance to identify their application, prioritize that application, and then steer [the traffic] to the most optimized path. This is what we call the self-healing experience for users using SD-WAN.
The bottom line is that providing SD-WAN connectivity to SASE is step number one. It’s a must for users to enable that self-healing experience. Step number two is when the traffic goes out, cloud-delivered security provides that inspection before they access the SaaS applications.
Security must be a foundational, fundamental function of any SASE solution. Like SD-WAN, it must support a security-driven networking strategy, where security and network connectivity function as a unified solution. And you need to be sure that the SASE vendor you choose is able to provide a full range of solutions, where every element operates as a best-in-class enterprise-grade solution. Things like third-party testing and validation and a history of delivering world-class security solutions are ways to determine if a SASE and SD-WAN vendor is right for your organization. And just as importantly, each element of a SASE solution need to interoperate as part of a seamlessly integrated security strategy, both as part of a unified SASE solution and as part of a single, holistic security fabric designed to span the entire distributed network.
To read the extended interview with Nirav Shah, please see “SASE Isn’t Killing SD-WAN — It’s Helping it Stay Alive” that was published on SDxCentral.
Take a security-driven networking approach to improve user experience and simplify operations at the WAN edge with Fortinet Secure SD-WAN.