blog

SD-WAN Providers Are Getting Sassy (or Is It SASE?)

Shutterstock

PlanetOne's Chris Werpy

Chris Werpy

If you work with networking and connectivity, by now you’ve witnessed countless appeals from various providers to consider the benefits of software-defined wide area networks. There’s no question SD-WAN improves network management, and any organization attempting to connect a bunch of distributed sites should consider it.

But beware of too much of a good thing. Some SD-WAN solutions are better than others, and some providers are making claims about security that bear close scrutiny. A year or so ago, Gartner coined an acronym for a new approach to network security. The acronym is SASE, and it’s pronounced “sassy,” which I’ve taken plenty of shots at in the past, but actually stands for secure access service edge. Hey, I respect Gartner’s great work, but as acronyms go, this one is begging for derision.

Let’s put that aside for a moment. What exactly is SASE? Basically, it combines the capabilities of software-defined networks with network security practices such as zero trust, managed firewalls, Secure Web Gateways and cloud-based security. SASE recognizes securing the perimeter is pretty much a thing of the past. If you’re truly going to protect the network environment, you must take into account that it now consists of hybrid, multicloud infrastructures providing users access from anywhere, anytime.

Choose Wisely

The main point I want to make about SASE, though, is you must take any claims by SD-WAN providers that they have a full SASE solution with a handful of salt — a grain just won’t do it. You know what happens in this industry. As soon as someone introduces a new technology, or service model, everybody rushes to claim they have it. Some say they have had it all along and some truly have. Others have simply shifted the marketing to reflect the new buzz.

Claims don’t always reflect reality. So, nice guy that I am, I will share a few pointers so you can figure out if an offering is truly founded in SASE principles or not. It should include the following attributes:

  • Cloud-native – True SASE-ness requires cloud-native architecture — and that, of course, means that the “thing” built to run in the cloud must be built in the cloud so that it can run in the cloud. This makes it scalable, dynamic and presumably compatible with hybrid cloud environments.
  • Integrated network security – Now, this is a beautiful thing, when it’s really there. As defined by Cisco, this occurs when “any security service can be applied at any point on an internal or extended network as a physical or virtual form factor. All security services and components can share and react to information in real time to fine-tune security controls, detect security events and remediate compromised systems.” Keep in mind, SD-WAN by design is inherently more secure than legacy solutions, but look under the covers to find just out how much.
  • Cloud-managed on-demand services – This one is pretty obvious: Any services you use, such as load balancing, traffic and setting security protocols, are available as needed through the cloud.
  • Centralized policy control – All the stuff in the item listed above, and more, is controlled from a central dashboard with full visibility into the environment, no matter how dispersed. This is truly a panacea for network administrators who have suffered through all the migraines and insomnia caused by managing unwieldy networks with poor visibility.
  • Local survivability – This is a key attribute in a distributed environment. If connectivity is lost temporarily, you want the ability to reroute local traffic so a branch can continue operating until normal service is restored.

So SASE is a good thing, no doubt. You just want to make sure the claims that providers make are supported by facts and can be implemented without excessive complexity. Don’t be fooled by pretenders.

As chief operating officer for PlanetOne, Chris Werpy takes ownership of the strategic direction, plan and performance of PlanetOne’s overall operations. He also contributes to the company’s competitive “work hard, play hard” culture, as well as the experience of PlanetOne’s rapidly expanding North America partner base and more than 250 providers. Werpy previously was part of the executive leadership team at Masergy Communications. He is a graduate of the University of Colorado, Leeds School of Business. You can follow him on LinkedIn or @PlanetOneComm or @Werpytowne on Twitter.


Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 143467