Anurag Kahol, CTO and Co-founder of Bitglass, discusses how security teams can leverage SASE with SD-WAN to secure web traffic and defend cloud, web, and network ecosystems.
Meet the new cloud security supercouple: secure access service edge (SASE) and software-defined wide area network (SD-WAN). SD-WAN is designed to route network traffic to connect remote users from branch sites and SASE is focused on securing network traffic departing from any location and arriving at any end destination.Â
While they have divergent purposes, SASE and SD-WAN are both complementary in achieving a shared goal: ensuring that users around the world are safely connected. As SASE continues to become more widely adopted and developed, security teams that can tap into existing SD-WAN fabrics will be able to automatically direct branch traffic through a SASE offering for a complete, end-to-end solution.
SASE: The Next Frontier in Cloud Security
Gartner estimates that at least 40%Opens a new window of enterprises will have defined strategies to adopt SASE by 2024. With a SASE security model, networks have access to an end-to-end platform that easily fits into and secures cloud, web, and network ecosystems. Organizations can extend and configure policies to all enterprise resources from a single control point. This allows users to access pertinent data across all devices and locations without an on-premises firewall or VPN.
SASE architectures are also designed with cloud access security broker (CASB), secure web gateway (SWG) and zero-trust network access (ZTNA) functionality, giving admins a comprehensive, single-view infrastructure for added visibility and control. This drastically scales back costs for enterprises that would otherwise deploy many security vendor solutions and networking at scale, simplifies network operations and maintenance, and replaces disjointed point products. While SASE aims to supply a holistic security solution, a missing piece to harnessing its full capabilities lies in SD-WAN.
Learn More: 3 Reasons Why the Next Evolution of SD-WAN Will Be Tunnel-Free
SD-WAN: The New Way to Connect Global Workforce
SD-WAN is not designed with security top of mind, but it can be utilized to bolster remote defense systems. SD-WANs first arose a decade ago and enabled organizations to connect and remotely manage digital networks, and in 2020, the overall market was projected to grow by 17%Opens a new window .
A traditional wide area network (WAN) is a collection of local-area networks that connects devices from diverse locations to a single datacenter. This allows users within an enterprise to share resources and communications quickly and remotely. SD-WAN is an overlay that monitors the performance of WAN connections and uses a software-centric approach to determine the most appropriate path for data.
SD-WAN helps route traffic and connect remote offices to an organization’s headquarters or primary data center. It’s critical for users to have access to resources at the primary data center to facilitate remote operations and at scale on a global, interconnected fabric. SD-WAN is instrumental in making this happen by decoupling networking hardware from its control mechanism. And with 90% of organizations planning to continue increased levels of remote work in the future due to productivity benefits, SD-WAN is an even more important asset for enterprises.
Learn More: Simplifying Distributed Networks’ Security With SD-WAN, NaaS, and SASE
The Power of SASE and SD-WAN Working Together
The primary barrier to joining SASE and SD-WAN is that not every SASE can be integrated with every SD-WAN solution. Still, organizations are able to embrace SASE without ripping up their existing SD-WAN fabric.Â
By leveraging SASE with SD-WAN, SASE vendors are able to better monitor, regulate and safeguard the flow of traffic across the entire global network. Subsequently, weaving in CASB, SWG and ZTNA build a single-view for security that can more effectively mitigate data loss, unauthorized access, and malware attacks while increasing contextual access control and improving threat protection.
Using this approach to connect users to the main data center ensures consolidated ease of management and consistent, comprehensive protection not just in the main site, but also where enterprises are already routing traffic from branch sites via SD-WAN. As a result, security teams can implement a whole host of data and threat detection capabilities with increased network visibility and control.
While SASE is still a growing cloud security platform, it creates a simplified, sweeping solution that protects data and actively defends cloud, web, and network ecosystems against threats. Rolling up integral, premier security capabilities such as CASB, SWG, and ZTNA helps address common, top-of-mind security vulnerabilities.Â
If enterprise IT and security leaders are already routing traffic via SD-WAN, and want to use SASE, then they need their SASE to cooperate with SD-WAN and sit in the flow of traffic. Platforms that can work harmoniously with any SD-WAN are better able to tap SASE’s true potential.
Did you find this article helpful? Let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!