September 12, 2022
SASE transforms traditional security and networking models. Wisely.
The networking models that got you to where you are today struggle to get you where you need to be tomorrow. Disruptions from digital transformation, cloud adoption, and remote workforces continue to change the way businesses work. Traditional networking models (like data center centric ones) create more problems than they solve. Let’s take a look at how new models, like SASE, are obsoleting networking models used for decades.
But, first, it’s important to understand the many trends that led to these transformations.
- Applications, applications, applications. SaaS and web apps are more important than ever to run your business. No longer just hosted in the data center, apps need to run on-prem, or cloud, or on the edge. And IT teams need the ability to control and run apps with appropriate functionalities in differing environments.
- Work is done everywhere now. With remote and hybrid workforces here to stay, employees are no longer just completing work in headquarters or branch offices. They need access to business critical apps from the network edge from remote work sites and home offices — putting pressure on (and adding risk to) traditional networks.
- Network security is a top concern. Detecting and preventing attacks to your network is harder than ever. The traditional security perimeter, faced with apps and users everywhere, is no longer able to prevent the sophisticated cyber attacks hackers are using.
Traditional Network Models can’t keep up with today’s trends
Most traditional network models are data center centric. With internet usage skyrocketing and the need for more and more SaaS applications, backhauling all traffic to the data center creates a logjam of traffic. Plus, it creates a lot of challenges for your IT teams to manage and waste resources on, like:
- User experience: All traffic routed through the data center creates a bottleneck, resulting in higher latency times when accessing business critical data
- Operational headaches: IT teams quickly become overwhelmed managing rapid usage, dependencies on VPNs, and the siloed technology products needed to keep the entire network secured.
- Scalability: The ability to scale and adapt the network to new architectures — like transitioning to cloud — becomes extremely complex and time-intensive to complete.
- Security: To secure the entire network, multiple point products are needed, making it difficult for broad protection.
- Cost: The need to invest in more and more point products to keep the network secure increases the cost, making traditional networks unacceptably expensive.
The cloud and the SD-WAN evolution
Traditional models were hardware-based networks. Think “hub and spoke.” To deliver an application, users would connect to a data center (where the app resided) usually at the headquarters, behind the security stack. Acceptable in 2012, unwise now.
The introduction of the cloud created a major challenge to IT teams using the “hub and spoke”: how do you deploy an app outside of the data center AND keep it behind the security stack? Two methods emerged:
- Data center centric: Traffic would be routed through the data center/HQ to the cloud. Performance and latency issues were a major downside to this model, as traffic had to go from the user, to the data center, to the cloud, and then back to the data center before getting back to the user. A roundabout inefficiency.
- Mesh networking: Connect every branch to every cloud. This model is, of course, operationally difficult to manage for IT teams.
Enter SD-WAN, or software-defined wide area networks. SD-WAN solved for these two challenges — the performance issues of a data center centric model and the operation nightmare of managing mesh solutions. SD-WAN’s solution is to create an overlay to connect branches with applications — no matter where they are located. The overlay does all the connecting and automates the back end to provide optimal app experiences and performance.
SD-WAN is optimized for connecting branches to applications/the cloud. The biggest challenges with this are:
- Remote users: When users (or devices) are outside of the branch office, traffic must be, again, routed through the data center.
- Security: Proper security products and configurations are needed to prevent and protect against attacks.
SASE takes SD-WAN to the next levelSASE, or Secure Access Service Edge, combines network and cloud security services. It takes the network performance benefits of SD-WAN and adds security services on demand wherever they are needed (like other cloud services). Additionally, it meets the demands of today’s workforce working from anywhere — even outside of branch offices.
SASE provides points of presence (PoPs) to connect to SaaS applications or other cloud services. These PoPs apply the full suite of security functions whenever a user, device, or application connects from anywhere.
What makes the SASE model so special is that it was built from the ground up with one goal: bring simplicity and unity to networking and security technologies. Previously with traditional models and SD-WAN architecture, networking and security were delivered as point products living in data centers and managed separately. SASE changes all that.