Insight Article: Untangling the Relationship between SASE and SD-WAN
In one of our recent articles “MPLS vs. SD-WAN vs. SASE” we talked about a technology revolution in the enterprise network market, and concluded that we expect more of our customers to begin their transitions into Phase 3 (SD-WAN) and/or Phase 4 (SASE) over the next couple of years.
One of the questions we got asked about this article was “what is the relationship between SASE and SD-WAN, and is it something I need to consider when developing my future network strategy?”
Indeed, this is an interesting question to which the answer is multifaceted and, in some cases, difficult to interpret and understand.
Therefore, the focus of this Insight article is to analyse the standalone and converged use cases for SASE and SD-WAN to help understand the opportunities, dependencies, integrations, and challenges associated with these two networking concepts.
However, before delving into the use cases, let’s look at the basic definition of SD-WAN and SASE:
SD-WAN is an acronym for software-defined networking (SDN) in a wide area network (WAN). The objective of SD-WAN is to simplify the management and operation of a WAN by decoupling the networking hardware from its control mechanism. This concept is similar to how software-defined networking (SDN) implements virtualisation technology to improve management and operation. A key application of SD-WAN is to allow companies to build higher-performance WANs using commercially available Internet access, enabling businesses to partially or wholly replace private WAN connection technologies such as MPLS
Secure Access Service Edge (SASE) aims to simplify wide-area networking (WAN) and security by delivering both as a cloud service directly to the source of connection (user, device, branch office, IoT device, edge computing location) rather than the enterprise data centre. The intention is that security is based around identity, real-time context and enterprise security and compliance policies.
There is often a misconception that SD-WAN and SASE are networking products in their own right. For absolute clarity, they are both just networking concepts. Multiple components such as hardware, software, network access (wired/wireless), licencing, cloud services, and managed services wrappers are required to provide a SD-WAN or SASE environment.
So with the definitions clear, let us talk use cases.
SD-WAN use cases:
- Branch Connectivity – SD-WAN can optimise connectivity by enabling dynamic use of multiple network transports for specific types of traffic.
- Cloud Connectivity – SD-WAN can transport data directly from the branch to the cloud, providing the most direct route for cloud-based applications.
- Security – SD-WAN offers security capabilities such as application-based firewalls, intrusion prevention, URL filtering and other unified threat management capabilities, which allow organisations the opportunity to move to a decentralised security model.
- Visibility into Network and Application-level Traffic – SD-WAN provides a bird’s-eye view of the network, so issues should be more easily identified in the network to enable quicker steps taken toward resolution. This visibility may also help manage capacity and application prioritisation to improve end user experience.
- Application Control and SLAs for Quality of Service – SD-WAN enables the definition of service-level agreements for given applications to ensure they take the path across the network that will best meet those SLAs, routing some traffic over private circuits and other traffic on more affordable broadband internet circuits to ease congestion, improve application performance and potentially reduce networking costs, ultimately resulting in improved user experience.
- Centralised Management – SD-WAN solutions shift the network’s control plane from individual branch and data centre routers to a central tool, enabling administrators to see across the network and manage it simply by centrally pushing out policies to branches.
SASE use cases:
- Simplified policy management with consistent enforcement – SASE security policy enforcement is applied in the cloud. This requires a software-based, hardware-neutral architecture deployed across multiple points of presence (POPs) with policy enforcement close to the point of consumption.
- Consistent experience for all access types – SASE offerings aim to provide policy-based access to the internet, SaaS apps and enterprise private apps (on-premises or in IaaS) all at the same time. SASE consolidates previously disparate network and security access policy enforcement points — i.e., SWG, CASB, SD-WAN and ZTNA — into a single-vendor, cloud-based offering.
- Zero trust security posture – SASE offerings aim to replace the implicit trust in legacy networking models with explicit, continuously assessed adaptive risk and trust levels based on identity and context for all connections — remote, on campus, in a branch or in the headquarters.
- Modular network as a service architecture – SASE offerings plan to be built using an elastically scalable, multitenant microservices-based architecture to deliver a high performance and resilient service that can adapt to customer demand dynamically.
As standalone use cases, the benefits each of these network concepts deliver is pretty clear. However, new IT architectures like cloud computing, zero trust, and work-from-anywhere initiatives, are beginning to demand a more converged approach to the use of SD-WAN and SASE. Here lies the problem, because although SD-WAN and SASE can and will co-exist, the vendor strategy, interoperability, security control boundary design, and management of such a converged environment is inherently complex.
Let’s look at some of the challenges.
- Not all SD-WAN vendors offer a native SASE product.
- Not every vendor claiming to offer a SASE product currently delivers all the required and recommended SASE capabilities.
- Multi-vendor designs can have some limitations.
- Organisations have existing investments in hardware that are not fully amortised and in software contracts with time remaining.
- Hardware refresh cycles at branch offices average five to seven years.
- Organisational silos can complicate SASE adoption.
Despite some of these challenges being fairly sizable, with the speed at which technology vendors, service providers, and customers are adapting to new market conditions, it is likely that more organisations will find ways to introduce SASE and SD-WAN into the network architecture.
What does this mean for my network strategy?
Organisations are unlikely to flick a switch and adopt a converged SD-WAN SASE architecture overnight. Most enterprise adoption will occur over several years, prioritising areas of greatest opportunity in terms of cost savings, eliminating complexity, converging vendors, and driving risk reduction through adoption of a zero-trust security posture.
Defining the optimum mix of SD-WAN and SASE capabilities should be the core focus of your strategic network development process. Key consideration needs to be given to centralised and decentralised network security controls, single or multi-vendor sourcing approach, existing commitments on legacy network infrastructure and the target operating model required to make a converged network and security operation function effectively.
How can TNC help?
Achieving the optimised end state for networks for most organisations has become considerably more complex, challenging, and risky. With networks touching almost every part of the organisation, increasingly part of the go-to-market strategy and reflecting the radical pace of change in the industry, it is easy to see why changing networks can no longer be considered a “migration” – these days it’s a “transformation”.
Achieving a successful transformation requires you to tackle a much broader range of elements, and to nail them all. Of course, it is not easy, but what is key is that you take the time to tackle all these elements completely, and ensure you have the skills and resources in place to do so.
To help customers with the strategic planning and preparation for their network transformation, TNC has developed a strategy development and transformation framework to assist customers at each step of the process from baselining current services, business case creation, statement of requirement development, option analysis, and sourcing strategy.
If you would like to find out more about how we can help you on your network transformation journey, we would be delighted to talk to you and share our experience and knowledge.
TNC holds over 4.3m active market data points covering WAN, data networks, fixed voice and mobility
This research does not constitute a personal recommendation or take into account the particular investment objectives, financial situations, or needs of individual clients. Clients should consider whether any advice or recommendation in this research is suitable for their particular circumstances and, if appropriate, seek professional advice.
No part of this material may be (i) copied, photocopied or duplicated in any form by any means or (ii) redistributed without the prior written consent of The Network Collective Limited © 2022
About how TNC can help you transform your network and telecoms solutions
Call us, email us or fill in the form to talk to one of our experts. TNC is the leading network and telecoms consultancy, we are here to answer your questions and share our unique industry insights.
Insight, blogs and white papers
Podcast: How To Manage Network Transformation And Optimise Your Business Case
Joining TNC’s podcast host, CEO John Waterhouse, to share her expertise is TNC’s Head of Managed Services, Clare Tyndall.
Insight Article: What Does AI Mean for Your Network?
2024 is going to be the year when AI goes mainstream. We all know this because of the hundreds