With SASE on the rise, is time up for SD-WAN?

It doesn’t seem that long ago that the big debate in the WAN industry was whether MPLS was dead, slayed by the arrival of SD-WAN, so can we really already be contemplating the demise of SD-WAN, itself slayed by the rise of SASE?   

Amazing as it might seem, that is a question we really must address.  The market is moving that quickly that a technology that was bleeding edge five years ago, and only really went mainstream for many organisations 2-3 years ago, is now a fading force. 

Let’s look into why, and what that means for your network over the next 3-5 years. 

Of course, the best place to start is understanding why SD-WAN arose in the first place, and then to look at the journey the technology has gone on over recent years.  As most readers will know, SD-WAN first started to penetrate the market as organisations started to move workloads from on-prem data centres into the cloud.  As more applications moved into the cloud, more traffic needed to traverse the internet to reach these applications, and the private, typically MPLS networks most organisations had deployed became ever less efficient at routing and delivering this traffic.  Furthermore, as cloud services proliferated, networks needed to become more agile to deal with ever greater and quicker levels of change, which was a further challenge for organisations’ MPLS networks. 

SD-WAN was the technology that organisations started to deploy to address these challenges.  By adding greater intelligence, visibility, and orchestration to the network, SD-WAN enabled organisations to make their networks far more agile, and enabled migration of the underlay from private MPLS to public internet which was crucial to making networks deliver traffic to the cloud more efficiently. 

Thus we can see that the rise of SD-WAN was really focused on delivering more intelligent routing and traffic management compared to the previous generation of primarily MPLS networks. 

However, SD-WAN didn’t stop there.  The big change we then saw in the market was SD-WAN expanding from its origins as a smarter routing technology, and the primary space into which SD-WAN grew was security.  During the days of MPLS, networks and security were two distinct domains with separate technologies from separate vendors managed, in most organisations, by separate teams.  However, the SD-WAN market quickly started to bring these two domains together, with vendors from the security domain such as Fortinet and Palo Alto, bringing SD-WAN solutions to the market. 

These solutions promised to combine network and security into a single appliance, with the aim of improving the overall solution as well as delivering cost savings.  This latter point was particularly important because, despite the early hype around SD-WAN, for many organisations the high cost of SD-WAN appliances and the associated software required significant investment and, in many cases, increased the cost of their networks.  Combining network and security together potentially meant that the cost of SD-WAN could be offset by reductions in security costs, helping to make the business case for SD-WAN more attractive. 

Ironically however, this move towards combining network and security into a single platform may be what has sown the seeds for the coming decline of SD-WAN.  If we look at how organisational demand for networks and security has changed, we need to start with what’s happened in the workplace since the Covid pandemic hit in 2020.  Until then, whilst many workloads had moved from on-prem data centres to the cloud, most users were still in offices.  That meant that replacing the legacy MPLS routers in those offices with SD-WAN appliances could deliver security and performance benefits.  Of course, once Covid hit, suddenly those users were no longer in their offices, and with hybrid working, we are now in an era where a significant percentage of users aren’t in their offices at any given time. 

This dispersal of users creates a problem for SD-WAN – if users aren’t sat behind an appliance, the SD-WAN isn’t necessarily providing benefits to those users, and certainly there is a risk of a differential experience for users in offices and at home.  This challenge has led to the rise of a newer technology – what is increasingly known as SSE (Secure Service Edge), but which is often also known as SASE, with the extra “A” standing for Access.  Whether SSE or SASE, the objective is the same – by elevating much of the intelligence from an appliance into the cloud, SSE aims to deliver a common experience to users wherever they are, thus addressing the issue with SD-WAN appliances. 

SSE aims to offer a number of benefits to organisations.  In addition to offering a common experience to users wherever they are, it also aims to offer a central orchestration capability for security policy across the organisation, delivering greater agility, as well as offering continuous security controls and visibility, not just at the perimeter. 

At TNC, we’ve been tracking the rise of SSE for some time now, and it is clear from the demand data we have been building that it is now becoming the dominant direction of travel for most organisations.  However, it’s important to understand that SSE isn’t a single product – it is a solution built up a number of components, including SD-WAN, Secure Web Gateway, Cloud Access Security Broker, Zero Trust Network Access, Remote Browser Isolation, Network Sandbox and DNS protection. 

Interestingly therefore, whilst SD-WAN is one of the key components of SSE, it as a more “dumbed down” solution than standalone SD-WAN.  In essence, SSE aims to elevate all of the security controls into the cloud, meaning the SD-WAN is no longer required to deliver those security controls.  Instead, the role of SD-WAN is to manage the routing of traffic – in essence returning to its role when it first entered the market. 

We began this article with a question – “with SASE on the rise, is time up for SD-WAN?”.  As we have seen, the answer to this question is that SSE is indeed on the rise, and time certainly seems to be up for SD-WAN as the single solution across both network and security.  However, we do also see that SD-WAN will continue to have a role to play as a component within a broader SSE solution.  So, no – time isn’t up for SD-WAN, but we certainly do expect its star to fade somewhat as it is dumbed down into broader, more functional network and security solutions over the coming years. 

How can TNC help?

Given the challenges set out above, the stakes are going to be very high for many organisations – not just the need to make the right decisions about technology, operating model, and service providers, but the need to make those decisions quickly, and potentially in a very visible, public setting. However, there is likely to be little choice – agile networks are increasingly a requirement for most organisations so getting it right must be the priority. To help leading UK and multinational organisations develop and execute industry-leading strategies for their new networks, TNC has developed a comprehensive tool kit to support you right through your journey, from developing the technology strategy and building the business case, to supporting your supplier selection process, assuring your solution deployment, and helping you optimise the solution throughout the lifecycle. If you would like to find out more about how we can help you, we would be delighted to talk to you and share our experience and knowledge.

TNC supports the sourcing of network and telecoms services for 20% of all major corporate organisations in the UK

Disclaimer
Other than matters relating to The Network Collective, this research is based on current public information that we consider reliable. Opinions expressed may change without notice and may differ from views set out in other documents created by The Network Collective. The above information is provided for informational purposes only and without any obligation, whether contractual or otherwise. No warranty or representation is made as to the correctness, completeness and accuracy of the information given or the assessments made. This research does not constitute a personal recommendation or take into account the particular investment objectives, financial situations, or needs of individual clients. Clients should consider whether any advice or recommendation in this research is suitable for their particular circumstances and, if appropriate, seek professional advice. No part of this material may be (i) copied, photocopied or duplicated in any form by any means or (ii) redistributed without the prior written consent of The Network Collective Limited © 2022