SD-WAN was a great (but imperfect) solution. Software Defined Wide Area Networks were a solid answer for the problems of remote workers and distributed locations – they offered cost effective solutions, scalability, and flexibility over other WAN solutions, like MLPS. But there's a new WAN architecture being talked about: SASE.
SD-WAN had one major issue, however, that needed to be addressed: security. Enter SASE, or Secure Access Service Edge (pronounced “sassy”), a term first introduced by Garnter in 2019. SASE architecture combines networking and security functionalities into one product — simplifying network and security management.
What is SASE? How is it different from SD-WAN?
Operating closer to endpoints and distributing traffic quicker, SASE is an emerging solution for cloud networking that combines network and security into one cloud platform, combining:
- Firewall as a Service (FWaaS)
- Secure Web Gateway (SWG)
- Cloud Access Security Broker (CASB)
- Zero Trust Network Access (ZTNA)
SASE breaks technology silos and simplifies IT complexity. It focuses on endpoints and end-user devices — unlike SD-WAN, which mostly connects branch offices to the data center. This focus and simplicity allows companies one single, centralized view of their entire network. A company with SASE can easily see users, devices and endpoints and allow for users to access applications and data in a cloud or mobile environment, all while applying their security policies.
SASE’s focus on the cloud (and thus connecting individual endpoints to the cloud) is a major point of differentiation from SD-WAN. SD-WAN can be adapted to connect to the cloud, but it’s not built with the cloud as its focus. With SASE, the software stack runs on a network of distributed points of presence (PoPs) all connected to the cloud with security integrated into the solution — another big difference between the two.
SD-WAN was not designed with a focus on security
SD-WAN security solutions often come from third-party vendors or secondary features, with security tools (usually) located at offices, on-premise. This means another major advantage of SASE, where security tools reside on a user’s device as a security agent, and in the cloud. Secure web gateways and FWaaS work together with SASE solutions to protect all devices and endpoints (even printers).
Because of this, SD-WAN can have higher network cost and complexity over SASE if enterprises need to go to different vendors to get different security and networking appliances.. That is not to say SD-WAN does not bring important benefits (like cost-savings, agility and cloud-friendliness), but that SASE can deliver all these benefits and more.
SASE provides a more holistic solution compared to SD-WAN solutions
SD-WAN is an important part of SASE, but SASE offers so much more. SASE connects and secures all your edges (sites, mobile users, cloud) while still delivering the cost savings, flexibility, scalability, connection and performance of MPLS. Edges can use any Internet access to send data to the nearest PoP, where the SASE network optimizes, secures, and directs the traffic to the correct place. Businesses do not need to add third-party security features, as SASE builds security into the underlying cloud-native architecture.
SASE addresses the needs of modern WAN networks and security requirements. And, because it simplifies management to one interface, opex and network complexity are lower than ever before — allowing your IT teams to focus on critical tasks, not infrastructure babysitting.