Software-Defined Wide Area Networks (SD-WAN) have been around for a number of years by now. The next generation of this technology is here. Secure Access Service Edge (SASE), also known as Zero Trust Edge, is where SD-WAN benefits really come to life, enabling your secure journey to the cloud.
Modern applications demand a lot more from the network than in the past. It’s critical to have secure access to any application at any place. It should not matter if the application is locally hosted in a private data center, in a colocation facility, hosted in public cloud provider space (IaaS), or offered as a hosted application (SaaS). Secure access – that’s what it is all about. The underlying (interregional) network that the SASE or SD-WAN solution builds its services on is, then, crucial for a good user experience.
SASE is a cloud-delivered service that combines network and security functions with WAN capabilities to support the dynamic, secure access needs of today’s hybrid organizations. Conceptually, SASE extends networking and security capabilities beyond where they’re typically available. This lets users, regardless of location, take advantage of firewall as a service (FWaaS), secure web gateway (SWG), zero-trust network access (ZTNA), and a medley of threat detection functions.
Why do we need SASE?
Today’s users can work from anywhere, which means that IT teams have a much harder job in ensuring that the right levels of security are still applied to users while they are not sitting at office desks or in company buildings. SASE ensures that a consistent security policy is enforced without having to backhaul traffic to chokepoints like VPN concentrators in data center locations or headquarters with limited bandwidth.
This also heavily improves latency as users get direct access to SaaS applications from a geographically closer location rather than traffic being tunneled all the way to a corporate site for further distribution. While simultaneously keeping track of user threat activity by streaming analytics and threat intelligence back to a central orchestrator. Just like you would be able to when traffic goes through your big firewall.
The key to a great user experience is fast and reliable connectivity while adhering to the company’s security standards and policies. Demand on the network keeps growing every year, and enforcing the same security standards becomes harder. Here, SASE plays a big part by offloading network traffic to a global backbone that enables users to connect to a location geographically close to them without losing any functionality in connecting to resources they need.
- Reduced complexity
- Lower latency
- Consistent security policy
- Streamlined connectivity
Mind the underlay
For SASE to be successful, it’s absolutely key to have the best available connectivity in place that takes into account all the needed traffic patterns. If any of the directions traffic needs to flow to is not handled well, users will have a negative experience. The right underlay is the only way to provide SASE and SD-WAN while securing the absolute best user experience possible. Traditionally, offices were connected through private (MPLS-based) networks. With SD-WAN, internet-based networks became the preferred underlay option; still, the quality and reliability of that Internet connection can heavily impact the effectiveness of the SD-WAN.
The underlay: a critical success factor
As SASE enables you to distribute your users across the globe, connecting from their endpoints or from offices around the world, there is a need for higher-performance connectivity between these locations.
Having the best SASE solution deployed without proper connectivity to the location of the SASE PoP, will only cause the user experience to degrade rather than improve. When migrating to Internet connections, especially when using broadband, it’s important to consider the technology, speeds, business and application requirements, diversity options, and availability of SLAs, among other criteria. Depending on your line of business, you may also need to explore whether to choose between private or public internet networks. Sourcing through these options, especially in a global network with thousands of ISPs to choose from, can be much of a headache, though. This is where GNX can help.
Learn more about our underlay solutions for SD-WAN & SASE
Our team of global internet experts is ready to help you design, source, and deploy your network for your SASE to thrive. As a carrier-neutral provider, we will design your network using all available options and carefully consider your requirements using our experience and network of over 3500 carriers worldwide. Reach out to learn more.