Software Defined Wide Area Networks (SD-WAN) have been around for a number of years by now. The next generation of this technology is here. Secure Access Service Edge (SASE) also known as Zero Trust Edge is where SD-WAN benefits really come to life and enable your secure journey to the cloud. This is the first piece about this topic.
Modern applications demand a lot more from the network than in the past. It’s critical to have secure access to any application at any place. It should not matter if the application is locally hosted in a private datacenter, in a colocation facility, hosted in public cloud provider space (IaaS) or offered as a hosted application (SaaS). Secure access that’s what it is all about. The underlying (interregional) network that the SASE or SD-WAN solution builds its services on is of crucial importance for a good user experience. Creating and maintaining that underlay is GNX’ expertise.
Secure Access Service Edge (SASE) is a cloud-delivered service that combines network and security functions with WAN capabilities to support the dynamic, secure access needs of today’s hybrid organizations. Conceptually, SASE extends networking and security capabilities beyond where they’re typically available. This lets users, regardless of location, take advantage of firewall as a service (FWaaS), secure web gateway (SWG), zero-trust network access (ZTNA), and a medley of threat detection functions.
Why do we need SASE?
As users are positioned anywhere to do their work, the IT team has a much harder job in ensuring that the right levels of security are still applied to users while they are not sitting at office desks or are in company buildings. SASE ensures that a consistent security policy is enforced without having to backhaul traffic to chokepoints like VPN concentrators in data center locations or headquarters with limited bandwidth.
This also heavily improves latency as users get direct access to SaaS applications from a geographically closer location rather than that traffic must be tunnelled all the way to a corporate site for further distribution. While simultaneously keeping track of user thread activity by streaming analytics and threat intelligence back to a central orchestrator, just like you would be able to when traffic goes through your big firewall.
The key to a great user experience is that connectivity is fast and reliable, while at the same time it adheres to the security standards and policies we need to adhere to. The demand on the network keeps growing every year and enforcing the same security standards becomes harder. Here SASE plays a big part by offloading network traffic to a global backbone that enables the user to connect to a location geographically close to him or her without losing any functionality in connecting to resources they need.
- Reduced complexity
- Lower latency
- Consistent security policy
- Streamlined connectivity
For SASE to be successful, it’s absolutely key to have the best available connectivity in place that takes into account all the traffic patterns that are needed. If any of the directions traffic needs to flow to is not handled well, users will have a negative experience. The right underlay is the only way to provide SASE and SD-WAN while securing the absolute best user experience possible. Traditionally offices were connected through private (MPLS based) networks. SD-WAN technology enabled the use of the Internet as an underlay connection. Quality and reliability of an Internet connection is heavily impacted by how this is delivered.
Underlay is the critical success factor
As SASE enables you to distribute your users across the globe connecting from their endpoints or from offices around the world, there is a need for great connectivity between these locations. SD-WAN technology enables companies to use regular Internet connections for their WAN traffic by tunneling traffic securely over any broadband connection. However the importance of reliable connectivity is crucial, especially when using SASE.
Having the best SASE solution deployed, but without proper connectivity to the location of the SASE PoP, the user experience will only degrade rather than improve. Private connectivity is still around for a reason and that is primarily based on reliability of the connections. When migrating to Internet connections, especially when using broadband, the user experience can be heavily impacted as the links are shared and typically have no SLA on them.
So if you consider SASE, take your underlay into account!
GNX is here to assist. Our team of underlay experts is ready to help design your network to your needs. We will design your network using all available options and carefully manage your requirements using our experience and expertise of products of over 3500 carriers globally.