Registered users can unlock up to five pieces of premium content each month.
SASE vs SD-WAN: What's the Difference? |
NEWS |
The permeability of modern enterprise networks is old news. The cybersecurity industry has not been remiss in seizing the opportunity and adapting the myriad of traditional network security tools to web and cloud environments: web application firewalls, secure web gateways, cloud access security brokers, virtual private networks, etc. The natural declination has been software-centric security solutions and the emergence of the software-defined perimeter (SDP), which, simply put, is just a security boundary sitting at the application layer (and thus obfuscating the network layer), that can be placed around any asset, regardless of where it resides. SDPs, and other similar emerging architectures, such as Zero Trust Network Access (ZTNA), make-up the broader umbrella category of Secure Access Secure Edge (SASE).
Wide Access Networks (WAN) have gone through a similar transformation, with the Software-Defined WAN (SD-WAN) having come out the other end to counter the limited access that WANs had to cloud. Much as WAN worked well with traditional network firewalls, SD-WANs take advantage of SDP technologies, as well as traditional virtual private networks (VPNs) and newer ZTNA architectures. The synergies between SASE and SD-WANs are clear; in fact, SASE is the key to delivering complete and holistic SD-WAN solutions to enterprises. It’s cloud-native architecture can service any end point, and edges can use any internet-based access to send traffic through SASE points of presence.
Why is That Good for 5G? |
IMPACT |
SD-WAN has been hailed as the technology that will bring cohesion to 5G networks and their edge through automation, traffic optimization, heterogenous transport, application-driven routing, centralized management, and more. SASE adds to that with its ability to create granular and application-based security policies that can provide network and data security through encrypted communications, dynamic provisioning of connections, traffic access control, authentication requirements, and the reduction of attack surface by hiding network resources.
Importantly, SASE orchestration can help define and set the security Service Level Agreements that will likely come to determine enterprise usage of 5G networks. From IoT deployments in massive Machine-Type Communication (mMTC) applications to delivering hyperscale multi-access edge computing (MEC) platforms, SASE architecture can be molded and tailored for any number of enterprise use cases. Key to enterprises is the ability to retain oversight and management of security functionalities, which SASE can allow as a unified cloud security platform. The advantage is that in 5G it can be delivered as a service, which means much lower capital expenditure (CAPEX) for enterprises with an operating expenditure (OPEX) model enabling faster scaling and turnaround in response to emerging threats.
What's in it for CSPs? |
RECOMMENDATIONS |
For Communication Service Providers (CSPs), marrying SD-WAN and SASE is a no-brainer in 5G as its cloud-native architecture all but requires it. The value is clear from a revenue-generation perspective. Enterprises will migrate towards 5G and the myriad opportunities it provides for connectivity and device management. But to truly capture such a diverse market requires the offer of enterprise-grade security as well. This is especially important for industries that are heavily regulated and for those that are top attack targets for threat actors. The offer of flexible security solutions, which are close enough in nature to what enterprises are used to traditionally, will be key to winning new business for CSPs. Cybersecurity is a complex enough industry and the skills-shortage gap ever-growing. If enterprises need to learn new skills or obtain vastly different security solutions to what they are used to, that will be a significant obstacle for CSPs. SASE is perhaps still nascent, but it regroups technologies that are tried, tested, and known by enterprises, and marries them to the new ideals of zero-trust that have been the battle cry of cybersecurity professionals for decades. SD-WAN and SASE are the natural evolution of how digital trusted foundations should be built, and 5G presents the perfect stage to bind them.