Handle with care

10 November 2021

Andrew Shilton, head of pre-Sales, MLL Telecom

Andrew Shilton, head of pre-Sales, MLL Telecom

SD‑WAN and SASE offer huge potential but don’t underestimate their complexity

Work from anywhere, cloud migration and digital transformation is creating a very different network landscape to manage. With this comes new thinking and ‘disruptor’ technologies. SD-WAN and SASE (Secure Access Service Edge) are prime examples. Both have huge potential. Both need to be handled with care. Arguably, they can be seen as complementary but are not mutually exclusive.

SD-WAN, of course, is not new. Vendor offerings have been available for at least 10 years. But it is only very recently that we have seen widespread adoption, despite the claims made by early-introducer vendors, such as replacing expensive MPLS circuits with Internet connections to save money. In fact, the replacement of MPLS hasn’t seen any real take-up for several reasons, security and service guarantees to name but two. As for cost savings by removing MPLS circuits, this just doesn’t happen with UK-centric networks. Here, the best approach is running SD-WAN as an overlay on top of MPLS.

SASE on the other hand, really is new. So new it is still emerging and therefore subject to rapid change. The name was coined by Gartner and is perhaps best described as the convergence of cloud-managed SD-WAN and cloud-delivered security. It’s evolved from a growing need to enable appropriate levels of network access to the right people at the right points in the network. According to Cisco, SASE offers an alternative to traditional data centre-oriented security by unifying networking and security services into a cloud-delivered service. This provides access and security from edge to edge — including the data centre, remote offices, roaming users, and beyond.

Whatever description you prefer to use, the theory is that SASE provides secure access to the cloud for users anywhere. It could therefore be particularly useful for organisations struggling to adapt and secure a hybrid workforce – with a growing remote workforce – by allowing a more scalable, centralised way of securing them. As a cloud-delivered solution, it also allows public and private sector organisations the flexibility to stop purchasing numerous point-products when securing different parts of their networks. Moreover, an operational cost service model can be considered.

All things considered SASE looks to have great potential for consolidating numerous networking and security functions into a single integrated cloud service. Enterprise organisations will not only benefit from reduced costs and complexity, but also by being able to apply a more consistent and centralised security policy, real-time application optimisation and more secure remote and mobile access. With more streamlined network access, security will be optimised along with network performance.

Buyer beware

Here's comes the catch. Today SASE offerings are still early in their maturity and aren’t always well architected for the UK market. Added to this, price-points are typically quite steep due to the relative immaturity of the market. Therefore, even though the concept makes total sense, the commercial market-offering isn’t necessarily ready for many customers.

The alternative to deploying a pure-play SASE service is to deploy the features and functionality through a WAN/connectivity solution as part of an end-to-end managed service. By choosing a network services provider with expertise in both networking and security, SASE’s features will help customers simplify daily management, offer better security protection, and improve network performance.

Turning to SDWAN, while there are undoubtedly several key benefits, these can’t all be realised without first having an in-depth knowledge of the technology itself as well as WANs in general. SD-WAN is not a plug and play solution - despite the claims of technology vendors over the years. On the other hand, running SD-WAN as an overlay on top of MPLS offers a much more compelling approach. So, there’s a similar case to SASE for handing the management of SD-WAN to a qualified service provider. Getting the configuration right – and right for your traffic and use-cases – becomes more critical than ever.

That’s why in the managed-network space we are seeing more organisations looking to the providers to run and operate SD-WAN networks while delegating access to provide customer-permitted changes. This offers the best of both worlds - customers can make their own changes quickly and easily, usually through a GUI, but know they have the safety net of the MSP to fall back on. Further, if SASE is being considered and integrated with the SD-WAN solution, the provider can advise and assess on local versus centralised breakout to the internet and the pros and cons of each. And ensure the security policy is included as part of this design process.

In these times of embracing new ways of working, having the flexibility of designing complex networks which scale easily and allow the right people to access the right data - securely and efficiently - makes the case for SD-WAN and SASE compelling. This said, both technologies come with a ‘buyer beware’ label. The prudent network manager will therefore look to their service provider for delivering viable solutions.