11 May 2022
How do SASE, SD-WAN and Zero Trust go hand-in-hand?
As the concept of the traditional network perimeter becomes obsolete, organisations must take a more holistic view – which requires rethinking their approach to the fundamentals of networking and security.
Secure Access Service Edge (SASE) takes security out to the edge, allowing organisations to grant users and devices secure access to data and applications from any location. With the COVID-19 pandemic scattering workforces to the wind, SASE lays the foundations for ‘Work from Anywhere’.
The triumvirate of SASE, SD-WAN and Zero Trust lays the foundation for organisations to meet the challenges that come from the need to decouple location from productivityKevin Bloch – Founder Bloch Advisory
From a networking perspective, building SASE on Software-Defined Wide Area Networking (SD-WAN) provides a more flexible and cost-effective alternative to traditional Multi-Protocol Label Switching (MPLS) networking. Rather than routing all traffic back through a central data centre and relying on VPNs for remote access, SD-WAN improves cloud application performance for distributed workforces by allowing SaaS applications to securely connect directly to the cloud.
From a security perspective, building SASE on Zero Trust Network Architecture takes an identity-driven approach. Also abiding to the Work from Anywhere ethos, Zero Trust focuses less on where people are and more on who they are and what they’re doing.
The combination of SASE, SD-WAN and Zero Trust ensures that organisations can easily extend beyond their office walls without the need to compromise on performance or security, says Kevin Bloch – former Cisco ANZ Chief Technology Officer and founder of corporate technology advisory firm Bloch Advisory.
“The triumvirate of SASE, SD-WAN and Zero Trust lays the foundation for organisations to meet the challenges that come from the need to decouple location from productivity,” Bloch told Orro’s recent ‘Serious SASE’ virtual fireside event.
“Rather than specific products, this is more of a philosophy when it comes to approaching networking and security – to ensure you offer an equitable experience to all, regardless of physical location.”
According to the Ponemon Institute’s global survey “The State of SD-WAN, SASE and Zero Trust Security Architectures”, 49 per cent of respondents say their organisations either have or will deploy SASE architectures. The figure is 57 per cent for Zero Trust and 45 per cent for SD-WAN.
There are three main ways in which organisations tackle this new holistic approach to networking and security, Bloch says.
Some organisations focus first on SASE and Zero Trust to provide secure remote access, before transforming their infrastructure with SD-WAN. One of the key drivers of SASE adoption is the move away from the limitations of relying on VPNs for secure external access. As a result, 60 per cent of enterprises are predicted to phase out the use of VPN in favour of Zero Trust Network Architecture by 2023, according to Gartner.
“Taking a holistic approach to SASE, SD-WAN and Zero Trust means taking a holistic approach to decision-making”Chris Bailiff – CTO, Cyber Services, Orro
Other organisations focus first on migrating their networking from MPLS and SD-WAN, before tackling SASE and Zero Trust. SD-WAN’s ability to use consumer or business-grade broadband services from multiple carriers, taking advantage of the NBN, makes it a much more cost-effective and resilient option than relying on dedicated MPLS links from the very largest carriers.
The third approach is to embrace SASE, SD-WAN and Zero Trust all at once.
The two most common use cases for SASE are providing secure access for remote workers and enhancing network performance, says Robert De Nicolo – Director of Cybersecurity at Cisco Systems, ANZ.
“If you’re trying to deliver an equitable experience, you actually need to consider the technology holistically,” De Nicolo says. “Always bring it back to the business problem you’re trying to solve.”
“Don’t just think about the technology, also think about people and process, because often they can be the deal breakers in terms of whether a deployment is successful or not.”
Regardless of which approach organisations take, they must keep their eye on the big picture, says Cris Bailiff – CTO of Cyber Services at Orro Group.
“You might tackle one aspect first, such as SD-WAN if you’re approaching the end of an MPLS contract,” Bailiff says. “Yet even if it’s a network-lead solution, don’t make any decisions until you’ve talked to your security people to develop a roadmap.”
“The same applies in reserve when it comes to talking to your networking people about security upgrades – taking a holistic approach to SASE, SD-WAN and Zero Trust means taking a holistic approach to decision-making.”