If you are a network professional, you know full well how enterprise networks are being transformed. Traditional network perimeters are rapidly expanding because of digital transformation, clouds, distributed and mobile users, and IoT devices. This is no small matter. Think “Big Bang” theory, where the universe expanded across the cosmos, and matter formed superclusters, galaxies, planets and stars, all separate, yet still bonded in space.
Well, okay, maybe that example is a bit too dramatic, but IT pros are coming to grips with the massive and significant changes and trends occurring in their industry. One such market trend is SASE, or Secure Access Edge Service. According to Gartner, SASE solutions are emerging offerings that combine WAN capabilities (e.g. path selection, QoS, routing, caching, latency mitigation, SaaS acceleration, etc.) with network security functions (e.g. NGFW, DLP, SWG, CASB, SDP, DNS protection, encrypt/decrypt, etc.), to support the needs of digital enterprises. SASE capabilities are delivered as a service based on the identity of the entity, real time context and security/compliance policies.
The market is speaking loudly, and technology vendors must respond accordingly, or they’ll become obsolete, like a dying star. Enterprises are demanding simplicity, scalability, ultra-flexibility, low latency and ubiquitous security. If vendors and their service provider partners are to deliver on this, they must build converged WAN edge and network security architectures.
Traditional networking technologies and network security are independent solutions, running adjacent to each other and acquired from different vendors. The SASE approach removes the complexity of keeping policies up-to-date across the converged functions, to maintain uniform policies across all networking and security functions.
The processes for deploying, managing and monitoring network traffic are being redefined. Traditional network and security models with CPE hardware are being replaced with dynamically linked services, and converged network and security – driven by a cloud as-a-service model.
With SASE, the services associated with the endpoint identities include people, edge computing locations, IoT devices and applications. The context and policy-driven controls that are applied to endpoint identities include risk, trust, role, location, time and device. This will ensure secure endpoint connectivity, associate the proper services and applications, and deliver the appropriate performance.
The convergence of networking and security is either going to be a difficult challenge or an incredible opportunity for technology vendors. The opportunity is for those who have architectures with flexible and cloud-native service models, with network and security fully embedded. The challenge for those without this foresight, lies in having to rearchitect their platforms to meet the market demand.
Next generation SD-WAN vendors that have built their platforms from the ground up, with a cloud-native service delivery model are in an enviable position. And time will show how vendors that rely on traditional on-premises technology fare in this rapidly changing environment. The big struggle for these vendors, as they rearchitect, will be maintaining their existing customer base, while developing a new cloud-centric service delivery model. Believe me, it’s no small undertaking. It involves transforming everything from product development, revenue models and sales channels, to developing new partnerships and the integration of global points-of-presence to provide services close to the entities.
A key competitive advantage for technology vendors, is to have pricing flexibility based on different consumption models, and an architecture that is flexible enough to support the market demands as SASE evolves. This means SD-WAN platforms need to support customers that rely on a branch-heavy model using managed universal CPE. While other customers may want a platform that supports thin-branches with a heavy-cloud service delivery model.
To meet this new secure connectivity paradigm, technology vendors must have network and security natively embedded within a flexible cloud-native platform. This will include application aware connectivity, with context and policies provided through a cloud-service delivery model – on demand.
Enterprise IT infrastructure has expanded the network perimeter from a centrally controlled private and locally managed; to external Internet connections, multi-clouds, distributed and mobile users and IoT devices that can be located anywhere in the world. This new open perimeter requires zero-trust, and security built into every part of the connectivity lifecycle.