SD-WAN, or SASE: Focus on the Biggest Picture

SASE Secure Access Service Edge

All too often, when our team gets called into an engagement, we spend time helping our client anticipating their networking and security needs of tomorrow. Too often, the IT leaders are focussed on one thing when it comes to SD-WAN —  getting off of MPLS. The cost savings of replacing MPLS circuits with SD-WAN and Internet bandwidth have become so well-publicized that they often ignore other factors, such as evolving the company’s security architecture or planning for multi-cloud deployments

But here’s the thing with not thinking things through, they tend to come back to bite you. Moving from MPLS to SD-WAN while continuing with the same traditional, centralized security architecture can leave you with more headaches later. Not planning upfront for how your SD-WAN will connect your IaaS workloads and SaaS applications or deliver predictable global performance out of, say, India, ends up costing more later. You end up with unforeseen expenses later whether in the form of purchasing additional virtual SD-WAN appliances, the costs of building hub sites, or the need for new security and management tools.

SD-WAN Respondents Lose Confidence in Their Networks

That point was brought home recently by a study from Cato Networks. The study evaluated the confidence enterprise IT had in their WANs. Respondents were asked to rate their networks across four dimensions —  agility, security, management and operations, and performance. The average change in those ratings, the network confidence level, was compared before and after digital transformation.

Cato found that in most cases, enterprise respondents lose confidence in the networks after going through a digital transformation project. This was particularly true for those with MPLS networks and those mixing MPLS and Internet-based VPNs, which isn’t all that surprising. 

But that was even true for SD-WAN. While overall confidence in SD-WAN remained fairly high, nearly three quarters (74%) of SD-WAN respondents expressed having significantly less confidence in their networks after digital transformation. The biggest drop off came in the area of security. Again, not all that surprising as most SD-WAN solutions fail to restrict access to specific applications or provide the advanced security tools needed to protect against network-based threats, relying on third-party solutions instead. ​

The study was based on the answers from 1333 IT managers from around the globe. Qualified respondents were those who worked in IT and are involved in the purchase of telco services for enterprises with an SD-WAN or MPLS backbone (or a mix of MPLS and Internet VPN). The vast majority (80%) of the respondents say they were moderately or extremely involved in digital transformation

Respondents with SASE Were The Exception

The only exception to the study’s findings were those respondents whose networks are based on a secure access service edge (SASE) architectures. SASE architectures, as we spoke about here, are solutions combining networking and security for sites, mobile users, and the cloud. SASE uses SD-WAN to connect sites, mobile clients for mobile users, and integrated cloud access for SaaS and IaaS.

With SASE architectures, network confidence increased in general.  Of all four areas surveyed, SASE respondents expressed the least confidence prior to digital transformation in SASE’s management and operations, ranked lower than even SD-WAN. However, after digital transformation confidence in SASE management and operations was the highest of any of surveyed network architectures.

This upward shift, I suspect, has to do with the inclusion of security, cloud connectivity, global performance, and mobile-access in the base definition of SASE. As organizations start to encounter these sorts of challenges they find SASE products are already equipped to address those needs. 

My Take: Questions About the Survey Not About the Conclusion

I’m generally skeptical about vendor-driven research for obvious reasons and that’s true here as well. Cato bills itself as the first provider of a SASE platform. So, yes, what else would you expect them to say.  I’m also not close enough to the survey to validate their process and research methodology. 

At the same time, though, that doesn’t mean their conclusions are wrong. In fact, based on my experience, the conclusions make plenty of sense. 

Business is dynamic and anticipating the networking needs of tomorrow is challenging. What kind of IoT devices will inhabit your network in five years? What kind of security threats will you face? Failure to consider those eventualities today, leaves you exposed tomorrow. SASE, on paper at least, is designed to address one set of challenges —  there are others. 

Here at SASE Experts the exercises we walk through with our clients get them thinking about that “biggest” picture. By prioritizing those possibilities and mapping them onto the needed networking and security technologies, they’re ready for when tomorrow’s possibilities become today’s requirements. 

Want to see what I’m talking about? Contact us for a free, no-obligation consultation and I’ll be happy to show you what I mean.

Share this post