Click to open module...
We know we've said this before, but it bears repeating: Nothing is certain in telecommunications or the broader world of tech. Just a few years ago software-defined wide area networking (SD-WAN) went from nonexistent to the next big thing in what seemed like the blink of an eye. And now, some might say secure access service edge (SASE) is poised to make a similar leap.
That poses the question: Is SASE the logical successor to SD-WAN? The answer? "Not necessarily — or at least not yet." The technology is, in many ways, still a work in progress. But no matter what, if you haven't already transitioned to SD-WAN or have only just done so, you will need to factor SASE into your future planning.
SASE, SD-WAN and the Unwritten Future of Enterprise Telecom
Gartner first proposed the fundamentals of what we know as SASE in its June 2019 whitepaper "The Future of Network Security Is in the Cloud." The research firm declared that the need to balance security necessities (such as traffic inspection) with the "dynamic access requirements of digital business" could not be met with network architectures that relied upon data centers as central connectivity hubs.
In response, it devised SASE: a network solution that would combine the essential functions of SD-WAN with a comprehensive suite of security and performance-enhancing tools, rooted in the cloud rather than the data center. Unlike SD-WAN, SASE uses a distributed architecture and doesn't function as a network overlay; instead, as SDxCentral explained, endpoints (be they branch offices or individuals and their devices) connect to the service edge and its distributed points of presence (PoPs).
SASE also isn't nearly as reliant on the public internet as many modern SD-WAN solutions currently are. In some instances, it can circumvent the use of the public internet entirely (but it often relies on public clouds). This certainly bolsters its security profile, as do privacy tools including secure web gateways (SWGs), zero-touch network access (ZTNA; not to be confused with zero-touch provisioning), cloud access security brokers (CASBs), and either hardware-based or virtual next-generation firewalls (NGFWs).
Because the technology is so new, there are many material differences between the SASE platforms you'll find on the market from Cisco, VeloCloud, Palo Alto Networks, Fortinet, and numerous other vendors. But generally speaking, the attributes described above should be present in some combination or another. Moreover, the market is expanding steadily; it's all but inevitable that SASE will be as widespread in enterprise telecom as SD-WAN currently is in the not-too-distant future.
As the first word of the technology's full name indicates, SASE is most distinguished by the breadth and depth of its security features: The aforementioned NGFW, SWG, and ZTNA eliminate so many potential points of compromise in the network architecture, minimizing the attack surface so that while not nonexistent, it is near-infinitesimal. ZTNA is particularly notable even in this elite company because it restricts network access based on user, device and application identification, rather than on location and IP address. Additionally, access policies enforced at PoPs can be applied according to the needs of specific users — in other words, individuals can access exactly what's necessary for their duties, no more and no less.
SASE also achieves remarkable efficiency due to its ability to leverage multiple sources for its PoPs, including colocation facilities, private data centers, and the public cloud. (Some SASE deployments interchangeably use all three; others may lean more heavily on the cloud than physical facilities.) Also, not unlike the application steering functionality available with the best SD-WAN deployments, SASE helps optimally direct traffic for particular applications so that each app has the ideal performance and bandwidth, making for a seamless end-user experience.
From a pragmatic perspective, SASE is valuable because it helps lower costs: By consolidating two key services — network connectivity and security, along with all of their associated technologies — SASE means you spend less than you would if you bought an SD-WAN solution from one vendor and purchased standalone security tools from a number of third parties. This also means there's less hardware and software to separately contend with, which eases the burden on IT.
If there's anything that might temporarily impede more widespread SASE adoption among enterprise customers, it’s the "unfinished" nature of the technology.
As noted above, not all of the solutions that are being marketed as SASE fit the full definition of the technology. For example, these "almost-SASE" deployments may lack some of the integrated security features that Gartner established as essential attributes, for example, or they might not be as effective in terms of low-latency performance. (It's critical to pay close attention to detailed specs when comparing potential SASE suppliers.) In its own July 2020 Hype Cycle report, Gartner stated that mainstream adoption of SASE wouldn't come about for another three to five years — though it's possible the need for more reliable remote-work arrangements (regardless of location) brought on by the COVID-19 pandemic could galvanize vendors' efforts to create solutions that comprehensively meet the SASE criteria. Currently, Gartner expects 40% of enterprises to at least have SASE adoption strategies in place by 2024.
In truth, not everyone on your team may be ready to work with SASE. It's a brand-new technology, and best practices for its use haven't yet been codified by any industry-relevant, standards-setting organization. Also, SASE vendors that don't have considerable experience with cloud technologies will likely not provide solutions as effective as those that do. Furthermore, it may not be ideal for businesses that want as many access points for their networks as possible and don't want to be limited to PoPs at the edge.
The best bet for organizations right now is not to dive headfirst into SASE, but rather to remain aware of it, staying abreast of its developments and making room for it on their roadmaps. Though it's not perfect right now for certain businesses, it's quite likely that the few limitations SASE currently has will be smoothed over, as the technology is improved and IT gets used to its presence.
GTT connects people across organizations, around the world, and to every application in the cloud. Our clients benefit from an outstanding service experience built on our core values of simplicity, speed, and agility. GTT owns and operates a global Tier 1 internet network and provides a comprehensive suite of cloud networking services. We also offer a complementary portfolio of managed services, including managed SD-WAN from leading technology vendors.