/ Digital Workspaces Guide / Chapter 7: SD-WAN & SASE

SD-WAN solutions and secure access service edge

Businesses utilizing cloud-based applications—including software-as-a-service (SaaS), infrastructure-as-a-service (IaaS), and platforms-as-a-service (PaaS)—need a secure, always-on virtual workspace for internal and remote employees, partners, contractors, and vendors.

Unfortunately, traditional wide-area networks (WANs) using conventional routers and multiprotocol label switching (MPLS) were not optimized for the cloud, as they commonly require backhauling all network traffic from branch offices to a centralized hub or servers in a corporate data center to maintain security inspections. This time-consuming process hinders cloud application accessibility and introduces latency during network congestion—meaning employees could experience lowered productivity levels when working in the cloud.

To help streamline cloud app performance, network traffic, and information security, there are two modern WAN solutions for your cloud-centric enterprise: A software-defined wide-area network (SD-WAN) combined with secure access service edge (SASE).

What are software-defined WAN solutions?

A software-defined wide-area network (SD-WAN) is a scalable, virtual WAN infrastructure that uses a centralized control function to securely and efficiently direct traffic across a WAN. Using any combination of network transport types—including MLPS, broadband, internet, cellular, and satellite—SD-WAN solutions securely connect users to applications hosted in on-site data hubs or cloud services via software, rather than routers or other hardware.

Through network virtualization, SD-WAN creates virtual network overlays on commercially available internet connections. This securely connects corporate headquarters, branch offices, mobile employees, and data centers across the WAN. Within each overlay, you can set custom network policies and security rules for application-aware routing to follow in real time. Designated employees can then receive different levels of application quality of service (QoS) through these set security policies.

The benefits of SD-WAN solutions

If your business utilizes cloud-based applications and has multiple locations, branch offices, or employees at remote sites, an SD-WAN solution can help you manage network bandwidth by transmitting data over the strongest available connection.

SD-WAN can also help lower MLPS operational costs, free-up your information technology (IT) department with zero-touch provisioning (ZTP), and provide a streamlined on-ramp to the cloud. This provides your employees or external teams with quick access to cloud-based applications no matter where they are located or how much traffic is on the network.

SD-WAN does not diminish network security of information privacy, either. Robust SD-WANs include built-in security options like:

  • Next-generation firewalls
  • Anti-malware protection
  • Secure sockets layer (SSL) inspection
  • Intrusion detection or prevention systems (IDS/IPS)
  • Secure web gateway (SWG) vendor integration

How to incorporate SD-WAN into your business

Incorporating SD-WAN into your business does not take dismantling your current network infrastructure. You can overlay SD-WAN solutions onto your existing public internet links, as well as fully utilize all your current WAN links (including failover links) simultaneously.

Additionally, you can combine SD-WAN with your existing MLPS to establish a hybrid network.

What is a secure access service edge?

Secure access service edge (SASE) is a network framework that combines cloud-native security functions—such as secure web gateways (SWGs), cloud access security brokers (CASBs), firewalls (FWaaS), and zero-trust network access (ZTNA)—into a SD-WAN. SASE (pronounced sassy) focuses on connecting individual user endpoints to the service edge. This is where the SASE software stack operates, and it consists of a network of distributed points of presence (PoPs) near end-users. ‘

Simply put, SASE is a complete, single-pass security stack that integrates into SD-WAN to provide comprehensive, cloud-delivered security solutions. This includes security for every branch or remote user without the complications or costs associated data center-driven security.

The benefits of SASE network security

Combining multiple network security features into one integrated cloud service, SASE can reduce security complexities and costs for your enterprise. Key benefits of incorporating a flexible SASE architecture into your SD-WAN include:

Fewer vendors and less hardware

With comprehensive network security features included with SASE solutions, your enterprise can deal with fewer third-party vendors. Additionally, your branch offices or other remote locations will not require as much hardware.

Network-wide policies

Your IT team can establish network-wide policies through cloud-based management platforms, and those policies will be enforced at PoPs near end-users.

Uniform end-user experiences

End users experience the same network access no matter what resources or applications are needed or where they are located. The authentication process is also simplified with SASE, as it applies designated policies to whatever resources an end-user needs based on their initial sign-on.

Mobile end-user threat protection

Traditional security measures like VPNs feature inherent risks, especially if your business has remote employees or external partners, contractors, or vendors accessing your WAN. Rather than risking insider threats or stolen VPN credentials, SASE can provide secure access for multiple types of mobile end users.

Cloud-native security support

SASE provides cloud-native security support, including ZTNA. This means you can provide secure remote access to your cloud-based applications based on users and devices rather than IP addresses and physical locations.

In addition, SASE incorporates SWGs to filter unwanted software or malware from user-generated web searches, CASBs to enforce security policies between user and cloud service providers, and FWaaS to provide next-generation firewall (NGFW) capabilities.

No matter where users or employees are located, you can enforce these security policies equally across your WAN. Also, if new cybersecurity threats are recognized, your SASE service provider will address the threat without requiring your enterprise to fund additional hardware.

Implementing SASE to keep your enterprise secure

With SASE implemented into your SD-WAN solution, you can combine networking and cloud-delivered security into a highly efficient, single-pass architecture with centralized management capabilities. Not only does this reduce infrastructure costs for your enterprise, but it also improves network security and performance for mobile users accessing your network.

What’s the difference between an SD-WAN solution and SASE?

To recap, an SD-WAN solution is a virtual WAN infrastructure that directs traffic through a network using the strongest available connection. Through virtual network overlays, an SD-WAN securely connects corporate headquarters, branch offices, mobile employees, and data centers across a WAN while implementing unique network policies and security rules across each connection.

Incorporated into an SD-WAN, SASE is an all-in-one cloud-based security solution that provides comprehensive policy control and visibility across a network. SASE enables high-performance, reliable, and secure access to cloud-based applications for mobile workers, as well as reduces hardware costs and improves an IT department’s agility.

Secure your cloud-based enterprise with SD-WAN technology and SASE security

As employees become more mobile and businesses turn towards cloud-based applications, traditional network infrastructures will not be able to keep up with increased traffic demands and security policy enforcement. Fortunately, with software-driven wide-area networks combined with secure access service edge, enterprises can easily manage specific traffic requirements, avoid latency, reduce hardware costs, and ensure cloud-delivered security solutions are incorporated throughout the entire network.

FAQs

What is SD-WAN?

SD-WAN is a scalable, virtual WAN infrastructure that uses a centralized control function to securely and efficiently direct traffic across a WAN. Using any combination of network transport types—including MLPS, broadband, internet, cellular, and satellite—SD-WAN solutions securely connect users to applications hosted in on-site data hubs or cloud services via software rather than routers or other hardware.              

What does SD-WAN stand for?   

SD-WAN stands for software-defined wide-area network.                                                       

How does SD-WAN work?   

SD-WAN works by creating virtual network overlays on commercially available internet connections. This securely connects corporate headquarters, branch offices, mobile employees, and data centers across the WAN. Within each overlay, you can set custom network policies and security rules for application-aware routing to follow in real time. Designated employees can then receive different levels of application quality of service (QoS) through these set security policies.