SD-WAN & SASE Virtual Summit 2020
Iricent attended the virtual version of the annual SD-WAN Summit held over three days last week (Nov 24-26). This year’s event expanded on the key topics of previous years: – Branch Access, Multi-Cloud, Edge / IoT and Mobile (5G) with very significant attention to WFH and SASE. SASE even got incorporated into the new event title – “SD-WAN & SASE Virtual Summit 2020”.
In this blog we give our take on the key messages delivered in relation to what for us were the main themes at this years event: SD-WAN, SASE, Security / ZTNA, WFH and uCPE.
SD-WAN continues its success story, has passed the tipping point and the market is maturing with one major SP reporting that only 3% of organisations have no plans to implement SD-WAN. Another SP declared that:
- Today, the average SD-WAN project serves about 3 in 10 company sites
- In 2-3 years, SD-WAN will grow on average to serve more than 6 in 10 company sites
- It’s not just hype – business leaders are satisfied
SD-WAN is a critical technology in supporting the ambition of digital transformation and is seeing an acceleration of demand through the pandemic. Cloud connectivity and advanced security functions are key decision criteria with increasing diversity in product and solution choices. Main use cases / target markets are Multi-cloud, IoT / Mobile and increasingly Branch at Home. SD-WAN key benefits described variously as bringing network access quality, reliability, security, scalability, ensuring application performance / visibility, automated integration with Azure, AWS, etc.
Business everywhere requires security everywhere. As the network boundaries expand the security needs to be everywhere. Increasing numbers of remote users and SaaS applications need an evolved and heightened security approach. SASE (Secure Access Secure Edge) is the convergence of SD-WAN and network security services into a single cloud-delivered service model. SASE combines network security functions with WAN along with cloud delivery of advanced capabilities based on identity of the entity, real-time context, and compliance policies.
SASE is a cloud-based service which provides comprehensive protection. SASE is pulling more and more of the security implementation to the Cloud and for many applications the cloud is increasingly the Edge Cloud. The impact of COVID-19 in growing the remote workforce has heightened the demand for Cloud Edge security. Legacy WAN fails to deliver consistent security. IT teams have come to realize that deploying point products to address emerging connectivity, security, cloud, and mobility requirements is not sustainable. The resulting cost, complexity, and rigidity contrast with the needs of modern, digital businesses. There is a better solution, and that solution is SASE – essentially the combination of SD-WAN and Security. User experience and security across the entire digital attack surface is considered the most significant benefit of SASE
SMEs are adopting more and more cloud-applications and remote working. Nevertheless, legacy on-premises systems have to co-exist with new cloud-based applications, mobile employees and teleworking. SDWAN & SASE are part of the technological toolkit to address these demands minimizing security, data-protection and operational risks.
SASE and SD-WAN bring networking and security together in the cloud delivering secure connectivity with simplicity, scalability, and flexibility. SASE delivers end to end performance and security driving a shift from traditional box-heavy branch (NGFW, branch routers) to a thin branch (with SD-WAN) and heavy cloud model.
- Cloud delivered, managed SD-WAN service is the foundation of SASE
- Security is delivered on top of SD-WAN as a value-added service
Security and Zero Trust Network Access (ZTNA)
The flipside of ubiquitous Internet connectivity is the expansion of the attack surface. Hence it is imperative to control and secure the extended Edge. People need data from everywhere (web, cloud, private apps) while working from everywhere (HQ, branches, remote) –
- The edge is evolving with WFH, multi-cloud, IoT, …..
- IT Depts require new solutions to secure and control the network beyond the corporate perimeter
Secure access for business-critical data from anywhere and consistent user based policy enforcement whether the user is on-prem or working remotely is crucial.
These trends have brought about the development of the SASE architecture and a Zero Trust modus operandi resulting in Zero Trust Network Access (ZTNA). Work from anywhere with zero trust network access – protect users and distributed workloads at all levels.
SASE and ZTNA is enabling modern enterprises to do business more efficiently and safer.
Today’s Challenge: safe access to resources anywhere. People need data from everywhere – while working everywhere. ZTNA is replacing siloed stacks with converged cloud services that continuously validate users’ permission to access & use resources. The VPN implicit trust (anyone inside can access anything) model is not suited to modern enterprises.
Zero Trust means:
- Never trust anything — verify everything
- Continuously knowing and controlling who / what is accessing resources and using data
ZTNA provides the visibility and controls needed to secure, manage and monitor every device, user, app and system used by the organization, its employees and any third- parties that can access business data.
- Always-on security policy enforcement for everything inside, outside or remote
- Keeping threats out, data in
Remote Working / WFH
Covid-19 has hastened the blurring of the lines between the enterprise and consumer segments giving rise to what was described by one presenter as a demand for low cost SD-WAN for the Home. [Note: Iricent’s previous blog on the WFH topic (Working from Home with SD-WAN …. for less than the cost of a coffee a day) addressed this topic and we are pleased to report that vendors have amended their pricing policies to address this need]. The Future of Work is ‘Office Anywhere’ giving rise to a shift in focus from the HQ & Branch to protection of individuals and their devices irrespective of their location. There is a requirement to take control of the “Office Anywhere” by extending networking and security to employees anywhere.
Legacy VPN-centric approach to remote working deemed no longer effective in securing users and their organisation from cyber-attacks:
- VPNs offer privacy but little else
- VPN doesn’t scale
- IT Dept. visibility lacking
SD-WAN based WFH replicates IT access for the home office giving homeworkers the same working environment as office-based staff with multi-device support (laptop, tablet, mobile,) all with full network reachability. Seamless corporate security framework extended into the home-worker environment with full SD-WAN based application aware visibility, prioritisation and control. Broadband and optional 4G/5G can be used in active/standby or active/active to increase available bandwidth and resiliency. Small form factor SD-WAN appliances with Zero Touch Provisioning (ZTP) are simple to deploy by employees whilst isolating and securing employee traffic from household / personal traffic.
Universal CPE (uCPE) provide a single platform dedicated to virtualized network functions (VNFs) such as SD-WAN, NGFW, IPS, SBS, NAT, Wi-Fi, etc. deployed on standalone physical COTS appliances.
Benefits include lower complexity, space, energy consumption and cost due to deploying a single open architecture device rather than multiple single purpose proprietary devices.
uCPE, which had gone from the absolute “Peak of Inflated Expectations” of the Gartner Hype Cycle in 2019 to the very depths of the “Trough of Disillusionment” earlier this year, is again showing signs of life with many vendors and SPs at the SD-WAN & SASE summit highlighting its advantages. No doubt initial expectations around SASE and its thin branch heavy cloud model led to this decline in interest in uCPE. However, many latency-sensitive or bandwidth-hungry applications such as VR, AR, IoT, vRAN, CDN need local processing of data using gateways hosted in the uCPE edge cloud. Data privacy requirements also mean in some situations that sensitive data must be kept local and not pushed to the cloud.
Hence the renewed interest at the SD-WAN & SASE Summit 2020 with the market being declared by one major test house to be at tipping point towards uCPE. Several summit contributors presented uCPE optimised HW, Network Operating Systems (NOS), Management and Orchestration platforms as well as a range of VNFs.
In particular, combining uCPE, SD-WAN and security VNFs to deliver SASE services was highlighted.
As always, if you would like more information on SD-WAN, SASE or any of the topics mentioned above or would like to discuss specific requirements or plans, please feel free to contact us at: email@example.com or on Twitter @Iricent