Blueface’s “Business Communications Technology Insights Report 2018” predicted that by 2025 remote working will rival fixed office locations.1 If researchers could have predicted the events of 2020, they might have pegged the year at 2021. Remote work is here to stay, as much as it makes IT directors’ jobs a bit harder. Now that employees and employers alike have experienced the benefits of working remotely, it is up to IT departments to make it a permanent viable option.
One of the key technologies for remote employees and remote branch connectivity is secure access service edge (SASE). SASE provides many benefits for companies today, but there are a few challenges that need to be addressed to get there. Before delving into the business benefits of SASE, let’s review the evolution of the remote-access network from a traditional MPLS architecture to a more modern cloud-based network and look at what sparked the origins of SASE.
A shift to a distributed model
Even before “work from home” became a hot topic, businesses needed a secure way to connect remote branches reliably. Traditionally, companies used MPLS (multiprotocol label switching) to create a private network connection to remote branches. MPLS networks are reliable and secure, but the use of MPLS has two inherent flaws. First, the service provider (SP) manages MPLS links, not the business itself, making them difficult to manage. Businesses have to rely on the SP for infrastructure visibility and operations, and SPs often take a long time to set up a new MPLS link. The second issue is that the MPLS WAN architecture model is rigid, not scalable and expensive.
MPLS links allowed remote branches to access corporate data through a traditional three-tier model:
- Tier 1: User interface
- Tier 2: Application
- Tier 3: Data storage
Legacy applications would run in the data center and keep most of the traffic internal to the corporate network (about 80%). External users had to use a VPN to access applications. All network traffic going outside the organization had to go through a firewall, creating a potential bottleneck.
Recently, there has been a shift from the data center-centric model to the cloud. With cloud and app modernization (e.g. containers), companies can leverage a service-oriented architecture. With the move to the cloud, most of the traffic is now internet-based (greater than 80%) and consumption of SaaS is now extremely common.
Apps like Office365, Salesforce and Slack are the norm. These changes had several consequences on the way networks behave. Networking and security designs now need to consider applications’ workloads running in a multi-cloud environment. The user’s location is no longer confined to a few remote branch offices but can be anywhere. This shift makes securing data with traditional firewalls and VPNs impossible. A new way was needed to secure remote data traffic.
Connecting anywhere users to multi-cloud apps
Software-defined wide area networks (SD-WAN) created a better way to connect remote workers. With SD-WAN, branch offices can connect directly to the Internet rather than having to use a VPN to connect back to the corporate office. Customers can leverage existing MPLS links or use other technologies, such as LTE/5G and Internet broadband, to access services based in the cloud. By adopting SD-WAN, businesses manage the service connectivity themselves and do not need to rely on the service provider network. Furthermore, the deployment of a new branch is much faster with SD-WAN than with MPLS. Network administrators can manage, configure and monitor multiple links from a centralized management system on their own with no dependence on the SP. SD-WAN provides consistent quality service, integrated firewall policies, load balancing and local traffic shaping based on network conditions and security policies.
SD-WAN introduced numerous improvements for remote access, but it raised strategic networking and security challenges. IT security departments now need to figure out how to protect network traffic over any link, from any device, connecting from anywhere — cloud, data centers, SaaS — using a simplified service. Here are just a few networking and security deployment considerations security experts must now address:
- How to reduce traditional security hardware costs and maintenance
- How to reduce security operational costs, licenses costs and continuous hardware upgrades
- How to protect internet network traffic
- How to identify a need for a secure web gateway, firewall and IDS/IPS appliances for each branch
- How to determine if anywhere users and apps require distributed network and security services
- How to keep security consistent and centralized
To address these challenges, the networking industry evolved and created SASE, a new networking and security architecture.
SASE converges network and security services
SASE addresses many of the technical and security challenges SD-WAN introduced. Gartner coined the term SASE and defines it as “a security framework prescribing the conversions of security and network connectivity technologies into a single cloud-delivered platform to enable secure and fast cloud transformation.”2 SASE takes a combination of WAN edge services, such as SD-WAN, QoS and content delivery, along with edge security offerings, such as secure web gateway, ZTNA and encryption, to provide a secure, consistent user experience.
SASE addresses several business challenges with outcomes far superior to what can be achieved with legacy networking.
Transition to SASE
Network and security transformation is critical for digital transformation success. VMware has a comprehensive SASE solution to help customers in their digital transformation journey. VMware supports an anywhere workforce model that allows organizations to access applications anywhere, on any cloud, on any device. This can all be done while protecting users against emerging security threats and offering a superior user experience.
The VMware SASE solution delivers differentiated value to distributed enterprises by providing simplified WAN and SaaS operations, an efficient experience between remote users, the application and the cloud. VMware offers a global presence with cloud delivery over a cloud-native, scalable and secure platform for users’ applications and data.
For more information about SASE solutions, please visit the SASE VMware website and stay tuned for our follow-up SASE blog coming soon.