09 Dec Fierce Telecom Industry Voices: Who needs to SASE!
Every enterprise and business entity needs to Somehow Administer Security Everywhere! (SASE!). Meanwhile, the magic SASE (secure access service edge) notion promises to simplify this challenge through the integration of SD-WAN and a mixture of cloud-based security capabilities such as firewalls, zero trust network access and more. SASE does not tackle the repercussions of relying solely on security in the clouds.
Seriously, security for enterprise networks is a nonstop challenge, requirements vary considerably, solutions are multifaceted, and WAN connectivity choices really matter. Exacerbated by the Covid-19 pandemic, enterprise networks are besieged with security threats due to unexpected traffic shifts as a result of business disruptions.
Enterprises and large businesses are invested in multiple layers of network security in conjunction with ongoing IT and digital transformation initiatives. Security requirements vary considerably—driven by factors such as the number of networked sites, geographic network reach (for example, domestic, regional, global, etc.), scope of applications, and type of users (e.g., employees, customers, suppliers, etc.)—along with government directives and/or industry-specific regulatory mandates as applicable.
These factors drive decisions about the security capabilities required to achieve maximum protection, performance and reliability for networked applications end-to-end. One size does not fit all. Real world security implementations utilize a mix of premises-based appliances, edge security devices and virtual network functions (VNFs), as well as cloud-based services and other solutions. WAN connectivity choices for these deployments also matter a lot. For example, low latency and high throughput are critical when the application is real-time threat detection or secure live-streamed video.
Trending: Network security and SD-WAN
Here are several of the security and SD-WAN trends that we’re tracking now:
- Cybersecurity is highest priority for network operators worldwide. Strategic initiatives include accelerated use of AI and other advanced technologies, recruitment of more cybersecurity expertise, and the addition of more security operations centers (SOCs). All major service providers offer a deep portfolio of security capabilities plus expert resources that enable customized solutions to fit customer needs.
- Most of the market-leading carrier managed SD-WAN providers have two or more SD-WAN service options that are based on technology from different companies. Currently none of these service technologies are interoperable.
- For carrier managed SD-WANs, service providers typically offer baseline security like a stateful firewall. Additionally, most optionally offer their own advanced security capabilities, or solutions sourced from their SD-WAN technology providers or third-party vendors (for example, NGFW, ZTNA, etc.).
- For customers migrating to carrier managed SD-WAN, a key purchase consideration is whether or not to replace their existing network security solutions. Incumbent security vendors often have the edge in these decisions.
- Inherent security is a key reason why enterprises choose to retain their MPLS networks after purchasing SD-WAN services. One of the most widely installed carrier managed SD-WAN site configurations is an active MPLS connection (Ethernet access to VPN or TDM) plus an active DIA or broadband circuit. Customers overwhelmingly prefer Ethernet DIA connectivity backed by an SLA for these installations.
- The Covid-driven shift to work-from-home (WFH) has spurred the need for scaled-down, lower-cost SD-WAN and other VPN solutions. Hurdles to the rollout of these solutions include costs, management visibility to end sites, simplification of the site configuration – and who should pay for the connection.
- WFH SD-WAN solutions are also revealing security and privacy issues. Do you know how your business WFH solution is inspecting packets over the connection that’s shared in your home for entertainment, virtual learning, and other networked applications?
- For secure connectivity to data centers and public cloud services, gigabit Ethernet and wavelength circuits are the top solutions installed.
Reality strikes again
In reality, SASE fatigue and confusion will persist. The term is so sufficiently undefined that it is used for marketing many different products, services and platforms.
Vertical Systems Group’s definition for a Carrier Managed SD-WAN Service includes specific required components and functionality. Security is cited as the most essential additional capability for SD-WAN – i.e., required whether it is integral or external to the service.
This definition aligns with the MEF 70 global standard for MEF 3.0 SD-WAN services. Notably to date, ten companies have achieved MEF 3.0 SD-WAN certification, including leading service providers and technology suppliers. Current MEF projects include standardizing application security for SD-WAN services, as well as defining SASE services.
As security-first requirements intensify, managed SD-WAN purchase decisions will become more complex. In response to Vertical’s recent survey about the post-Covid outlook on SD-WAN, service providers anticipate that enterprises will accelerate their network transformations utilizing flexible software defined infrastructures that are more agile and secure. Until then, the reality is that it takes lots of experience and skilled resources to sell, deploy and manage networks with resilient application security end-to-end.
Industry Voices are opinion columns written by outside contributors—often industry experts or analysts—who are invited to the conversation by FierceTelecom staff. They do not represent the opinions of FierceTelecom.