Everything You Need to Know About SASE: Merging SD-WAN and SSE
Combining SD-WAN with SSE and a network backbone creates the Secure Access Service Edge (SASE). Here is what you need to know about it.
Updated May 10, 2024.
The combination of SSE (Security Service Edge) principles and SD-WAN (Software-Defined Wide Area Network) into SASE (Secure Access Service Edge) has led to an important advancement in the ever-changing field of network security. This advancement is not just a technical upgrade, but also a strategic transformation aimed at meeting the dynamic needs of modern businesses.
The SASE architecture offers a more holistic approach to network connectivity and security. SASE aims to allow companies to simultaneously benefit from optimized network performance and enhanced security measures.
The Evolution of Network Security and Connectivity
Over the last few years, traditional networks like MPLS (Multiprotocol Label Switching) and VPNs (Virtual Private Networks) have struggled to cope with the demands the digital transformation increasing cloud adoption and mobile workforces. SD-WAN emerged as a response, offering more flexible, performance-optimized connectivity across dispersed locations. This has allowed businesses to enjoy network flexibility, optimized performance, and reduced costs.
The Introduction of SASE Into Network Security
Coined by Gartner in 2019, SASE is an architectural model that combines network connectivity with network security functions, delivering them in a single solution.
SASE integrates cutting-edge features of SD-WAN (like application-aware routing) with comprehensive security measures, such as Secure Web Gateways (SWG), Zero-Trust Network Access (ZTNA), later coined as SSE.
While cloud-delivered security was part of SASE from the day this architecture was presented, the term SSE was coined by Gartner only in 2021. At that time, the technologies comprising SSE were already offered by companies, in some cases, as a comprehensive and unified solution. Gartner basically gave a name to a technology that already existed adding clarify to what makes a cloud-delivered security offering an SEE.
The 3 Deployment Architectures of SASE Compared
1. Single Vendor
The single-vendor model for SASE simplifies the architecture by consolidating both network and security functions into a single integrated platform provided by one vendor.
Pros
- Simplicity
- Integrated management
Cons
- Vendor lock-in
- Low flexibility
- Cost considerations
- A combined forklift of networking & security
2. Dual Vendor (SD-WAN + SSE)
The multi-vendor model presents a strategic approach for organizations aiming to optimize network connectivity and security by combining SD-WAN and SSE solutions from different vendors. This model leverages the strengths of specialized vendors in both domains, leading to competitive pricing and excellent performance.
Pros
- Competitive pricing
- Excellent performance
- Combines strengths of multiple vendors simultaneously
Cons
- Managing 2 systems
- Requires IT to have a good understanding of the systems
3. A Hybrid SASE Architecture
The hybrid SASE model offers a relatively balanced approach for organizations, blending the best of both worlds. This model is designed to cater to the needs of various businesses and service providers, allowing for a seamless integration of network and security functions across both environments.
Pros
- Seamless integration of network and security
- Meets the needs of various businesses
- Routing policy controlled by IT
- Lower cost and better control over the cost structure by IT
- Optimized routing over the backbone or direct internet access
Cons
- Requires IT to have a good understanding of the systems and enterprise requirements
- Risk of non-uniformly applied security policies
» Learn more: IPsec vs. SD-WAN
What Is the Ideal Solution?
It's clear that the market has expressed the need for variety, indicating a move to more adaptable and customized solutions. This shift not only acknowledges the complexity of modern network environments, but also paves the way for more innovative, efficient, and secure network solutions that can meet the complexity of modern-day networks.
The truth is that, with SASE, there is no universal solution that fits all. Due to the diverse requirements of enterprises and service providers, companies need a flexible and tailored approach to implementing the right SASE model for them.