What is SASE: Anatomy of a first-class, secure enterprise network
Last week was my second trip to Australia this year, and as someone who has always been lucky to work at the cutting-edge of global networking innovation, I’m always impressed to see the positive dynamic around the adoption of SASE Down Under. The fact that one in four of the ASX’s 50 largest companies use our solutions - along with a raft of government departments and smaller organisations - is a strong sign of the savviness in the market. But many organisations are also still exploring how they can optimise their network to deliver both the best connectivity and strong security and data protection to remote workers and devices, and I thought a focus on how networking has evolved in recent years would be relevant.
Australian workforces have never been so geographically distributed. Recent studies estimate that 40 to 50% of white-collar workers in Australia are now working in hybrid conditions, adding to a large cohort of non-office workers who increasingly use digital–and mostly cloud–applications to do their daily work, with notable mobile connectivity requirements.
We have entered a new era of borderless organisations, characterised by distributed users and devices, IoT ecosystems, multiple company locations, and cloud environments, all communicating with each other and leaving organisations with new and much more complex digital estates. In this new era, modern organisations require new access control requirements and flexible and dynamic network infrastructure that can sustain significant workloads and deliver both performance and security anywhere, including in the cloud and anytime.
Overcoming those challenges was the main objective when I participated in the development of the first software-defined wide area networking (SD-WAN) solution, set to upgrade Multiprotocol Label Switching (MPLS) models.
Companies’ traffic used to transit from offices to data centres over MPLS links, but the emergence of the cloud and increase in voice and video collaboration significantly increased bandwidth requirements, and MPLS became expensive and didn’t provide visibility and control over this increased traffic.
SD-WAN was born to allow enterprise sites to connect directly to distributed on-premise and SaaS applications and deliver consistent performance and security over commodity broadband links, effectively improving MPLS with high-bandwidth affordable internet links. It removed the need for traffic to transit over costly private networks or through a centralised data centre and delivered visibility and control over those applications. But SD-WAN was quickly challenged.
The need for a new SD-WAN
While SD-WAN brought a beneficial change in networking at the time, the acceleration of cloud and IoT adoption and the distribution of the workforce are creating networking and security needs among organisations that SD-WAN was not designed to address.
It was designed to offer visibility and control over a few thousand applications, but not the tens of thousands of SaaS applications or millions of IoT devices we are witnessing nowadays, nor to deliver consistent and high-performance connectivity and security to every remote (and mobile) user, device, site or multi-cloud environment. SD-WAN is generating frustration among networking teams and employees who, in 2023, are expecting the same connectivity and security capabilities working from home or a hotel or from the office.
The next era of networking is one where networking operations are smarter and more secure, thanks to the convergence of networking and security based on context-aware zero trust principles. Zero trust-enabled, context-aware SD-WAN delivers high-performance networking and security without trade-offs, with contextual policies that consider applications, users, devices and associated risks and dynamically adjust capacity and security guardrails based on their behaviours and actions.
A concrete example of how granular these adjustments can be is Netskope’s Zero Trust engine. The Cloud Confidence Index (CCI) determines the enterprise readiness score of an application, and based on its score, the engine defines Smart Quality of Service defaults for the app, and it does so for over 60,000 cloud applications. Each organisation can adjust those policies to their needs, whether for SD-WAN traffic engineering or AI/ML-powered SD-WAN security for IoT visibility and protection.
These adaptive policies require closer collaboration and integrations between the networking and security teams, allowing the former to tap into the latter’s granular and context-aware insights to deliver consistent security and improved quality of experience.
In a business environment, deploying old-school SD-WAN can translate into more complexity, with many organisations ending up having to maintain VPN clients, SSE clients and SD-WAN appliances, generating higher costs, lacking end-to-end visibility, and hindering the identification and resolution of security and networking incidents. A software-based SASE agent includes all the benefits of SD-WAN and SSE, providing cutting-edge security and connectivity, granular and dynamic access policy while removing the need for VPNs on employees’ devices, remote hardware management logistics, and reducing administrative burden.
While adoption is well on its way, many Australian organisations are still trying to solve the equation of providing fast, reliable and secure access to any application and device at any location so users can have consistent policy that supports SD-WAN and SSE in the office or when they are remote. Zero trust, context-aware SD-WAN and SASE solve this equation, delivering an intelligent network designed for modern businesses. No wonder Gartner predicts that Security Access Service Edge (SASE) will be a $15 billion market in 2025, with adoption growing at a 36% CAGR per year.