How Sassy is your SD-WAN – Winning the Next WAN Edge Cycle

The new Gartner Networking Hype Cycle for 2019 is out (stay calm!) and there is one very clear message for network professionals implementing a SD-WAN strategy: first the good news, you’re now entering the nirvana phase of the cycle, i.e., the Slope of Enlightenment (congratulations!), which means SD-WAN is approaching a maximum period of benefits for the next 2-5 years; however, the bad news is that if you haven’t evaluated the “sassy” potential of your SD-WAN, then you may be headed for a premature derailment in the Trough of Disillusionment!

When I say “sassy” I’m not referring to your teenager’s behavior or even the behavior of your network, although I’m sure that both connotations popped into your head; no, what I’m referring to is SASE, i.e., Secure Access Service Edge, defined per the following in what can only be described as a seminal piece of research entitled, “Market Trends: How to Win as WAN Edge and Security Converge Into the Secure Access Service Edge,” Published: 29 July 2019 (ID: G00388951) authored by Gartner analysts Neil MacDonald and Joe Skorupa:

“SASE [solutions] are emerging converged offerings combining WAN capabilities with network security functions (such as secure web gateway, CASB and SDP) to support the needs of digital enterprises. These needs are radically changing due to the adoption of cloud-based services and edge computing. These capabilities are delivered as a service based upon the identity of the entity, real time context and security/compliance policies. Identities can be associated with people, devices, IoT or edge computing locations. (CASB: Cloud Access Security Brokers; SDP: Software-Defined Perimeters)

While Gartner says that SASE is in the early stages of development, it clearly is the bright, new shiny object on the Hype cycle, nearly alone at the egress of the upward slope labeled “Innovation Trigger.” Gartner believes heightened expectations for SASE are being driven by the immutable enterprise requirements for digital business transformation initiatives (widespread adoption of cloud-based services by distributed and mobile workforces primarily placing severe stress on conventional edge computing orthodoxies).

What is already obvious to most WAN edge admins, traditional corporate HQ data centers are no longer the center of transformational network architectures. Users, sensitive data, applications and access requirements will be highly distributed everywhere. “The new center of secure access networking design is the identity — of the user, device, IoT/OT systems and edge computing locations and their needs for secure access services to cloud-based services directly including an enterprise’s applications running in IaaS,” write the authors.

Thus, the logical conversion of networking and security at the edge in the form of cloud-based offerings will collapse a number of disparate services including SD-WAN, secure web gateway, CASB, SDP (zero trust network access), DNS protection and firewall-as-a-service:

Universal adoption of mobile, cloud and edge deployment models combined with digital transformation redefine what constitutes optimized network traffic patterns, rendering obsolete existing network and security models that are CPE-hardware orient.

“Customer demands for simplicity, scalability, flexibility, low latency and pervasive security force convergence of the WAN edge and network security markets, creating the secure access service edge (SASE),” Gartner says, leveraging cloud-based, as-a-service delivery models.

Business-critical edge applications that are latency-sensitive, require networking and security delivered in a distributed manner closest to the endpoint device or user access path with sophisticated SD-WAN traffic engineering, application intelligence, secure access, transport diversity and multi-cloud connectivity.

The other factor at play in the SD-WAN/SASE convergence is that the SASE solution needs to be cloud-native in order to flexibly deliver on-demand services with one pass such as more complex policy-based inspection for sensitive data, including malware, decryption and overall management, which must easily scale up or down, as required, when and where needed.

There is another bit of good news inherent in the research, and that is for the emerging consumption preference of WAN edge, i.e., as a managed service and/or as-a-service: while Gartner believes SASE adoption will be delivered primarily as an XaaS offering, a distributed edge computing location (such as one supporting a distributed local analytics application for a set of IoT devices) is also an endpoint needing secure access edge services when connecting to public clouds for data aggregation, and thus cloud-based delivery will enable Cloud Service Providers (CSPs) to add new services to the WAN edge stack flexibly and dynamically.