IT departments at large companies are faced with a mountain of challenges, from decentralising company IT, working from home and soaring data volumes to migrating IT processes into the cloud, security and a shortage of qualified staff. On-premise data centres are particularly impacted, as they have long ceased to function as the “centre” of data processing, especially in large organisations with international offices. The volume of data making their way there will continue to decrease over the next few years, as we work more outside of than within the corporate network and a greater volume of data streams to public clouds than to the in-house data centre.

What can next-generation SASE and SD-WAN offer?

These changes are going to push traditional WAN models to their limits—particularly in large multi-site corporations. A wide area network that links up various local area networks over longer distances only tends to have a very limited bandwidth and may also offer slower transfer speeds than the local network, which is why focus is turning to the software-based wide area network, SD-WAN. These are networks that place an abstraction layer in the form of software over mostly hardware line connections. The benefits are an enhanced user experience, easier operations, lower costs, multi-cloud support and better security. By itself, however, SD-WAN cannot meet all the demands of the digital transformation in the long-term, which is why the new architecture model Secure Access Service Edge (SASE) has been doing the rounds since August 2020. Designed by Gartner, this model comprises of SD-WAN plus additional network security technologies such as secure web gateways, cloud access security brokers, zero trust network access and Firewall as a Service.

The benefits of SASE.

SASE reduces the complexity of wide area network connections, resulting in lower costs, improved performance and increased security. Plus, SASE is more easily scalable and businesses can hand over operations of their SD-WAN connections secured with SASE to an experienced provider and therefore focus all their attentions on their core business. SASE integrates various connectivity channels such as DSL, dedicated lines and 4/5G into a “private backbone” for businesses. Data traffic is encrypted and there are other features such as next-generation firewalls, malware scans and protection against DDoS and DNS server attacks.

SASE migration stumbling blocks.

Organisational silos, existing investments and a lack of a specific skills and knowledge are all hurdles to implementing SASE, which requires a coordinated and coherent strategy across several teams, but issues can also be caused by non-standardised architectures and data protection requirements. SASE solutions are deployed in the cloud, but there are differences in how cloud-native each providers’ architectures are. On top of this is the fact that each business has differing compliance and data protection requirements. Another issue is that SASE capabilities vary wildly, so businesses have to prioritise their need for converged capabilities over that for best-of-breed capabilities to close all the gaps.

Corporate SASE models.

Cloud-native or managed SASE are two options available to organisations. With the former, there are no specific dependencies on hardware as all network and security services are sourced from the cloud. SASE service software can be scaled as needed, is designed for maximum cost reduction, supports multi-tenancy and can be aggregated quickly for fast service expansion. Managed SASE is a good choice when it comes to the question of how to create user profiles because it is possible to outsource the configuration and operation of the network to a service provider.

How to implement SASE.

Combining SD-WAN and SASE results in a number of components that need to be perfectly aligned with each other in a coherent package. For this reason, it makes little sense to commission several external service providers for various sub-projects, because as we know, too may cooks spoil the broth. What’s more, the service provider selected should be in a position to act on the international stage whenever needed so colleagues in branch offices can be quickly and simply connected to the new infrastructure. An all-in-one solution from a single source also has the added benefit that customers only have to communicate with one company, who knows the entire solution, in the event of an issue.

To summarise, SASE demands a coherent overall concept.

Traditional network models have had their day. A growing number of businesses are replacing their rigid VPN and MPLS solutions (multi-protocol label switching) with more flexible SD-WAN models. However, without a coherent concept, the wheels will very quickly come off. SASE models enable more flexible network connectivity that can be better protected. Identities, applications and services can all be centrally managed and decentralised connections can be effectively secured. Bechtle can help you with the implementation and operations of your own SASE environment, tailored to your needs as a turnkey solution, in Germany and beyond. We don’t just take care of the underlying network, but also the necessary security architecture and your backup strategy.