Where and How Do WAN, SD-WAN, and SASE Fit In?

The decision to stay with a WAN network or move to SD-WAN or SASE ultimately depends upon your enterprise connectivity requirements, budget, staff skills, and corporate business direction.

The decision to stay with a WAN network or move to SD-WAN or SASE ultimately depends upon your enterprise connectivity requirements
(Credit: Deepak Venkatesh / Alamy Stock Photo)

Just where and how WAN (wide area network), SD-WAN (software-defined wide area network), and SASE (Secure Access Service Edge) fit is an almost universal question today for many company network planners.

If you don’t have SD-WAN or SASE, which is the case for most SMB (small and medium-sized business) companies, the question you’re likely facing is whether you want to extend your network security and governance policies for your internal corporate WAN they encompass more remote users and edge deployments, which is where SD-WAN excels. If you are already using SD-WAN, the question is likely to be whether you want to extend your network security and governance reach even further beyond what SD-WAN offers and into a full-blown SASE solution.

Here are the lines of demarcation between internal WAN, SD-WAN, and SASE networks.

WAN

WAN is a data center-centric network architecture that is well-suited for internal enterprise networks. It is a mature network architecture and is still the most widely deployed network architecture in companies today.

The “catch” with WAN is that it requires a great deal of manual configuration of routers and other devices attached to the network. These assets must also be manually maintained. There are end of life issues that must be continuously attended to as routers, switches, storage, servers, operating systems and other IT assets age. However, network specialists are well acquainted with the configuration and maintenance necessary, so the main challenge is ensuring that the maintenance is timely done.

Related:SASE Explained: Definition, Benefits, and Best Practice

An advantage in deploying WAN is that you have significant latitude in selecting and implementing the network hardware and software that you want.

SD-WAN

Worldwide, over 94% of companies use cloud. While some companies use clouds simply by signing onto the cloud directly through a cloud portal, this form of access is a growing concern for network professionals, who want to ensure that the rules for security and performance for the internal network also apply in the cloud.

This is where SD-WAN fits.

SD-WAN converts an enterprise-centric WAN network that must be manually configured and maintained into a software-defined wide area network that can be maintained through a central piece of software that has the ability to secure connections for users and edge technologies at any location, whether the location is remote or internal. The SD-WAN software also provides tools that are able to work across onsite, cloud-based, and remote locations to ensure that a uniform set of network security, governance, and performance rules is applied.

By using software, network specialists no longer have to manually define and apply security and governance rules for the network because they can do this through software.

SD-WAN is best utilized when enterprises evolve to the point where substantial company work is being done by remote users and work sites, and the network must somehow deliver secure, quality connectivity to these locations.

An advantage of SD-WAN is that it eliminates worry about end-of-life equipment issues that are a reality with WAN because SD-WAN providers address those issues in their own ecosystems. The SD-WAN disadvantage is that the network staff loses some of its independence and flexibility in deciding what tools and equipment to deploy on the network. Since SD-WAN services are delivered by cloud-based providers, there is also the danger of vendor lock-in. This makes it difficult to migrate to another vendor or solution if you desire to do so.

SASE

SASE is the latest evolution in software-driven, cloud-based networks. In the SASE environment, SD-WAN is actually a subset of SASE, but SASE does even more. SASE integrates SD-WAN with a full set of cloud-based security functions. In essence, this takes security functionality out of the network WAN and places it fully in the cloud, which now views the internal corporate network as just one of many "edges" that the cloud must control.

An advantage of the SASE architecture is that the SASE can provide a layer of isolation from security attacks by stopping them before they ever reach your users or your native systems and applications. SASE disadvantages are that you are relinquishing a certain amount of direct control of your network to the cloud, and there is also the risk of vendor lock-in.

Architectural Considerations

The decision to stay with a WAN network or move to SD-WAN or SASE ultimately depends upon your budget, your staff skills, and your corporate business direction.

Companies that are moving to more decentralized operations will likely require a network design that can move with them. This means that an SD-WAN network capability could be a future consideration since that is the only efficient way that IT can guarantee the appropriate service, security, and governance levels to all network users, whether they are in a corporate finance department, a remote manufacturing plant, or a home office.

In many cases, continuing to use a WAN service and complementing it with SD-WAN for remote sites is a possibility.

That being said, the industry is clearly moving toward the SASE security model because it supports the movement of a majority of IT to the cloud. SASE includes SD-WAN, but it also encompasses the totality of network security and administration by fully re-locating it from the internal network to the SASE cloud provider.

As this network evolution unfolds, sites should evaluate their own technical and management staff strengths, as well as the robustness of their budgets. Many network managers will feel that they can control spending more capably on their own WAN networks since they aren't locked into anyone else’s solutions. And while there is no question that as you subscribe to a fuller set of security and connectivity capabilities that SD-WAN and SASE offer, the costs will go up, too.

At the end of the day, the network decisions made come down to where your company wants to go strategically and operationally and how your network architecture can best support it.

Related articles:

About the Author

Mary E. Shacklett, President, Transworld Data

Mary E. Shacklett is an internationally recognized technology commentator and President of Transworld Data, a marketing and technology services firm.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights