(Newswire.net — December 16, 2019) — To meet the performance and security requirements of the modern business WAN, many organizations take a multi-layer approach. At the bottom layer, multiprotocol label switching (MPLS) links or Internet-based virtual private networks (VPNs) provide networking functionality. On top of these, standalone appliances are used to meet the organization’s security needs.
This approach to WAN security is inefficient and often falls short of an organization’s needs. Converging network and security infrastructure through the use of secure access service edge (SASE) solutions provides a much higher degree of network performance and security.
Challenges of Securing Traditional WAN
Traditional WAN networks, composed of a combination of MPLS and Internet-based VPN, can generally meet the network performance or basic privacy needs of an organization. MPLS provides high-performance, reliable networking but lacks any encryption or built-in security protections. Internet-based VPNs encrypt the traffic flowing over them but at the cost of a complex network with performance dictated by the public Internet.
Securing traditional WAN solutions requires layering standalone security appliances on top of network infrastructure. This approach to network security dramatically increases the complexity of securing the network as the average enterprise has 75 different security devices deployed on their network.
With this complexity come challenges.
- Limited visibility
Enterprises using networks based upon MPLS and Internet-based VPNs do not have full visibility into the traffic flowing over their networks. Many organizations can achieve full visibility into MPLS links, but adding visibility of Internet-based VPNs, via the use of a Security Information and Event Monitoring (SIEM) solution, means a significant increase in overhead and security complexity.
With the rise of cloud computing and mobile devices, even full visibility into both MPLS and VPN links is insufficient. Monitoring traffic to and from mobile devices and the cloud requires endpoint solutions, which are difficult or impossible to deploy. Most endpoint security products do not work on mobile devices, and, for the 81% of organizations with a multicloud deployment, each environment requires its own specialized security solution. As a result, organizations using traditional WAN infrastructure often must choose between network performance and visibility.
- Scalability
For organizations that choose to deploy monitoring solutions at each endpoint, this solution is largely unscalable and expensive. Networking infrastructure without integrated security functionality means that the organization requires a number of standalone security appliances at each site. At a minimum, these include a next-generation firewall (NGFW), secure web gateway (SWG), and unified threat management solution (UTM).
Assuming that it is possible to deploy these solutions in every environment, the cost and complexity of monitoring and managing them can be significant. Beyond the costs of acquiring the appliances themselves, an organization must pay specialists to deploy, configure, monitor, and maintain them until end-of-life when they can be replaced. Since different solutions are required for different operating environments, the organization cannot even take advantage of the efficiencies associated with deploying a standardized solution across the board.
Security Benefits of Converged Infrastructure
Rather than adopting separate networking and security infrastructure, organizations can take advantage of converged infrastructure that integrates networking and security functionality into a single product. By leveraging Secure Access Service Edge in this way, an organization can reap a number of benefits compared to layering security on top of networking infrastructure.
- Enhanced Visibility
One of the major benefits of SASE is dramatically improved visibility within the corporate network. Integration of security monitoring and detection functionality into the networking infrastructure ensures that all traffic flowing over network links is secured by the organization’s cyber defenses.
This also increases the ability of the organization’s network security team to monitor and secure the network. Integration of security into networking appliances ensures that the entire network is protected by the same solutions in the same way and simplifies enforcement of consistent security policies across the entire network.
- Increased Security
For many organizations, security is tacked on almost as an afterthought to the organization’s networking infrastructure. As a result, it is probable that blind spots or security gaps exist due to an imperfect design or implementation.
With converged infrastructure, security and networking are integrated from the start. This improves the overall security and performance of the system by ensuring that network design or implementation errors do not sacrifice security for performance or vice versa.
- Decreased Overhead
When deploying standalone networking and security appliances, the organization incurs significant costs associated with acquiring, configuring, and maintaining each appliance. With converged infrastructure, the organization only needs to deploy a single appliance to achieve the same network and security benefits.
One benefit of this is reduced time in deployment and configuration. Instead of setting up a number of appliances and configuring them to work together, the organization’s network and security teams only need to deploy and configure a single appliance. The same benefits also apply in the long term. Every device on the organization’s network requires periodic updates and maintenance. Any decrease in the number of deployed devices decreases the amount of maintenance required.
- Improved Efficiency
Most of the standalone appliances that an organization deploys on their network are not designed to work together. As a result, they do not take advantage of opportunities to improve efficiency through enhanced integration. A converged network infrastructure, with all functionality consolidated into a single system, can take advantage of these opportunities to improve both network performance and security.
SASE is the Future of the WAN
Converged networking and security infrastructure provide a number of advantages for the corporate WAN. SASE’s ability to improve both network performance and security make it the obvious next stage in the evolution of the WAN.