When asked “what is your favorite candy bar?” my response was simple: a peanut butter cup. Somehow, the combination of chocolate and peanut butter in the right proportion perfectly hits the mark.
The ubiquitous Reese’s peanut butter cup in its bright orange wrapper always catches my eye at the supermarket checkout. While I usually resist, sometimes I just can’t, and the two cups in the package provide just the medicine I need. But, when the holidays come around, See’s Candies releases its own version of the peanut butter cup using much better dark chocolate and a very good peanut butter center.
However the very best peanut butter cup I’ve ever tasted is my sister’s – and actually, it’s a chocolate peanut butter bar. Why is her confection the best? It’s not just because it’s from my sister. It’s because she selects and uses only the highest quality ingredients. Not chocolate chips from a bag, but Valrhona or Guittard or Ghirardelli or another boutique brand. And she doesn’t use supermarket peanut butter from a jar, but rather, freshly ground peanut butter from the local health food store.
In the 2019 report, “The Future of Network Security is in the Cloud,” Gartner defined the secure access service edge or “SASE” as a thin WAN edge supporting the required wide area network functions at the branch such as SD-WAN, a stateful zone-based firewall, segmentation, routing and WAN optimization, integrated with comprehensive cloud-delivered security services including FWaaS, SGW, CASB, ZTNA, IDS/IPS, A/V and more, all managed centrally from the cloud.[1] However, like the peanut butter cup – or peanut butter bar – an enterprise shouldn’t have to make a tradeoff between their wide area network or security, nor should they settle for “good enough”. To realize the transformational promise of a SASE architecture, an SD-WAN solution with basic functionality simply won’t deliver. And good enough security won’t deliver either. Enterprises shouldn’t settle for anything less than the best of both worlds.
Why Best-of-Breed WAN?
The job of the WAN is to connect users to applications and data as efficiently as possible and with the highest levels of performance and availability. A simple example: If a call center employee can process 11 transactions per hour instead of 10 due to improved response time, that translates directly to a 10 percent increase in productivity and potential incremental revenue and profitability for the business.
An advanced SD-WAN platform that can granularly apply the appropriate quality of service and security policies based on business requirements can improve application response time, performance and availability, and yield tangible business outcomes. When making the SD-WAN platform decision to implement SASE, it’s important to evaluate all of the performance and security capabilities of the unified solution and translate them to business value; it’s incredibly important to discern the differences in the business value delivered via a basic SD-WAN solution in contrast to an advanced WAN edge platform.
The combination of the following seven capabilities describe the attributes of an advanced SD-WAN platform that will fully deliver on the promises of a SASE architecture.
- First-packet application identification to enable granular traffic steering
- Automated, daily application definition and TCP/IP address table updates
- Automated orchestration with cloud-delivered security services
- Automatic failover to secondary cloud enforcement point if the primary is unreachable
- Automatic reconfiguration should a closer enforcement point become available
- Enable enterprises to implement a SASE architecture at their own pace
- Freedom of choice to avoid vendor lock-in, enabling the adoption of new security innovations as they become available in the future
Why Best-of-Breed Cloud Security?
The threat landscape is changing every second. A 2018 McAfee study reported that hackers create 300,000 new pieces of malware daily. According to Forbes, 30,000 websites are hacked every day. New threats and new threat vectors surface daily. That means that enterprises must be vigilant and having the freedom of choice to integrate best-of-breed security today and in the future is of paramount importance.
When evaluating the security decision for SASE, it’s important to retain the flexibility and agility to adopt any security innovations that may be required to quickly mitigate exposure to new threats and new types of threats as they emerge.
Why Freedom of Choice?
Some vendors market and offer an “all-in-one” SASE solution promising seamless integration, simplicity and the benefit of having a “one-throat-to-choke” business model. While this may sound enticing on the surface, it routinely results in vendor lock-in and compromise. It means either compromising the advanced networking functionality described above to fully optimize your SASE architecture. Or it means potentially exposing the enterprise to new threats that require rapid intervention. An open, advanced SD-WAN platform also enables enterprises to transform their security model and adopt SASE at their own pace, the best of both worlds.
But Make it Easy
Clearly, an open advanced SD-WAN platform that integrates seamlessly with best-of-breed cloud-delivered security vendors (plural ) provides the flexibility to always deliver the highest levels of cloud application performance to users while mitigating risk to the enterprise. To meet those objectives, Aruba has automated integrations between the EdgeConnect SD-WAN platform and many best-of-breed cloud security vendor solutions including Zscaler Internet Access, Netskope Security Cloud, Check Point CloudGuard Connect and Palo Alto Prisma Access. These integrations automate the configuration of secure primary and secondary connections (IPsec tunnels) between branch locations and cloud-security enforcement points of presence and configuration of end-to-end security policies, all from the Aruba Orchestrator management console.
The Moral of the Story
And the moral of the story is, like the peanut butter cup so readily available in the bright orange wrapper, sometimes good enough is. However, when it comes to your enterprise network and security, you should never be forced to compromise and settle for good enough. Adopting best-of-breed networking and best-of-breed cloud-delivered security for your SASE implementation delivers the highest end user quality of experience and the highest level of enterprise risk mitigation without compromise.
[1] “The Future of Network Security is in the Cloud,” Gartner ID G00441737, August 30, 2019
