SASE, SD-WAN & SSE: Pillars of a Cloud-First Transformation

By Nav Chander, Head of Service Provider SD-WAN/SASE Product Marketing

Since the onset of the COVID-19 pandemic, enterprise IT staff have increased their focus on updating their cloud, networking and security infrastructure to help them adapt to the new hybrid office environments. Many enterprises are evaluating technology pillars that begin with the letter S: SD-WAN, SASE and now Security Service Edge (SSE) to support their cloud-first digital transformation plans.

SD-WAN which emerged in 2015 as a disruptive networking technology is already helping many enterprises modernize their WAN. Advanced SD-WAN platforms like the Aruba EdgeConnect Enterprise SD-WAN edge platform can reduce networking complexity, improve application performance, and enable more efficient connectivity between users and applications residing in the cloud and data center.

Secure Access Service Edge or SASE is the term Gartner coined in 2019 to describe the framework that has emerged to define the convergence of WAN and network security functions into a single, cloud-delivered model that will support enterprise digital transformation initiatives. SASE consists of a number of key components as we have highlighted in earlier SASE blogs and videos.

The third acronym is SSE – Security Service Edge – which Gartner introduced in February 2022 as the security component of SASE that unifies all security services, including Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Zero Trust Network Access (ZTNA), to secure access to web, cloud services, and private applications. SSE functions provides both data protection and threat protection as shown in Fig 1.

Fig 1. SASE Pillars

With these pillars, do enterprises simply embrace SASE as the comprehensive security and networking framework for their digital transformation blueprint?

Well not quite so fast. Enterprise IT executives’ requirement is to provide SECURE network-layer connectivity across ALL devices and locations, to connect to all of their business applications. There are two key requirements:

  1. How do you secure access to applications spread across multiple clouds, data centers, and software-as-a-service applications?
  2. How do you secure the growing number of IoT devices that can’t run an endpoint agent?

Clearly the SSE functionality delivered by cloud security vendors such as Zscaler, Netskope and Check Point with the API or service orchestration integrations with SD-WAN platforms like EdgeConnect are enabling the secure connectivity of applications, across cloud providers, data centers and branch sites, fulfilling the first requirement.

For the second requirement, it is important to note that for many deployed IoT devices, it is either impractical or impossible to run an SSE ZTNA agent on the device. IoT devices are a major point of vulnerability for a potential security breach. If you are deploying hundreds of IoT devices per location, from many different vendors, eventually one of those devices is going to suffer a security vulnerability.

Using identity-based role access control solutions like Aruba ClearPass or recently announced Aruba Central NetConductor, micro-segmentation and security policies can be extended across the Aruba’s entire product stack, including the ability to automatically segment user and IoT traffic which is integrated with an advanced SD-WAN.

So, SSE solutions plus an advanced SD-WAN platform can address the security and networking requirements for both secure access and connecting IoT, helping enterprises with their SASE evolution. The next important decision for enterprises is: do you employ a multivendor or single vendor platform for SASE?

In fact, in a recent Gartner report “How to Align SD-WAN Projects with SASE Initiatives(1),” Gartner recommends:

  • “Choosing a single-vendor SASE solution is challenged by the lack of solutions that offer best of breed, and for many enterprises, not even good enough functionality across all of SASE’s functional domains(1)”
  • “After assessing which SD-WAN providers are best-suited for the organization, assess available options for SSE that can integrate operationally with the preferred SD-WAN. In particular, assess the level of console and API integration.(1)”

A multivendor best-of-breed SSE and best-of-breed SD-WAN provides enterprises the flexibility to choose the best technologies available for their SASE migration based on business requirements. For example, in mergers and acquisitions, an enterprise may be acquiring another business that employs a different cloud security vendor solution, so how will you integrate your existing SD-WAN platform with the two different security vendor solutions?  Does your SD-WAN platform support API, service orchestration and automations to enable a smoother integration of both SD-WAN and cloud security?

Aruba EdgeConnect Enterprise is a best-of-breed SD-WAN platform that has been integrated and proven with the leading network cloud security vendors, including Zscaler, Netskope, Check Point, McAfee, iBoss, Palo Alto Networks Prisma Access, and more. This enables enterprises to configure, deploy, and develop a SASE framework with the flexibility of cloud-delivered security options without compromising on best-of-breed technologies. Taking this approach for SASE will help mitigate the risk of depending on a single technology vendor to supply all the components and enable a secure cloud-first digital transformation.

If you want to learn more about how SASE, SD-WAN, and SSE, check out this recent podcast “SASE isn’t revolutionary, it’s evolutionary” that covers these topics in more detail.

Related Resources:

1 – Gartner, How to Align SD-WAN Projects With SASE Initiatives, Published 18 April 2022 - ID G00767529, By Bjarne Munch, Lisa Pierce, Craig Lawson