With the advent of SASE, SD-WAN and security vendors have adopted a variety of postures and messages depending on their background and strategy in this market. One of the value propositions of moving to SASE is to consolidate existing network and security capabilities into one vendor. It sounds like an attractive value proposition, but choosing a full stack solution over best-of-breed network and security solutions, inevitably leads to gaps and may not be the best approach to address the flexibility and security challenges in the digital age.
In this blog, we’ll describe four key reasons to choose best-of-breed network and security solutions over a single SASE solution, to help you better optimize and protect your network.
1. No single vendor can provide best of breed for both the WAN edge and security service components
Networking and security, while heavily interrelated, are two different and very complex domains of expertise. Security evolves rapidly to ensure protection against ever changing cybersecurity risks while wide area networking is more about providing fast, robust, and flexible connections over potentially long distances and across diverse transports.
While SASE providers are consolidating their offering, none of them can deliver the best-of-breed capabilities in both security and the WAN edge. Indeed, most SASE providers come from a security background including firewall, identity management or antivirus protection solutions. All of these vendors are in a race to fill the gap of missing functionality to address cloud-first challenges, but they still specialize in their own security domain, not SD-WAN.
Some security vendors have added basic SD-WAN capabilities into their firewall. But the real power of a SASE architecture is realized when combining advanced WAN edge functions with comprehensive security services delivered in the cloud; SD-WAN is in fact a foundational component of a complete SASE architecture. To make it easy for IT, an advanced SD-WAN solution can offer a native, automated integration to best of breed cloud security vendors. With this model, you combine the best-of-breed security solutions with a best-in-class SD-WAN. When it comes to wide area networking and security, you don’t want to compromise on quality of experience, flexibility, or security.
2. Don’t put all your eggs in one basket
When trading in financial markets, it is a must to constitute a portfolio of various financial assets to minimize the risk. Traders spread the risk across assets with various levels of risk, so they don’t lose everything on risky assets while maximizing their gains by only betting on low-risk assets.
As mentioned earlier, relying on a single vendor that provides the full stack may actually be a risky bet, especially for security. Also, as security threats continuously evolve, it is critical to have the freedom of choice to adopt innovations from new security vendors that may have developed a better solution.
With the flexibility to easily deploy with multiple vendors, you can keep your bargaining power high, get competitive bids and force other vendors to reduce their prices. With a multi-vendor approach, vendors will always have an incentive to give you the best price and the best solutions.
3. Secure your hybrid cloud environments
SASE is optimized for the cloud, but many organizations have not yet moved all their applications to the cloud. Most enterprises still have a corporate data center for legacy applications even if it’s just a small percentage – think of bank or insurance companies that still run in-house developed applications in COBOL – or because there are sectors that require confidentiality or are heavily regulated (e.g., military, government). With a multi-vendor strategy, organizations can move their applications to the cloud at their own pace and also better secure specific areas (on-premise, private cloud, hybrid cloud, etc.). This is why, it is essential to choose an advanced SD-WAN solution that can steer traffic intelligently to support granular QoS and security policies.
4. Secure your network from external users and IOT devices
SASE focuses more on protecting internal users that access internal or external resources, and less on external users or IOT devices. Network-connected IOT devices, such as video cameras, smart meter, point of sale terminals, and many more continue to explode in number, and they expose organizations to increasing threats. IOT devices usually include very basic security features and they cannot run ZTNA agents or VPN clients. Therefore, additional security capabilities are required beyond what is defined by SASE to secure them and their application traffic. The best way to protect your organization is to ensure that users or devices can only connect with destinations on the network that are consistent with their role in the business. Advanced network solutions with identity-based access control capabilities can unify policy enforcement across wired and wireless network and segment the network into multiple zones based on roles. For example, IT might define a security policy that creates a segment for IOT devices, a unique segment for critical app traffic, and another for guest users.
To implement a modern, cloud-first secure access service edge architecture, the Aruba EdgeConnect SD-WAN edge platform provides best-in-class SD-WAN capabilities such as dynamic path selection, automatic failover, WAN optimization, internet breakout on the first packet and a stateful zone-based firewall for micro-segmentation. In addition, it offers advanced, automated orchestration and native integration to deploy multiple security partners in minutes. Aruba EdgeConnect is the foundation for a robust SASE architecture that lets you choose from the best-of-breed cloud-delivered security service providers now and in the future.
HPE (Aruba and Silver Peak) named a Leader 4 years in a row in 2021 Gartner Magic Quadrant for WAN Edge Infrastructure—Get the Report.
Related Resources
