Starting May 2, 2024, find new blogs on HPE Community. Questions? Contact us

Go to new blog site

HPE Aruba Networking Blogs

SASE: SD-WAN First or Security First?

By Derek Granath, Senior Director, Product and Technical Marketing

WAN and Security Transformation and How to Begin Your SASE Journey

In our SASE video series, we’ve explored WAN and security architecture transformation with SASE. We’ve described how the right SASE architecture enables enterprises to ensure direct AND secure access to cloud-hosted applications and services for users, regardless of location or the devices used to access them. We’ve talked about how IoT requires security considerations that SASE doesn’t completely address. And we’ve articulated that the overall business driver to transform WAN and security architectures to SASE is to deliver the best application quality of experience for users.

Getting Started with SASE

When it’s time to start your SASE journey, you can start with SD-WAN or with cloud-security or with both. But you may not want to be forced into transforming both at the same time – you likely want to transform these architectures at a pace that makes sense for the company.

Start by evaluating your WAN and security requirements based on business needs.

  • What levels of cloud-application performance and reliability does your business require – the application Service Level Agreements (SLAs)?
  • What routing capabilities am I replacing with SD-WAN?
  • What connectivity and security challenges do you face for your mobile and remote workers?
  • Is the business running applications that benefit from WAN Optimization?
  • What basic firewall capabilities do I need at the branch and which can be delivered in the cloud?
  • What security, segmentation and compliance requirements must be addressed for your users? For IoT devices?
  • Can you predict what types of threat vectors will emerge in the future? And the answer is of course you can’t, and therefore you may need to adopt security innovations from a vendor that’s different than is currently deployed

SASE Evaluation and Proof of Concept Testing

Next, begin the evaluation of the SD-WAN and security capabilities of various vendors. Many enterprises really need best-of-breed WAN technology AND best-of-breed cloud-delivered security, without compromising on either. And it’s unlikely you’ll find a single vendor with excellence in both.

According to the results of a recent Ponemon Institute security best practices survey of more than 1800 networking and security IT professionals, more than two-thirds of IT teams want to adopt best-of-breed networking and cloud-security for SASE.[1] More than 70% of respondents favored multi-vendor integrations that simplify deployment and ongoing operations without compromising networking or security capabilities.

The State of SD-WAN, SASE and Zero Trust Security Architectures. Ponemon Institute. April 2021

Integrated, Automated Orchestration Enables Best-of-Breed

An advanced, open SD-WAN platform that supports application programming interfaces – or APIs – can bring new levels of automation to seamlessly connect to best-of-breed cloud security services now and in the future avoiding vendor lock-in and avoiding compromise. An SD-WAN platform that supports foundational security functions at the branch such as a zone-based firewall and segmentation enables enterprises to migrate to a SASE architecture at their own pace.

Driving Business Value – the Ultimate Goal of SASE

The only reason to transform network and security architectures is to drive business outcomes. Otherwise, why embark on the SASE journey and cost? After helping hundreds of customers with their SASE journeys, Aruba can confirm that incremental business value can be realized with SASE:

  • Provide the best cloud application quality of experience to users to increase productivity, customer satisfaction, and ultimately, business profitability
  • Deliver more consistent security policy enforcement across the enterprise to reduce business risk and protect brand image
  • Reduce capital and operational costs by simplifying WAN architecture, centralizing network and security management and eliminating the backhaul of cloud-destined traffic across expensive leased line circuits
  • And ultimately, enable enterprises to realize the maximum return on existing and ongoing cloud investments.

To learn more about SASE and the benefits it delivers, tune in to our video series. For recommendations on how to begin your SASE journey, watch our fifth episode, SASE: SD-WAN First or Security First?

Related Resources

[1] Source: Ponemon Institute. The State of SD-WAN, SASE and Zero Trust Security Architectures. April 2021