There’s been a boom in SD-WANs (software-defined wide area networks) in recent years, as organisations sought to reduce costs, strengthen connectivity, and improve their visibility and control of their networks.
But few IT directors realise SD-WANs were designed for office-based ways of working, which were typical pre-COVID, argues Jonathan Wright, director of products and operations at Global Cloud Xchange (GCX), here...
“SD-WAN can’t deliver the same network visibility and flexibility benefits, nor security enforcement for remote workers. So, many companies are now adding a SASE (secure access service edge) framework to their infrastructure or transitioning to it from SD-WAN completely.
The challenge arises in that SD-WAN is built around a physical location, rather than a user. The assumption is that most traffic would be routed via a dedicated WAN or LAN port, with the handful of remote workers connecting via a VPN linked to one of a handful of gateways worldwide. There would be a lower level of experience and flexibility, but that compromise was more readily accepted.
Now, of course, those working at home require the same level of experience. Scaling network and security policies has defined many IT strategies over the past few years, ensuring corporate policies and configurations are equally applicable to those working remotely as in the office.
This is where SD-WAN now falls short. Network visibility is significantly impacted in a hybrid environment. Whereas in an office, all traffic flows through one network device, hybrid workers each have their own internet provider and may use personal devices. So, IT teams can no longer easily monitor and report on which resources are being accessed and risk a new wave of ‘shadow IT’. Further security risks are introduced as data transmitted to the cloud is often unprotected until it reaches its destination when sent from remote devices.
Not wanting their investment in SD-WAN to have gone to waste, many IT leaders are now shifting their strategy towards SD-WAN becoming a pure access technology with most of its current functionality delivered by a SASE overlay framework.
This approach helps improve the security and compliance of data over the course of the data packet’s journey to its final destination, whether the cloud or elsewhere, as it is routed through the centralised framework no matter what the original location. It also improves visibility by once again allowing for a single, centralised view of all traffic flows and of application performance in real time.
The total cost of ownership (TCO) associated with SD-WAN can also come down, as there is less reliance on specialist hardware and no ongoing licence fees. And there are more opportunities to optimise costs for SASE as it only needs a device that supports SSL or IPsec for a secure connection.
As our working practices change, it should come as no surprise that our infrastructure will need to evolve too. No matter the network or location of a device, SASE offers peace of mind that data can seamlessly and securely be routed around an organisation’s global network.”
