Is SASE a Big Deal?

This Industry Viewpoint was authored by David W Wang

Recently due to overwhelming demand of remote enterprise operations, e.g. work from home during the Covid-19 pandemic, several service vendors have been accelerating the launch of Secure Access Service Edge (SASE) to the markets. Cisco for instance, was the latest who has updated its SD-WAN software release with SASE.

SASE is a digital platform that enables more flexible and faster individual work environment like home office or single device like mobile phones, by stitching together elements of SD-WAN and security into a single cloud-native package. To a certain extent, we can call SASE an expanded version of SD-WAN.

From pure technology standpoint, SASE may be nothing much new. Enterprises who have signed on SD-WAN may already use one kind of SASE feature or the other, and now SASE just tries to make a tighter package of WAN, cloud and security solutions and lift the service convergence to the next level.

In a larger sense, however, the official launch of SASE does make three key trends clearer from IT/network capital investment, revenue growth, and job demand angles. SASE takes today’s businesses, large or small, a leap further onto the new platform of Internet as WAN, Cloud based IT operations, and software defined services.

As we know the major task of SD-WAN is to link up branch offices to HQ, Internet and cloud and can achieve that via such as Internet connections, a hybrid of MPLS and Internet connections, or sometimes over a private backbone network especially for global scale sites. Thus SD-WAN already puts a lot of enterprise WAN pressure onto the public Internet which originally was designed and developed mostly for eyeball rather than content traffic distributions.

Now SASE pushes even more enterprise level traffic onto the public Internet, since its mission focuses on linking individual users or devices to the cloud service edge that mostly use broadband like FTTx from home, or 4G/5G WiFi on the road for network access. This trend therefore calls for more and robust public Internet upgrade, investment and buildout from both backbone capacity (e.g. from 100G to 600G) and access speed (e.g. from 25M to 100M) perspectives in next 2-3 years. SASE adoption will boost fiber optics and broadband/5G rollout to completely replace copper and legacy narrowband technologies.

With the launch of SASE to market, enterprise IT and service providers will also accelerate two major changes: first, migrating more legacy IP operations to the cloud and setting up more cloud native resources, so as to better adapt to today’s geographically distributed agile work forces, workload, and devices;

Second, directing more efforts towards the Cloud 2.0 level edge beefing-up, rather than just the Cloud 1.0 centralized architecture. While Cloud 1.0 is great, making cloud a real on-premise IT replacement in terms of latency, security, resources, hinges on the Cloud 2.0 edge capabilities and virtualization where all new magic like AI and securities is supposed to boom.

With more cloud edge virtualized services in place, distance to a physical office or HQ’s data center is becoming secondary to employees and effective business operations. All you need is to fall close to a cloud-based PoP or gateway from a SASE service provider and then the SASE link will be on and your business can start running. Hence when selecting a SASE vendor, just make sure they have big and edge enough coverage to serve your employees or devices anywhere regionwide, nationwide, or even worldwide. 

SASE is also pushing hardware more out of the picture. While SD-WAN may still require certain appliances on site, SASE vendors deliver the service to customers via a software agent. Once installed in PC or smartphone, customers are connected to the nearest PoP based on their location and connection type. From here the user is identified and network and security policies are applied.

SASE platform is even simpler and more transparent. Traditionally, functions like quality of service (QoS) or next-generation firewalls have only been available when connecting to an appliance. Now security package including firewall, intrusion prevention, URL/DNS filtering, anti- DDoS can all be delivered as a software service via virtualization from the cloud edge, which makes the SASE solution possible.

Staff who monitor, manage and maintain SASE need to be more open source software, API, and Python programming oriented. That brings about some dramatic work-skill changes underway. Recently AT&T announced that they will lay off thousands of field technicians, which is unfortunate but a clear sign that as network becomes more SDN automated, more programmable, and more centralized control, it needs fewer workers looking after the hardware boxes in the field.

 Overall, SASE not only helps to relieve some present pressure on the legacy VPN remote work capacities, but also sheds more light on the next-gen hyperconverged platform of digital transformation we are establishing and experiencing.  

David W Wang is a next-gen network/cloud business development principal and senior consultant with ITCom Global, LLC. Mr. Wang is also the author of the Nov 2018 publishing “Software Defined-WAN for the Digital Age” , and the Mar 2015 publishing “Cash In On Cloud Computing”. He is based in Washington DC metro and can be contacted at ITComG18@gmail.com

If you haven't already, please take our Reader Survey! Just 3 questions to help us better understand who is reading Telecom Ramblings so we can serve you better!

Categories: Industry Viewpoint · SDN