WAN Modernization is Necessary to Support Cloud-Based Enterprises
Almost all organizations now use cloud infrastructure, and the vast majority of them use multiple clouds. However, their traditional WAN infrastructure and security are not designed for cloud environments, making companies sacrifice either network performance or security.
Deploying security directly in the cloud is complicated, requiring organizations to seek another solution. Deploying Secure SD-WAN in the cloud, a solution more accurately known as SASE, provides the required balance of network performance and security.
Cloud Security is a Growing Concern for Enterprises
As use of the cloud grows, so does the need to secure it. However, traditional cybersecurity strategies and solutions are often ill-suited to cloud environments. This is true because the cloud differs from traditional on-premises data centers in a number of ways:
- Leased Infrastructure: In an on-premises data center, an organization owns their infrastructure and has complete control over it. This allows them to configure this infrastructure to align to their security policies, monitor the complete infrastructure stack, and build in security where needed. In the cloud, organizations are leasing infrastructure, meaning that they have little or no visibility or control for a significant percentage of their security stack. This makes it impossible, in some cases, to deploy the security solutions that they are accustomed to using in their on-premises deployments.
- Provider-Specific Security: A lack of low-level control over their cloud-based infrastructure means that organizations often need to rely upon security controls and tools provided by their cloud services provider. However, these tools and configurations vary from one cloud platform to another, making it difficult for organizations with multi-cloud environments (which is most of them) to enforce consistent security across their entire network.
- Direct Access: Traditionally, cybersecurity has been focused on the network perimeter, attempting to identify and block attacks before they reach the organization’s systems. With the cloud, infrastructure is outside the traditional perimeter and can be directly accessed from the public Internet. This makes perimeter-based security models less applicable and more difficult to implement.
All of these factors contribute to the fact that it can be difficult for an organization to adequately and consistently secure its cloud-based infrastructure. This is why, while almost all organizations are using the cloud, 84% of them are concerned about cloud security.
Traditional WAN Solutions Are Ill-Suited to the Cloud
The nature of cloud-based infrastructure means that organizations need to adapt how they approach cybersecurity. The traditional perimeter-based security model doesn’t work in the cloud, which is outside of the network perimeter.
This is a problem since many traditional WAN solutions are designed for the traditional security model. For example, virtual private networks (VPNs) are intended to provide an encrypted point-to-point connection between two sites. This makes them a popular solution for secure remote access and for site-to-site VPN tunnels that link two corporate LANs.
What VPNs are missing is any type of built-in security. They are constructed based upon the assumption that one end of a connection will be a site that includes a full security stack, such as the headquarters network of the corporate WAN. Any external traffic is assumed to have passed through this stack before entering or after leaving the VPN tunnel.
As the use of cloud computing grows, this assumption is not always valid. Remote users working from home or satellite offices commonly require access to cloud-based assets. This provides organizations with a few options:
- Route Traffic Through Headquarters Network: A common choice is to force all traffic to flow through the headquarters network for scanning before being routed on to its destination. However, this approach increases load on the headquarters network, and the additional network latency can break some Software as a Service (SaaS) applications and decrease employee efficiency.
- Deploy Full Security in the Cloud: In many cases, the cloud-based infrastructure is the only side of the connection controlled by the organization, so security must be deployed there. However, securing the cloud can be difficult, and the use of multi-cloud environments means that this approach can be expensive and complex to deploy and manage.
- Skip Security Scanning for Remote Users: For remote users (including teleworkers and satellite sites), the logical way to route traffic is directly to the cloud infrastructure. However, if security scanning is not implemented at either end of a VPN connection this can place the organization at risk.
None of these approaches provide organizations and their users with the required balance of network performance and security. As cloud adoption grows, organizations need to be able to integrate security into their network infrastructure.
SASE is a Necessary Step in WAN Modernization
Accomplishing this requires taking the step to modernize the corporate WAN by deploying Secure Access Service Edge (SASE). SASE combines the network optimization capabilities of SD-WAN with integrated security and a cloud-based deployment.
A SASE node contains a full security stack and offers optimal, secure routing to the other nodes in the SASE network. This ensures that any traffic routed over the corporate WAN undergoes security inspection and incurs minimal performance impacts.
What makes this different from Secure SD-WAN is that SASE nodes are deployed in the cloud. This means that WAN entry and exit points can be easily deployed geographically close to cloud infrastructure and remote users. This minimizes the latency incurred by using the WAN, making it a viable alternative to direct cloud connectivity while enabling enterprises to achieve network security.