Integrating Software-Defined Wide Area Network (SD-WAN) and Secure Access Service Edge (SASE) is becoming increasingly popular as businesses look to improve their network security while maintaining the flexibility and cost savings of SD-WAN.  Also, many SD WAN deployments started as cost saving replacements for traditional WAN networks with little focus on security integration.  As security infrastructures age and licenses expire, it makes sense to leverage existing SD WAN network investments and add SASE to replace legacy security infrastructure. In many cases, simply shifting traffic to the SASE platform is a fast and effective way to enable enhanced security functionality.

SD-WAN is a network architecture that uses software to control the routing of network traffic, allowing businesses to easily manage and optimize their wide area networks. SASE, on the other hand, is a security architecture that combines many network security functions such as NG firewalls, Secure Web Gateways, Malware/Virus detection, DLP, VPNs, and zero-trust security with network connectivity.

Integrating SASE into existing SD-WAN deployments can be done in a number of ways, depending on the specific requirements of the organization and existing investments in SD WAN.

One approach is to use a SASE platform that is built on top of the existing SD-WAN infrastructure. This allows the organization to continue using the same SD-WAN management tools and policies, while adding the security benefits of SASE if the SD WAN platform doesn’t support SASE directly.  An example of this would be implementing Zscaler or Palo Alto Prisma on top of an existing SD WAN Deployment. 

Another approach is to use a SASE-enabled SD-WAN solution. This approach involves implementing the SASE functionality within an existing SD WAN deployment if that capability exists.  This approach is often the least disruptive to the organization and generally can be implemented with little to no downtime.  If the existing SD WAN platform doesn’t have SASE capabilities, replacing the existing SD-WAN platform with a new one that has SASE capabilities built-in is the way to go. This approach can be more disruptive, as it requires the organization to change its existing management and policies, but it can also provide a more integrated and streamlined security solution.

Regardless of the approach chosen, integrating SASE into existing SD-WAN deployments can provide significant benefits.

SASE can help organizations protect against cyber threats by providing secure access to cloud applications and services, while SD-WAN can optimize network performance and reduce costs.

Integrating SASE into existing SD-WAN deployments is a smart move for organizations looking to improve their network security while maintaining the flexibility and cost savings of SD-WAN. There are multiple ways to accomplish this, each with its own set of pros and cons. Configure Inc. can help you understand the specific requirements of your organization and choose the approach that best aligns with those requirements.

Thank you for reading! Stay tuned for our next post, where we will dive into Remote Access options for modern SD WAN networks.

Written by Tim Barcus and Michael Brazeau