Call it SD-WAN or SASE, a secure network starts with strong visibility
Large enterprise IT executives’ message about security is loud and clear: IT and network assets are under siege, and the threat is only growing. Cyber attacks are increasing on all fronts.
Criminals especially target vulnerabilities related to rapid workplace changes from the COVID-19 pandemic. The spike in remote and hybrid work, and the accelerated push of applications into public and hybrid clouds, widened enterprises’ security perimeters and created openings for hackers and other cybercriminals.
Cybercriminals look for any IT weaknesses to exploit, such as:
- Applications that have not been hardened;
- Weaknesses in industrial and IoT devices;
- Exposed data storage and sharing systems;
- Openings in the emerging edge cloud; and
- Configuration oversights or errors by IT workers.
Two of the most common attack vectors are the enterprise network, and enterprise public and hybrid clouds. These two areas experience more attacks, so they get more enterprise attention. Figure 1 shows about four in 10 enterprises reported big jumps in attacks against their networks and public clouds in 2021 and in 2022. Only about 3% to 4% of large enterprises did not report any major increases in security incidents.
Figure 1: Network and public cloud were top enterprise targets for cybercriminals in 2020-2022. Source Omdia
Strong security starts with visibility
As attacks on networks and the public cloud escalate, no wonder enterprise IT executives are interested in the idea of a secure access service edge (SASE). The concept of SASE combines the flexible, dynamic networking of SD-WAN with a comprehensive suite of security features. SASE brings attention back to decades-old thinking, that security needs to be embedded in the network.
The reason to embed security in the network, is that this is a major source to collect, analyze, and act on that information. Good security starts with good information, gathered by having visibility into assets. If the enterprise network and its related managed services offer a single end-to-end view, this provides strong visibility.
When administrators have access to information across the network – end-to-end, network underlay and managed services overlay – attackers trying to breach enterprise sites or cloud resources have few places to hide. Between end-to-end network monitoring visibility and SD-WAN’s centralized information gathering and analytics, attack attempts become easier to detect, analyze, and stop.
SD-WAN or SASE? Enterprises are pragmatic
SASE has been rising in hype, but SD-WAN also features integrated security features. For years, Omdia has recorded that enterprise adopters turn to managed security services help for SD-WAN. Omdia’s IT executive enterprise surveys show that 60% of enterprise adopters source external managed security services for their SD-WAN deployment.
SASE is an umbrella concept, not a platform. Figure 2 shows many network functions often tied to SD-WAN, and many security functions attached to SASE. Enterprises see SASE in practical terms, what security embedded with the network means for them. They are less interested in an abstract definition, and more interested in what works.
Figure 2: Network elements associated with SD-WAN and security elements associated with SASE. Source: Company reports, Omdia
Enterprises have subscribed to network and security pieces listed in Figure 2 separately – and together – for many years. Firewall and gateway functions have been part of routers for decades, and firewalls have been part of SD-WAN platforms from the start. DDoS mitigation, DNS protection, and data loss prevention are standard practices for enterprise security teams.
The SASE promise is full integration of the network and security suite. Full integration is not so compelling when enterprises just need vital pieces. An enterprise may pull together VMware SD-WAN and Zscaler cloud security; they may call that combination secure SD-WAN or SASE. Either way, the enterprise meets its goal of embedding security with the network.
Security investment remains a top priority
According to Omdia’s IT executive enterprise surveys, security stays top priority for increased enterprise ICT spending in the next 12-24 months. Survey results show that 49% of global enterprises plan increased investment in cybersecurity. That compares to cloud, the next-highest investment priority, where 37% of enterprises plan to grow budgets.
Under the cybersecurity umbrella, managed security services are a top area where enterprises expect to increase spending: 31% of companies plan new or increased strategic investment. Another 31% of enterprises plan to increase security operations investments: security information and event management (SIEM), security orchestration, automation, and response (SOAR), vulnerability management, and incident response. Other service areas targeted for increased investment include cloud protections such as cloud access security broker (CASB) (30%), firewalls and next-generation firewalls (27%), and DDoS mitigation (25%).
To sum up, SASE is a positive vision, but Omdia enterprise surveys show near-future security investments are tactical. Bigger businesses have built up security investments and expertise over many years. Existing security practices and models will need to evolve. Throwing out institutional intelligence to start fresh on a new, integrated security model is not an option.
As concepts, SD-WAN and SASE help enterprises think about how network functions and security fit together. SD-WAN grew quickly because enterprises had not already deployed these features elsewhere. It helped that existing router and firewall vendors embraced SD-WAN and rolled out upgrade options.
In security, enterprises have an installed base of partners that handle tasks predating SASE. Adopting a SASE model would mean ripping and replacing some of the enterprises’ existing security ecosystem of partners. It means the enterprise road to an integrated SASE, where it happens, will be slower and more customized.
Enterprises interested in embedding security into their network should first make sure the network is built on a solid foundation, with strong end-to-end visibility and flexibility to change. When network/IT administrators have a comprehensive base of network data to work from, they can better understand what is happening in the network, detect issues, and remediate them. A strong network foundation supports a strong network security strategy, for any route the enterprise ultimately takes.