How Will SASE Change Networking in 2021?

How Will SASE Change Networking in 2021?

By Flux7 Labs
December 16, 2020

The next decade of economic performance for every business will be defined by the speed of their digital transformation,” said Satya Nadella, CEO of Microsoft. For the past few years, the cloud has grown exponentially. It should not come as a surprise but if you are looking for data points, this IDG survey is a great resource. Thousands of companies have already migrated thousands of apps to the cloud. So, what’s the next big shift? SASE will play a leading role.

COVID19 has put more urgency on digital transformation. Millions of employees started working from home. Many will not return to their office as many organizations have already closed small or non-strategic office locations: remote working has crossed the chasm. One of the highly visible effects of this change is the booming adoption of remote working software like Zoom. At least, the stock market hagreat expectationfor these companies growth given the new environment we live in. Zoom stock jumped 488% YTD compared to 33% for the NASDAQ Index, as of this writingin later November.  

Large organizations still have sizeable datacenter footprintsIn these datacenters, we find applications that haven’t migrated to the cloud but also networking components such as firewalls, load balancers, IDSIPS, routers, switches and devices managing partner connectionsJust a few years ago, it was common to design networks for offices to connect to a datacenter where internal applications ran and internet traffic was filtered. Yet, given that more employees now work remotely, and many applications have moved to the cloud, it is an appropriate time to ask whether these networking components are ideally placed on-premises or if they should migrate to the cloud. As a result, transforming traditional on-premises networks to the SASE model (Secure Access Service Edge) is a rising priority for many large organizations today. 

Traditional hub-and-spoke architectures vs SASE model.
Figure 1. Traditional hub-and-spoke architectures vs SASE model.

Enterprises Transition to SASE 

According to Gartner: “By 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018“If you are looking to validate our observation, look at the stock performance of companies with modern networking products as their core offeringZscaler and Palo AltoZscaler stock has jumped 118% between its introduction on January 15th, 2020, and the time of this writing (late Novembervs 30% for the NASDAQ index. Both Zscaler and Palo Alto offer great products to implement SASE. 

AWS network hub that secures Ingress and Egress traffic
Figure 2. AWS network hub that secures Ingress and Egress traffic

SASE Benefits 

Users can expect these key benefits from the SASE model over traditional networking: 

  • Better Performance and User Experience: Users can easily connect to wherever resources are located. Access to apps, the internet, and corporate data is available globally thanks to cloud infrastructure. That increases employee productivity because it creates a seamless connection between employees and company resources. Also, IT teams spend less time on connecting workers to applications and more time focused on innovation and strategic work. 
  • Full Visibility and ControlCompanies experience always increasing cybersecurity threats as attackers try to access corporate networks and cloud applications.  Unlike the traditional approach, SASE provides full visibility and control by leveraging cloud capabilities such as NGFW (Next Generation Firewall), SWG (Secure Web Gateway), DLP (Data Loss Prevention) and ZTNA (Zero Trust Network Access), which means better security.  
  • Lower Costs: With minimal hardware or software requirements, SASE requires lower capital investments than traditional approaches.  
  • Less Complexity: Network and security teams no longer need to learn, configure and manage multiple systems from different vendors. This gives teams more time to spend on other critical projects.  

SASE Solutions 

While most widely known, Palo Alto and Zscaler are not the only options available. In November 2020, AWS released two services that simplify  implementing SASE in AWS: 

  • AWS Network Firewall is a managed service that makes it easy to deploy essential network protections for all your Amazon Virtual Private Clouds (VPCs) Thanks to its native integration with other AWS services, AWS Firewall Manager allows you to configure Network Firewall for AWS accounts and VPCs in an AWS Organization. AWS Security Hub gives you a comprehensive view of your security alerts and security posture across the whole AWS Organization.  On the other hand, because it is an AWS specific solution, it cannot be used for on-premises networks or other cloud providers. 
  • AWS Gateway Load Balancer (GWLB) makes it easy to deploy, scale, and manage your third-party virtual appliances. GWLB combines a transparent network gateway (a single entry and exit point for all traffic) and a load balancer that distributes traffic and scales your 3rd party security and networking virtual appliances up, or down, based on demand. GWLB is designed for virtual appliances from AWS Partners and ISVs in the AWS MarketplaceThis allows you to quickly integrate the vendor you are already familiar with and trust, or test options from other vendors. 
Figure 3. Distributed Architecture using Gateway Load Balancer and Gateway Load Balancer Endpoints
Figure 3. Distributed Architecture using Gateway Load Balancer and Gateway Load Balancer Endpoints

In addition to these two new AWS services, AWS Transit Gateway service connects VPCs and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships. It acts as a cloud router – each new connection is only made once. 

AWS provides variety of network and security services that allow you to build network security hub in the cloudAWS Transit Gateway and AWS Gateway Load Balancer allow enterprise customers to build a secure global network in the cloud. With it, they can connect multiple cloud providers and on-premises systems in secure, flexible and cost-efficient way 

We believe this shift will drive further datacenter consolidations, bringing substantial cost optimization and demand for other core IT components (such as Active Directory and DNS) to be redesigned. 

If you need to transform your networking architecture, NTT DATA can help you assess, design, implement and either train your networking team or manage SASE for you. 

Written by Artem Kobrin and Matt Buchner, Flux7 Labs

Flux7, an NTT DATA Company, is the only Sherpa on the DevOps journey that assesses, designs, and teaches while implementing a holistic solution for its enterprise customers, thus giving its clients the skills needed to manage and expand on the technology moving forward. Not a reseller or an MSP, Flux7 recommendations are 100% focused on customer requirements and creating the most efficient infrastructure possible that automates operations, streamlines and enhances development, and supports specific business goals.