Cloud SASE – Secure SD-WAN
The pandemic has forced organizations to accelerate their digital transformation journey and ensure remote access for the dispersed workforce becomes part of their DNA.
In a recent study, over 69% of enterprises transfer corporate ERP data to the cloud (IaaS or SaaS). Cloud adoption has gained major momentum in the Middle East with Azure, AWS, and Oracle Cloud Infrastructure having a presence across various countries in the GCC – UAE, Saudi Arabia, Bahrain, and Qatar.
Connectivity to the cloud and seamless accessibility is an integral part of digital transformation. Large organizations that have a diversified workforce where users may be sitting in the head office, remote sites or branches, campuses, and working from home, need to access hybrid corporate resources, workloads, and applications that may reside on-premises and in the cloud.
MPLS technology has existed for more than two decades and has been the lifeblood of many organizations in terms of providing connectivity to data centers, remote sites, branches, offices, third-party interconnections, etc. MPLS is delivered by global and national internet service providers who own the country’s fiber backbone infrastructure.
MPLS although guarantees bandwidth with QoS and a certain level of security with VRFs has always been extremely expensive and contributes to a high OpEx for any business. With internet penetration reaching record levels, replacing MPLS with internet connectivity becomes a compelling business justification for IT.
That is exactly where SD-WAN and SASE come into play.
Although MPLS has been well-utilized across many organizations for many years the adoption and introduction of new methods of secure connectivity using the internet is now really taking off. Organizations that have utilized MPLS (remote sites or interconnection between data centers) end up with poor experience with low-bandwidth connectivity; organizations can always opt for guaranteed high-bandwidth MPLS connections on the last mile but that is extremely costly.
To overcome the low-bandwidth constraints of MPLS, organizations adopted WAN optimization technologies where low-bandwidth challenges can be overcome by optimizing traffic and packet transmission using dedicated WAN optimizer appliances across remote sites. The overall ROI and TCO between MPLS cost of operations with WAN optimization had never been fully realized till SD-WAN technology was introduced into the market a few years ago.
SD-WAN gives the same functionality as MPLS with WAN optimization of remote site connectivity in a secure and optimized manner but using the internet as a medium of data transfer rather than MPLS. This has given rise to the SD-WAN market segment, coupled with SASE as a combined service offering – the reasons to consider SD-WAN far outweigh compared to continuing with legacy MPLS architecture.
MPLS VPN is getting less popular as organizations begin to use the public cloud. Whilst MPLS was essential to a successful hybrid design (remote branches and data centers), organizations have decentralized their network activity with a remote workforce. Private MPLS and VPN topology is no longer appropriate. The following are the key reasons for this transition.
- SDN has given rise to network device intelligence and introduced automation where network equipment can be dynamically instrumented and configured through a centralized management platform.
- IT departments have been urged to save OpEx by switching from MPLS to Internet.
- With enterprises embracing some form of public cloud, from Office365 to several customized SaaS and IaaS environments in Azure, AWS, GCP, or OCI, traffic no longer rests within private data centers like it used to.
- BYOD (Bring Your Own Device) and remote working, there is no longer a need for a network perimeter because connectivity is available almost everywhere from any device.
- Maintaining application performance necessitates intelligent routing mechanisms with detailed reporting and features such as QoS (Quality of Service) and FEC (Frequency of Communication) / (Forward Error Correction).
- Easing the operational burden, SD-WAN operational support is relatively easy, but it necessitates a high conceptual understanding.
- Improving cybersecurity across remote sites and securing remote users’ internet access.
Secure SD-WAN is a network solution that replaces traditional WAN created with MPLS technology. It offers a solution for optimizing and securing communication between any two locations such as a remote branch or site with the data center or private cloud using secure SD-WAN equipment – typically over the internet.
MPLS is intended to provide dedicated, performance-guaranteed network links that ensure consistent communication between two designated locations. However, they have limited capacity, are costly, and are geographically constrained due to the availability of MPLS circuits and the local loop coverage the ISP provides.
With the increased adoption of the cloud to host corporate workloads, secure SD-WAN has now evolved and converged with Secure Access Service Edge (SASE) to provide a compelling service offering.
The intended development in the offering was created to fulfil the changing cybersecurity and demands of businesses while also addressing connectivity for a remote workforce and decentralized organization.
Various use cases come into fruition when SD-WAN and SASE are utilized with internet connectivity.
- Zero Trust Internet Access Workplace (Office, Remote Site, and Home)
- Decentralized Secure Internet (replacing MPLS) for Remote Branches/Sites
- Decentralized Secure Private Access
o Remote Branches/Sites accessing Cloud Environment (replacing MPLS)
o Remote Branches/Sites accessing Data Center Environment (replacing MPLS)
Secure SD-WAN is intended to deliver the same if not better network performance and reliability level as MPLS, while eliminating the need for dedicated and costly connections, all of this whilst leveraging the internet.
Using Software Defined Network (SDN) techniques to select the best routing path, maintain quality of service, and support device-to-device encryption for security; SD-WAN equipment deployed across remote sites, branches, data center, and cloud can all be interconnected through mesh fabric providing any-to-any connectivity whilst all being managed through a single pane of glass for O&M.
The illustration demonstrates how traditional MPLS can be replaced with SASE and SD-WAN technology.
FYNSEC powered by DTS Solution has created a premium SASE with an SD-WAN platform in the GCC region.
FYNSEC SASE platform is ISO27001 certified, SOC2 approved, and GDPR compliant and is built on award-winning technology from CATO Networks and Fortinet, which has a global footprint in all corners of the world. In addition, FYNSEC adopts a Zero Trust Access unified security engine across all environments: head office, data centers, public cloud, remote sites, campuses, and remote work from home users. There are so many compelling benefits of FYNSEC to help you migrate from traditional costly MPLS.
- Zero Trust Secure Internet Access and Network Access from all environments.
- Secure the workforce from any location.
- Optimize and replace costly MPLS and backhaul connections using SD-WAN.
- Unified Cloud Security Policy with Cloud-SASE Fabric for all environments.
- 24×7 Managed SASE/SD-WAN Security Services with Continuous Threat Detection and Response Monitoring
Contact us for a demo and experience how your digital transformation can be accelerated.
