Transitioning from SD-WAN to SASE
Moving from SD-WAN to SASE may make sense when looking at it from the outside due to the increased security and cloud based management, but as some research shows, it can be a complicated, difficult transition. Because SD-WAN just works as an overlay network that backhauls traffic to data centers, the cloud-based SASE can deliver a better and more secure network access experience. That’s especially true these days, when remote working is so much more common. Using SASE makes sense for organizations that need lots of secure remote access, particularly when compared to SD-WAN.
But what happens when the transition between the two becomes too difficult? In research from Enterprise Management Associates (EMA), a poll of 313 IT professionals showed how complicated it can be. Only 11% of the respondents in that survey called it “very easy.” Which puts the other 89% in the other category, having some sort of issue with the transition.
So how can you transition from SD-WAN to SASE with minimal interruption and complication? Let’s dig into it and explore how you can make this transition as pain-free as possible.
Benefits of the SD-WAN to SASE Transition
If 89% of respondents are having some trouble with this transition, why is it so common? Because it’s worth the challenge. There are specific benefits in moving from SD-WAN to SASE that can help an organization with long-term results, even if the short-term doesn’t always feel so easy.
- SASE provides flexibility. Using SASE means an entire workforce can securely access the centralized company resources—as long as they have an Internet connection. This is essential for any organization that needs its key data available to a remote (and possibly global) workforce. And it’s one of the key reasons that organizations that rely on remote work tend to look at SASE as a solution.
- Cloud-based infrastructures provide greater capacity. With that flexibility comes increased capacity. For example, a company can scale more quickly and with more efficiency if its databases are built in a cloud-based structure. Onboarding a new remote employee becomes as simple as hiring an employee with access to the Internet. You can then steer that employee to company resources on the central database, or other cloud-based solutions, to get them up to speed.
Dealing with the Complexity of Multi-Vendor SD-WAN Issues
What about the challenges to overcome? One of the central issues is that SD-WAN sourced from multiple vendors is common. For example, companies may have different sites, each with their own vendor requirements. Imagine one manufacturing site versus what’s required to run a sales office. The two could look completely different—which often means companies source additional help from different vendors.
In addition, organizations that acquire other businesses often end up with different networking technologies that need to slowly migrated into the corporate standard. In cases like this it is also typical to have multiple vendor sourcing and multiple network manufacturers, adding additional complexity.
As NetworkWorld noted, some 43% of enterprises in EMA’s research group reported having multiple SD-WAN vendors. And those respondents who said they had multiple vendors also tended to be the ones reporting the most difficulty with the SASE transition.
In other words, multiple vendors will throw a wrench into this transition due to the increased complexity. Look at your current SD-WAN infrastructure and ask yourself some key questions. Is it possible for you to reduce vendors before the transition? Are there any steps you can take to simplify the process before the transition?
The DIY Approach—and Where it’s Going Wrong
There’s another wrench that you can throw into the process before you even start: a DIY approach. DIY means you have to be resourceful and innovative. So what’s wrong with that picture? The research suggests that most IT organizations prefer SD-WAN as a managed service, making the DIY approach something of an outlier.
About 66% of IT organizations responding to the research said they preferred consuming SD-WAN as a managed service. How did the DIY approach fare? According to the research highlighted by Network World “40% of consumers of managed SD-WAN services told us they preferred a managed service over DIY specifically because it enabled better integration with other managed services, such as SASE security services.”
In other words, managed SD-WAN services made the transition to SASE easier. In this scenario the DIY approach is not ideal, and can add up to unexpected costs down the road. There is some irony there: You might have pursued a DIY approach in the first place because you thought it would be more cost-effective, but when it comes time to migrate to SASE or attempt a complicated change at your data center, all of that DIY ingenuity can potentially come back to bite you. If you’re still at the stage where you’re considering a DIY vs. a managed services approach, remember that the managed approach might cost more now, but it can also pay dividends down the road.
Dealing with Poor WAN Observability
Another potential issue with the DIY approach: poor WAN observability. Recall that observability in this context refers to your ability to monitor all aspects of the data center, understanding how the entire digital process works from beginning to end. For this transition, you will need a blueprint from beginning to end.
The DIY approach can get in the way of that. Migrating to SASE means that SASE solutions will deliver enhanced security functionality via globally distributed points of presence, or POP. If you have a DIY SD-WAN that needs transitioning to SASE, you may not be familiar with how SASE can establish these POP.
In this context, POP usually work from single nodes which have a myriad of capabilities for monitoring what’s going on: they can be switches, routers, firewalls, etc. They can even help manage bandwidth. As such, if you’ve dealt with poor WAN visibility before, you may not be able to build out a POP framework that will give you the upgrade in simplicity that SASE can offer.
When transitioning from SD-WAN to SASE, especially if you’ve used the DIY approach before, it can be tempting to do everything piecemeal. You’ll be tempted to save money by cutting corners, or maybe slicing parts off the process and handling little bits at a time.
But in some cases, it may be in your long-term interest to migrate to a new, simplified structure or work with a managed service provider to expand your observability via use of new technology. You don’t want to bring bad habits you established with your SD-WAN to your new SASE framework. Instead, you’ll want to use the advantages of SASE, including those simpler POP, to create more observability over the entire process.
Start with that kind of transition in mind and you’ll be far more likely to achieve success as you make the transition from SD-WAN to SASE. And if you’ve already embraced that DIY approach, it may be time to think about how you can start fixing things so your future results are less DIY—but more cost-effective over the long-term.
As a top Aruba Wireless partner, ComportSecure specializes in both network transitions and security so we can ease your transition to SASE. Contact us today to get started on the right path.
Written by Matt Burch, VP of Managed Services for ComportSecure