The enterprise network today is organized around the fast and secure access to information that enables all business workflows. This is an evolution from how the Local Area Network (LAN) and the Wide Area Network (WAN) were viewed for years: as separate entities. With the once clear LAN-WAN line of demarcation blurred, we now have boundaryless networks.
Traditionally, the LAN was for local resource sharing – the apps and physical infrastructure located with you, like local fileservers, email servers, devices, printers and more. All network services were local. The WAN interconnected multiple LANs, like a network of networks, and created an essential pathway to a data center or main office where shared corporate resources and security policy implementations were housed.
As networking shifted to a cloud environment, shared resources moved away from the data center. Today, global Software as a Service (SaaS) providers may deliver them, or they may reside in public or private clouds. That means the LAN increasingly serves as an “on-ramp” to something that isn’t local anymore. What’s more, the notion of “local” has taken on a logical rather than physical meaning thanks to the rise in mobile devices; “local” employees may be in the office, at home or on the road.
Similarly, the intent and meaning behind the WAN also morphed. Traditional WAN architecture proved too inflexible to accommodate highly distributed, scalable networks and a cloud-focused environment. As traditional LANs have grown lighter and lighter in terms of controls (or routing policies) and the ability to compute has shifted to the edge (rather than at the data center), the WAN must be able to manage enterprise traffic to all the new points and places where users access their shared corporate resources – the SaaS platforms, cloud providers and data centers.
Software Defined Wide Area Networking (SD-WAN) is the manifestation of this new WAN, because of its ability to support centralized management and access to applications hosted in data centers, public and private clouds.
So how are security policies implemented in a boundaryless network? With the advent of Secure Access Service Edge (SASE), a cloud-delivered security framework. SASE assumes that no request to access the network can be trusted automatically. SASE protects against expanding network entry points, even when they are not controlled by the enterprise, and enables identity-based control and context, where the identity is associated to users or user groups. This allows for the granting of access to all employees, or based on roles, or by the creation of sub-groups for specific teams or by management level. Here too, lightening the control plane streamlines the traditional LAN.
With SASE, the management planes for both networking and security are finally converging. By combining network and security functions with SD-WAN capabilities, SASE supports the dynamic, secure access needs of distributed organizations.
One might assume that having distinct lines drawn between the LAN and the WAN would be better, easier or less complicated. The fact is, a boundaryless network with blurred lines, like that of an SD-WAN SASE solution, simplifies the network and delivers secure access that keeps end users in mind – regardless of where those resources or end users may be.