Spirent circle logo

SASE and ZT: SD-WAN’s New Normal for Security

By:

Secure Access Secure Edge (SASE) and Zero Trust (ZT) represent a critical evolutionary step for ensuring holistic SD-WAN security in the post-Covid multi-cloud environment – ‘Secure SD-WAN.’ Learn why a comprehensive test and validation strategy is essential to ensure Secure SD-WAN’s promise of being the ‘on-ramp of choice to the cloud’ for a growing number of enterprises.

SD‑WAN is quickly evolving from upholding physical on-premises connectivity to becoming cloud-centric. This was accelerated by the Covid pandemic, where remote work was accelerated, and redefined networking in the process. The hybrid workforce – blending on-site, remote and work from home (WFH) – and other cloud use cases are now second nature.

This disruption has resulted in more sophisticated threats, which in turn has elevated the urgency and importance of holistic security. In response, this new reality for SD-WAN necessitated employing a new policy-based framework of security management known as Secure Access Secure Edge (SASE) in conjunction with Zero Trust (ZT) authentication to access cloud-based applications and data.

From physical on-premises interconnection to ubiquitous multi-cloud access of any resource from anywhere, anytime.

Developed by Gartner in 2019, SASE redefined SD-WAN security architecture in response to the disappearing physical perimeter which governed enterprise network security for generations. SASE addresses two major trends. The first is long-standing migration of applications and data from the data center into the cloud, presenting a new host of security challenges. Second, the post-Covid workforce is returning from WFH, to a hybrid model, with dramatic implications.

SASE is a distributed security architecture where security functions are hosted in the cloud (vs. the data center), and is intended to address the cloud-centric enterprise. Enterprise end-users simply connect to a local cloud access network.

Zero Trust (ZT) – a companion technology proposed by Forrester Research in 2010, eliminates the notion of trust, necessitating that access must be granted for each application transaction. Every time cloud-hosted resources are accessed – data, applications, or other resources, ZT dynamically assesses whether the requesting user has the privileges, the context is appropriate, as their identity is authenticated. Only then will access be granted to the specific applications and/or data requested.

Staying on top of secure SD-WAN challenges

The MEF has a number of projects underway in response to the SASE wave. Spirent is a leading contributor to the MEF SD‑WAN Security testing initiatives, including Application Security for SD‑WAN (MEF 88), along with the emerging Secure Access Service Edge (SASE, MEF 117) and Zero Trust Framework (ZTF, MEF 118) projects. Spirent is leading the Security Test and Certification Incubation Group to explore how MEF can certify the emerging security standards. In addition, Spirent also drove creation of the first SD-WAN certification program, with MEF selecting Spirent as the first, and currently primary, Authorized Certificate Test Partner (ACTP) for SD-WAN.

While MEF is steadily paving the way towards Secure SD-WAN in the near-term, enterprises, managed service providers (MSPs) and managed security service providers (MSSPs) must ensure their solutions perform as expected for their customers. At times, these organizations do not have the qualified technology expertise, time, or budget required to ensure an SD-WAN solution’s holistic promise. In instances like these, a trusted, vendor-neutral testing and validation partner is required.

Quotes

Enterprises, managed service providers (MSPs) and managed security service providers (MSSPs) must ensure their solutions perform as expected for their customers.

Spirent’s deep experience with SD-WAN also extends into the delivery of security solutions across a broad range of customer challenges and is the leader in 5G testing. Spirent has developed an extensive portfolio of testing platforms based on our proven network and cybersecurity testing methodologies. In addition to products, Spirent offers a range of testing services that leverage our extensive expertise working with the world’s largest managed service providers to provide customized solutions for design and pre-deployment testing.

Empowering the realization of SD-WAN’s promise

SD-WAN ushers in a new era of cloud-based services, which tailor the network to the application demands. However, migration to the cloud incurs challenges of reliable interoperability and inherent inefficiences. This includes new risks and vulnerabilities as the potential attack surface increases dramatically with an explosion in endpoints and increased use of publicly accessible networks.

The complexity of SD-WAN services is further complicated by the virtualization of SD-WAN endpoints and controllers, which introduce a new set of challenges. Any organization attempting to address these complexities on their own, without a deep bench of expertise and technology capabilities, faces serious challenges. For additional details on how Spirent’s SD-WAN validation approach may benefit MSPs, MSSPs, and their vendors, download our new SD-WAN eBook, Paving the Way to Secure SD-WAN.

Like our content?

Subscribe to our blogs here.

Blog Newsletter Subscription

Marc Cohn
Marc Cohn

Director, Marketing & Technical Strategy, Virtualization

Marc works for Spirent's strategy organization helping to define technical direction in the Virtualization segment. He has been a major contributor to the SDN and NFV community, as the former VP of Network Strategy for The Linux Foundation, the Executive Director for the OPEN-Oopen orchestration project (since merged into the ONAP project), Market Area Director and ONF Fellow for the Open Networking Foundation (ONF), an advisor to the Chair of the ETSI NFV ISG, and Silver Member representative (and Treasurer) for the OpenDaylight Board of Directors. He has also held a number of executive roles in strategy and marketing at ClearPath Networks, Ciena Corporation and IP Infusion, among others. Most recently, Marc was appointed as co-chair of the MEF Certification Committee and joined the MEF Leadership Team. Join the conversation and connect with Marc on LinkedIn or follow on her on Twitter at @mdcohn