Most organizations’ security setup is no longer fit for purpose. If that sounds too extreme, then at the very least it’s fair to say that anyone starting from scratch in most organizations would probably not design the security architecture in the way that it is currently implemented. Instead, they would probably design something which looks a lot like a Secure Access Service Edge (SASE) architecture.
That’s because most enterprises have a centralized security function, with security hardware running in the data center guarding the perimeter of the corporate network and monitoring the traffic flowing in and out of it. And that’s fine for organizations that are largely centralized, with users accessing data and applications over the corporate WAN. They may have branch offices, but these will either consume security services offered by the data center, or they may have their own branch office security appliance as well.
And that’s not to mention the huge number of people who are now working remotely due to the coronavirus pandemic, and who may continue to do so indefinitely. Many of these people may be accessing cloud applications most of the time, but even so they have to connect to their organization’s data center via a VPN before their traffic can get to the cloud services they want to access.
However, the proportion of traffic from branch offices which is ultimately destined for the internet rather than the corporate data center has increased from 20% to over 80%, according to Juniper Networks. So sending it to the data center first, to go through a security stack, is definitely suboptimal for a number of reasons:
- This results in a huge amount of traffic moving over the WAN between branch offices and the data center when it could otherwise go straight out onto the internet from branch offices. This has an impact on WAN bandwidth costs.
- Some traffic, such as Office 365 data, does not need to go through the full security stack, so sending it over the WAN is a waste of resources.
- Sending data to a centralized security function can have a significant impact on performance, both of the WAN, but also of cloud applications.