Issue link: https://insights.oneneck.com/i/1469039
10 Secure Access Service Edge (SASE) For Dummies, Cisco Special Edition These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. Existing WAN links using MPLS are unable to handle increasing bandwidth demands from users who need fast, reliable access to the Internet, so they can be as productive as possible. To address the growing need for direct Internet access to cloud-based apps, more organizations (79 percent according to the Enterprise Strat- egy Group) are either investigating, or already using, broad- band DIA at branch locations instead of backhauling traffic over MPLS. Although these DIA links address performance issues associated with backhauling traffic to an MPLS headend location, they're often provided by local Internet service providers (ISPs) as broadband links — it's important to check into resiliency, quality of service (QoS) prioritization, and service level agreement (SLA) guarantees. Performance issues with "run-the-business" SaaS apps Many SaaS apps today have become core "run-the-business" enterprise apps — some examples include Salesforce, Office 365, and Workday. Backhauling SaaS traffic across costly MPLS WAN links to a corporate headend creates network congestion and latency. This, in turn, causes performance issues that result in lost productivity and user frustration. Complexity in the WAN may cause additional performance issues due to less-than- optimal routing decisions, improper traffic classification and pri- oritization, and inefficient policy enforcement. When users experience performance issues with corporate- approved apps, they often turn to unauthorized and potentially risky apps to get their jobs done. This shadow IT culture in which the IT department — and security controls — are circumvented is a big problem. More than 1,200 cloud services are used in the average large enterprise today and the Enterprise Strategy Group reports that as much as 98 percent of those services are unsanc- tioned and unvetted SaaS apps. Although many organizations implement security policies requir- ing remote or roaming users to backhaul their network traf- fic across VPN tunnels, 85 percent of organizations believe their users violate these corporate VPN policies, according to the Enter- prise Strategy Group.