Issue link: https://insights.oneneck.com/i/1469039
14 Secure Access Service Edge (SASE) For Dummies, Cisco Special Edition These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. Looking at Traditional WAN Technologies For nearly two decades, the go-to WAN technology for IT, voice, and data networking infrastructure has been multiprotocol label switching (MPLS) network architectures. MPLS networks provide a resilient network backbone for connecting enterprise headquar- ters and remote branch locations. MPLS provides the capability to prioritize voice, video, and data traffic on your network to meet unique business requirements, and packets can be sent over a pri- vate MPLS network. However, enterprises today need more control, flexibility, and centralized management of their WAN environments than MPLS can offer, which is driving the need for change. The costs associ- ated with provisioning and maintaining private MPLS WAN links alone can be enough of a catalyst for change. MPLS networks are typically provided by Internet service providers (ISPs) and other service providers — both the well-known telecoms and the not so well-known smaller companies. Additionally, the inefficiencies of an MPLS network that backhauls Internet-bound traffic across branch office links to a corporate headend add cost, complexity, performance issues, and latency. Many organizations inevitably install a secondary direct Inter- net access (DIA) link at their branch locations to offload some of this Internet traffic. Such a solution increases recurring costs and introduces still more complexity. Network traffic may not neces- sarily be routed across the best link at a given time and bandwidth on one link or the other may be underutilized. On the security side, Internet-bound traffic needs to be minimally secured by DNS-layer security or a firewall, but may also require web content filtering, data loss prevention, real-time malware detection, and other security services. The lack of visibility and a centralized policy enforcement point makes it difficult, if not impossible, for security teams to ensure a secure and compliant operating environment (see Figure 2-1).