SD-WAN vs SASE: What does your business require?

Mike Blunt
Architect, Practice Lead

New Technology with dozens of vendors spouting terms like SD-WAN and SASE with substantially different capabilities are confusing the marketplace. 


Software-defined Wide Area Network (SD-WAN) is a maturing technology that Gartner first covered in July 2015. It has secured a place in the market and should be considered a hot topic, especially given how well it has played out over the COVID-19 pandemic.  

The Secure Access Service Edge (SASE, pronounced “sassy”) is a relatively new term introduced by Gartner in 2019 and is gaining tremendous momentum. It adds a comprehensive security architecture at the edge. 

While different, these two technologies will play a significant role in the evolution of your WAN, Application, and Cloud services. They also complement each other and should share a typical function in your business model and business requirements.  

Is SD-WAN the right fit for your business? 

SD-WAN and the various vendor implementations are not equal. When determining if SD-WAN is right for your business, it is best to focus on the primary function. SD-WAN is used to connect branch, data center, and headquarter locations that are spread out across a wide geography. There are also enhancements such as cloud connectivity either directly from the branch or centrally localized at a data center. One of the major concerns for SD-WAN has been the enhancements to network security models that are more flexible than the traditional centralized model. 

Now while this may be a concern, each SD-WAN design model is different, and organizations are currently thriving via centralized models as well. Here are a few other questions that could be used in determining if SD-WAN is right for you: 

  • Do we fully understand your business requirements? 
  • Can we remove higher-cost MPLS links with Internet-based solutions? 
  • Do you have the capacity to perform Proof of Concepts across multiple vendors? 
  • Does our security policy allow for enhancements such as Cloud offramp and service chaining at the edge? 
  • How does SD-WAN save your business money? 
  • Can you determine the total cost of ownership (TCO) and its impact on CAPEX and or OPEX? 

Is SASE the right fit for your business? 

SASE focuses on organizations adopting a cloud-first approach to their business. Enterprises should secure the edge with as-a-service solutions that allow users, devices, applications, and data located outside of an enterprise to be covered by a single solution. Gartner writes that “Complexity, latency and the need to decrypt and inspect encrypted traffic once will increase demand for consolidation of networking and security-as-a-service capabilities into a cloud-delivered secure access service edge.” 



With SASE, businesses should determine if the solution is right for them based on some of the following criteria: 

  • Is the business moving towards a cloud-centric model? 
  • Define business requirements and determine a cloud adoption strategy. 
  • Decryption and inspection only happen once across multiple solutions which require a documented security/data policy 
  • Do we have the capacity to perform Proof of Concepts across multiple vendors? 
  • As an emerging technology, SASE has vendors determining how they deliver or how they should deliver SASE in addition to SD-WAN. This is still a work in progress. 


Overall, SD-WAN and SASE seem to lead to the same outcome but utilizing different solutions to get there. When determining what is best for your organization, focus on the long-term strategy and what risk/impact each solution has on the business. 

When you are ready, NetCraftsmen Consultants are available to discuss SD-WAN and SASE systems to improve productivity and reduce risk to your business. Let us know how we can help by contacting us here. 


Nick Kelly

Cybersecurity Engineer, Cisco

Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.


Virgilio “BONG” dela Cruz Jr.

CCDP, CCNA V, CCNP, Cisco IPS Express Security for AM/EE
Field Solutions Architect, Tech Data

Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.


John Cavanaugh

CCIE #1066, CCDE #20070002, CCAr
Chief Technology Officer, Practice Lead Security Services, NetCraftsmen

John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services.  Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.

He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.