This blog is part of the ongoing “I&O Perspectives” series, which features insights from industry experts about the impact of current threats, networking, and other cybersecurity trends.
As I embark on a new role with the Netskope Platform Engineering team, I am eager to explore how our company’s vision shapes the evolution of enterprise networking security. This first article in a series is a testament to my technical introspection, introducing the background, challenges, and needs that led to SASE—security access service edge.
Over the past quarter of a century, enterprises have gradually recognized the internet as a reliable means of transporting applications. Remote work further accelerated this shift, transforming the workspace into a borderless environment. Coupled with the rise of corporate SaaS applications, this has led to a new era of connectivity.
However, in this new era, the internet has become a critical vector for cyber threats. As organizations rely more on the internet for connectivity, they face increased exposure to sophisticated threats, including data breaches, malware, and phishing attacks. SASE emerged as a response to the limitations of traditional networking and security models.
With all of that in mind, let’s take a journey through the recent history of WANs to understand the direction security and networking are heading.
Wide area network evolution shaping our present and future
In 2000, before the internet bubble burst, Cisco Systems had the highest market capitalization worldwide, standing as the unquestioned leader in the enterprise networking industry. Internet security products were negligible in Cisco’s revenue statements, contributing only a tiny fraction of their sales. Overall, cybersecurity was still a relatively small sector. Corporate networks and the internet used to exist as two distinct silos, a separation that inherently provided security without necessitating encryption.
The wide area network (WAN) backbones, which were, by definition, running on private physical infrastructure, relied on legacy dedicated point-to-point lines and protocols, such as frame relay and ATM.
Additionally, cloud applications were not that critical for corporations. Besides email, electronic communications and IT resources were mainly private.
Some early adopters started using more IPsec site-to-site tunnels for WAN backup and offloading low-priority traffic over the internet. I remember demonstrating such implementation for a large corporation back in 2002, but it didn’t go beyond a proof-of-concept. At that time, best-effort internet was not considered eligible to transport sensitive corporate traffic. Today, this has evolved with intelligent quality of service and orchestration within a graphical interface, representing the SD-WAN part of SASE.
Multiprotocol Label Switching (MPLS) virtual private network (VPN), a genuine IP-minded solution, was the rising star.
MPLS and VRF: Enhancing IP routing and network isolation
MPLS is a set of core switching protocols designed to speed up IP routing. It combines the advantages of IP and ATM.
Network operators and vendors developed the VPN application of MPLS to provide network isolation at layer 3. On an MPLS-VPN network, each VPN is a private routing context. Customers purchase one or several VPN contexts to segregate their WAN