Technology services distributor TBI is adding Aryaka Networks to its supplier portfolio, tapping into the vendor’s managed SD-WAN and unified secure access service edge (SASE) platforms.

The move follows Aryaka expanding on its goal to build a “zero-trust WAN” with the addition of secure web gateway-as-a-service (SWGaaS) – a line of defense for site-to-internet and user-to-internet traffic – in October. The zero trust WAN product also includes firewall-as-a-service (FwaaS), which along with SWG, zero-trust network access (ZTNA), and cloud access security broker (CASB) comprise the cloud-based security suite required by any SASE architecture.

Aryaka’s SD-WAN and SASE services enable partners to deliver services optimized for performance over layer-two or cost over layer-three, a capability that expands the addressable market for the services.

Dell’Oro Group’s Network Security Market report initially named Versa, VMware, and Cato as the only vendors offering a truly “unified SASE” platform, with Aryaka added to that list in July.

IDC predicts that by 2023, 90% of global organizations plan to prioritize investments in digital transformation initiatives. The shift away from traditional, centralized offices to the new norm of remote users functioning as their own branch offices has accelerated the adoption of digital transformation, TBI Solution Engineer Justin Foxwood told SDxCentral.

“Organizations have had to re-think how to not only empower their employees to thrive in this new normal but also how to secure this nebulous, and in many cases, literally moving target,” Foxwood said. “This task can be very overwhelming when dealing with disparate networking and security technologies, as they tend to spread IT and security teams thin trying to manage all the different interfaces and lack of visibility across platforms.”

SASE addresses these challenges by converging critical security and networking technologies under one pane of glass, Foxwood noted. Everything from remote access (VPN/ZTNA), next-generation firewall (NGFW), web content filtering (SWG), and the entire SD-WAN stack can be managed via a unified cloud interface, freeing up critical resources to focus on further digital transformation projects.

Foxwood explained both traditional VPNs and SASE can establish secure private network connections over the public internet, allowing remote access into corporate networks. But SASE "takes things a bit further from a security and ease of use standpoint."

A traditional site-to-site VPN setup often requires multiple VPN appliances, which need ongoing maintenance and support, and tend to operate in a vacuum from a security policy enforcement perspective. "Add latency and clunky user interfaces to the mix and it’s no wonder why the rise of ZTNA and SASE has picked up so much speed," Foxwood said.

SASE enables various types of devices, such as cell phones and laptops, to establish encrypted tunnels quickly and seamlessly to the nearest SASE point-of-presence (PoP), where the engrained security functions like ZTNA, SWG, CASB, and NGFW "continuously scan and authenticate the traffic and optimize the route to the desired network resource."

"This is incredibly important as the network edge has and will continue to trend in the direction of remote users, which hasn’t gone unnoticed by bad actors looking to take advantage," Foxwood said.

“If a hybrid organization is not using SASE as a foundational component of their cybersecurity strategy, they’re making a costly mistake,” he added. “SASE streamlines and strengthens security and connectivity across a dispersed workplace, making it a no-brainer for hybrid organizations.”