In a few short years, the architecture of information systems has been completely disrupted. The 100% private information system secured by perimeter-based defenses has given way to a hybrid and open IT ecosystem. Employees access it both in the office and from home, whether from the company laptop, a tablet, or their personal smartphone.
De facto, the role of the WAN is no longer to interconnect the company’s sites with one another, but to connect all of these resources, whatever their nature.
Bastien Aerni, Vice President, Strategy & Technology Adoption at the managed network provider GTT, notes: « While replacing MPLS was often a starting point, today the adoption of SD-WAN meets broader ambitions from enterprises. Large organizations are seeking solutions that go beyond “simple” connectivity. They are looking for platforms capable of orchestrating performance, integrating security, and aligning with business priorities. »
SD-WAN are gradually replacing static network links with, beyond the cost advantage over MPLS circuits, the ability to deliver far more ancillary services; this is what is called SASE (Secure Access Service Edge). The provider delivers connectivity in a Network as a Service approach, a CDN service, WAN optimization, but also security services executed in its Cloud and/or on its router.
Among these services are CASB, Cloud SWG, ZTNA/VPN, or Firewall as a Service. SASE marks a strong trend toward consolidating network and security functions. A Gartner study from 2024 notes that by 2027, 65% of new SD-WAN contracts will go to unified SASE offerings delivered by a single provider, up from 20% currently.
Adrien Porcheron, France country director at Cato Networks, explains this evolution: « The objective is no longer solely to forward traffic efficiently, but also to guarantee secure, homogeneous and controlled access to applications and data, regardless of the usage context. »
This pure-play SASE provider advocates for a fully integrated offering, with centralization of protection functions on a single platform, which avoids the multiplication of physical devices or heterogeneous software bricks.
Beyond automatic updates, this centralization facilitates rule consistency, scalability and the automation of certain functions, notably thanks to artificial intelligence. « All traffic, whether local, internet or cloud-based, is processed within the same framework, which improves visibility and reduces blind spots. Security rules are applied uniformly, regardless of location or user profile. »
Targeting Mid-Sized Enterprises (ETIs)!
Network operators cannot stay on the sidelines of this evolution. Thus, Deutsche Telekom recently partnered with Juniper to offer an SD-WAN solution for SMEs and ETIs.
The proposed solution implements Juniper Mist’s platform from California and its real-time network and application monitoring AI. The offering is positioned starting from just three sites. In France, Orange turned to Palo Alto Networks as early as 2023 to offer SASE services.
Another illustration of this movement is the rapprochement between Ekinops, a French telecommunications solutions provider that recently completed the acquisition of Olfeo, a security solutions vendor.
« Ekinops controls the entire network side, including, of course, the SD-WAN component » explains Alexandre Souillé, president of Olfeo. « Its solutions are recognized, open, reliable and already deployed at large scale with operators and international companies. Olfeo thus complements this architecture with a complete SSE module that includes Secure Web Gateway, CASB and DLP products. »
The target for the two partners is mainly ETIs, but also public or sensitive organizations subjected to strict regulatory constraints (health, education, defense, local authorities, energy…) and large multi-site SMEs. The European origin of the two partners positions this offering well for tenders favoring sovereign solutions, which is not the case for those operated by major U.S. cybersecurity players.
