VMware is boosting secure access for remote and mobile workers by mixing its Workspace ONE offering with its SD-WAN package.\nThe resulting VMware SD-WAN Zero Trust Service promises to help enterprises\u00a0 handle growing distributed workloads for remote workers. The service also represents a big step toward secure-access service edge (SASE), a new secuity architecture with a growning portfolio of products across vendors that promise to blend SD-WAN networking and security technologies into cloud-based services.\n\n\u201cThe scope of SD-WAN is expanding to include remote desktops, laptops and mobile users and much of that expansion is due to the COVID-19 pandemic,\u201d said Sanjay Uppal, vice president and general manager of VMware\u2019s VeloCloud Business Unit. \u00a0\u201cThere is a growing need for zero trust networks as companies don\u2019t want to allow this influx of remote users to come into the network and go anywhere. IT needs to control device access to specific applications or containers.\u201d\nSpecifically, the VMware SD-WAN Zero Trust Service will be delivered through VMware\u2019s service-node network deployed across more than 100 global locations, operated by both VMware and more than 120 telecom service-provider partners.\u00a0 It will also become part of its VMware Workspace ONE Intelligent Hub, which is used on millions of devices, Uppal said.\nAccording to VMware, the Workspace ONE platform securely manages end users' mobile devices and cloud-hosted virtual desktops and applications from the cloud or on-premise.\nThe remote-access client automatically connects to the closest VMware SD-WAN cloud PoP. Based on enterprise policy, the user traffic may be passed to a cloud firewall, a web security service, to another enterprise branch or data center, to an application or service that's needed. The service employs split tunneling in which only enterprise traffic goes to the service; personal traffic gets forwarded directly to the internet.\n\n\n\n\n\nThe idea is to avoid latency-inducing hairpinned paths through an enterprise data center where strained VPN appliances might have been hosted in the past, Uppal said. The service works with a variety of third-party services from vendors such as Zscaler, Uppal said.\nRouting policy and security controls remain in enterprise control while the VMware SD-WAN cloud service handles scaling, management, upgrading and multi-region VPN service presence, Uppal said.\nIf users work from home or travel, the service establishes secure trust with their devices and grants access to authorized applications. The service supports multi-factor authentication, Uppal said.\nIn the future the service will be integrated with AI-based network management and analytics that VMware recently bought from Nyansa.\nWhen VMware bought\u00a0 Nyansain January it said the technology would be targeted at boosting monitoring and troubleshooting for LAN\/WAN deployments within its SD-WAN package.\u00a0\nSASE on the rise\nThe market behind SASE is growing, with VMware, Cisco and others including Palo Alto, Cato Networks, Fortinet and many more taking steps toward supporting it.\u00a0\nJeff Reed, senior vice president of product, Cisco\u2019s Security Business Group recently wrote in a blog post: \u201cThe rapid adoption of SD-WAN for connecting to multi-cloud applications provides enterprises with the opportunity to rethink how access and security are managed from campus to cloud to edge. With 60% of organizations expecting the majority of applications to be in the cloud by 2021 and over 50% of the workforce to be operating remotely, new networking and security models such SASE offer a new way to manage the new normal.\u201d\nAt this point though vendors such as VMware and Cisco, while it is important that they support SASE concepts full-on, are still very early in the journey, said Lee Doyle, principal analyst at Doyle Research and Network World contributor.\u00a0\n\u201cVMware says VPNs are broken and hard to manage and don\u2019t scale well; indeed its time for a new type of integrated, more cloud-oriented endpoint security and this new service is a good start,\u201d he said.