3 Strategic Imperatives for Winning the Secure Cloud Transition

Networking and security IT infrastructures have evolved to a level of complexity unmanageable by operators and enterprises using a conventional approach. The ongoing reliance upon legacy network hardware and disjointed WAN architectures inhibit the operational agility required by global organizations looking to digitize business services with secure, multi-cloud connectivity. The intersection of network reliability and application performance requires a more flexible, versatile network architecture with security and cloud integration at the forefront; thus, optimal WAN-path selection alone is no longer good enough in a multi-threaded threat environment.

Large-scale enterprises with far-flung remote locations and highly distributed data centers are facing the ever-present challenge of how to achieve full-scale Digital Business Transformation, which will increase their dependencies on WAN connectivity with public clouds, yet representing even greater challenges to maintaining secure communications, WAN resiliency and bandwidth elasticity.

While nearly two-thirds of organizations surveyed last year by Gartner prefer consuming WAN services via a managed network services provider or telco carrier, conventional architecture of the hardware-oriented WAN lacks fundamental requirements for:

Secure Communications: According to a recent global study, “SD WAN Adoption is Accelerating to Reduce Security Risk” conducted by Dimensional Research, most respondents (68 percent) believe deploying and managing network security devices at branch locations was the most challenging aspect of WAN management; nearly half of respondents (49 percent) identified information security risks at the branch location.

While most WAN traffic is encrypted, the disaggregation of routing and switching from firewalling, intrusion detection and threat mitigation functions makes it difficult to achieve clear visibility and correlation of real-time events that degrade or disrupt traffic.

Cloud Access: While the vast majority of data and apps still reside and run on customer premises, SD-WANs enable enterprises to incrementally increase the volume of cloud-based data centers to their edge networks without taking performance hits or suffering from over-provisioning of legacy hardware or circuits. Traffic traversing from on-premises to cloud using legacy WANs can add seconds to latency, which can be a problem for real-time and mission critical services. Secure, adaptive intelligent routing makes it possible to predict application performance and assure optimal end-user experience for priority flows by matching workloads to the best transport method available.

Application Acceleration: Artificial Intelligence in networking has notionally become more valuable as an accelerator during the evolution of WAN requirements. For example, several telecom firms in Europe and North America have already explored AI integrated network management for tasks such as WAN path optimization, fault prediction and greater distribution of network intelligence to the edge to predict application intent. While bitcoin is currently one of the most popular applications for blockchain, other real-time apps that are very transactional in nature, such as POS or VDI, may migrate to blockchain because of the distributed nature of the edge network required to deliver superior levels of data integrity and transactional security.

Bandwidth Utilization: CIOs realize the more that traffic can be offloaded to commodity Internet and/or cloud services, the greater potential for a lower TCO (total cost of ownership) yet they want to maintain the same QoS standards of on-premises reliability and bandwidth typically available from leased lines or MPLS VPNs.

Cost Optimization: In the quest for a business-class edge network, over-provisioning of MPLS, private leased-lines and excess direct Internet connections still does not deliver proven optimization of applications nor WAN reliability and redundancy, which also increases the threat window of vulnerability to cloud-based applications and data. Additionally, most enterprise are severely lacking qualified IT resources who can manage OS and security updates across multiple devices from multiple vendors and remain highly challenged to deliver private vs public cloud price/Mb cost arbitrage.

In an extremely crowded and noisy market, enterprise buyers should seriously examine how SD-WAN vendors can actually deliver business value to help protect and transform the enterprise edge. Here are 3 strategic imperatives that should definitely make the list:

#1 – Securing the Distributed Edge:

CIOs should consider the benefits of unified visibility into both network and security functions from a Secure SD-WAN fabric built from the ground up with data protection in mind. Unified control and visibility of traffic via a secure SD-WAN is especially useful for applications that benefit from Direct Internet Access (DIA) at the branch (e.g., Office365), and Internet WAN links that are vulnerable to attacks.

#2 – Scaling to the Cloud Seamlessly:

SD-WAN direct Internet access eliminates the trombone effect, so traffic from remote locations doesn’t need to be backhauled to the corporate data center before exiting to the Internet – eliminating latency that can adversely impact the end-user application experience. In addition to cost savings, SD-WAN orchestration makes service-chaining multiple functions significantly faster and easier. CIOs can take advantage of cost-effective consolidation of multiple network functions like routing, firewall and app security within a single edge appliance, virtual machine and/or cloud instance.

#3 – Enhancing Edge Application Experience:

Secure SD-WANs are application, user, device and payload aware and thus uniquely create dedicated QoS lanes for the most mission-critical traffic, avoiding congestion by dynamically adjusting to shifting network conditions. Secure SD-WAN links incorporate commodity Internet services – a significant enhancement for scalability and affordability compared to MPLS lines alone. The advance of AI in networking will offer synergistic benefits given how fast edge traffic complexity and volume are increasing as Blockchain and IoT applications traverse private networks, clouds, data centers and branch offices.

The universal functionality of a secure SD-WAN allows for the consolidation of numerous traditional networking devices. The flexible subscription consumption model of SD-WAN-as-a-Service can replace the costly upfront investment of IP routers, while the reliability, dynamic capacity and deterministic app delivery offered by a cloud-native SD-WAN can supersede the totality of the legacy hardware defined WAN-edge estate.

@AtchisonFrazer