The next phase of the SD-WAN evolution requires integrated security
The context between SD-WAN and security are in the midst of an evolution that will grow in importance and dominate the WAN Edge landscape for many years to come. That’s because cloud is driving fundamental changes in how networks are built, which requires a more flexible network architecture that can accommodate and secure connections to multiple clouds.
The natural on-ramp connection point to the cloud is the WAN edge. This is where enterprises around the world tap into the growing world of cloud applications. It’s also where they need to plug in new security and SD-WAN software that can safely and efficiently negotiate this complex environment and deliver contextual policies across global locations, says R. Scott Raynovich, Futuriom principal analyst.
The move to the cloud is inevitable: analysis from Maverick Research recently indicated that 83% of U.S. CIOs estimated more than half of their transactions would be conducted on a cloud infrastructure by 2020. And 79% of the respondents predicted that more than half of their transactions would be completed on applications leased using a SaaS platform by 2020. The time to be prepared for the coming cloud wave is now.
The enterprise networking infrastructure needs a major transformation just to keep up with this cloud movement and multi-source congestion from SaaS. The legacy network was built for an era of static connections, when enterprises built their own private networks with mostly proprietary hardware to connect to client/server networks.
Cloud network requirements
Cloud networks have entirely different requirements from client/server networks. Digital transformation is driving an architecture transformation of the edge network. Multi-cloud inbound traffic and SaaS applications are adding to pressure on the WAN as enterprises seek to enhance the customer experience and employee engagement as competitive differentiators. Enterprises are seeking direct access to the Internet for SaaS and Cloud Services for enterprise-class security and robust connectivity into one software platform.
So what does a modern adaptive, cloud-oriented network look like? The most important aspects of this approach to SD-WAN include the following:
- The capability to recognise and optimise WAN connections to applications including those based in the cloud
- Native security built into the network
- Automated software-based provisioning of remote location and brand office nodes
A look at versa’s secure cloud IP
Recently I was able to do a deeper dive into the technology from one of the leaders of the space, Versa Networks. According to their CMO, Atchison Frazer, Versa offers a good look into the future of what a sophisticated, AI-like approach to the new cloud network looks like.
Versa has taken an approach known as the “thick branch,” in which high-powered network functionality is plugged in at the edge of the network, using SD-WAN customer premises equipment (CPE) and powerful software. Versa’s Secure Cloud IP architecture integrates cloud networking, SD-WAN, wireless and mobile connectivity, WAN optimisation, transport line conditioning and software-defined security services in a VNF software stack that displaces multiple branch-office hardware devices.
In order to bake security into the network, it’s crucial that the SD-WAN branch have high levels of security functionality. Versa has built a comprehensive suite of security features directly into the SD-WAN fabric. Some of these features include the following:
- Next-generation firewall
- Integrated intrusion Detection System (IDS) and Prevention (IPS), Anti-ransomware and Anti-virus
- Applications policy control
- Additional content and Layer 7 security: SSL decryption; App / URL / file filtering, DNS Security
- Layer 3 protection – ARP, IP ICMP protocol defense, IP spoofing, source-routing checks, Fragment overlaps
- Reconnaissance, DoS protection (ICMP, UDP, TCP flood) and rate limiting
- End-to-end encryption for every connection, including across regions and enterprise sites, and within and between any public clouds.
- Platform for services at the gateway with unprecedented context visibility
You can see where this is going. The network of the past is filled with many different kinds of software and appliances – all delivering specific features of the network, including security. Versa is arguing that security should be native to the network, delivered in a single SD-WAN platform, rather than requiring complex service-chaining third-party arrangements or exotic appliances.
Versa’s approach is more natually integrated than the convoluted architectures of some of the other players in the market, which emphasise partnerships with quasi-competitive security vendors.
This, of course, is just one of many approaches to solving the cloud networking and security risks at the edge of the network. But it’s demonstrative of a larger trend of thinking in the networking world: That security needs to be built into the network directly, rather than added later as an afterthought.
Conclusion: SD-WAN growth driven by flexibility
Futuriom research indicates there is high demand and growth in the SD-WAN market, because enterprises are looking for a more software-based approach to solving their challenges to cloud networking, including streamlining and securing bandwidth. Futuriom projects that SD-WAN infrastructure and software will hit $2 billion (€1.7 billion) in revenue by 2021. IDC has estimated it could be worth as much as $8 billion (€6.9 billion) by 2021.
As SD-WAN evolves, it becomes a platform for collapsing all networking functionality into an integrated software stack that is deployed on affordable open hardware at the network edge. The benefit for the end-user will be a broad range of choices of software functionality – with a simplified approach to hardware. Almost all of these services are delivered on cheaper, easier-to-manage COTS or bare-metalhardware, and centrally programmed with software
Enterprises and service providers will both see the opportunity to get virtualised networking and applications to customers more rapidly, accelerating digital transformation and IT initiatives.
The author of this blog is R. Scott Raynovich, Futuriom principal analyst