Skip to main content

The next phase of the SD-WAN evolution requires integrated security

(Image credit: Image Credit: Sergey Nivens / Shutterstock)

The context between SD-WAN and security are in the midst of an evolution that will grow in importance and dominate the WAN Edge landscape for many years to come. That’s because cloud is driving fundamental changes in how networks are built, which requires a more flexible network architecture that can accommodate and secure connections to multiple clouds.

The natural on-ramp connection point to the cloud is the WAN edge. This is where enterprises around the world tap into the growing world of cloud applications. It’s also where they need to plug in new security and SD-WAN software that can safely and efficiently negotiate this complex environment and deliver contextual policies across global locations.

The move to the cloud is inevitable: analysis from Maverick Research recently indicated that 83 per cent of U.S. CIOs estimated more than half of their transactions would be conducted on a cloud infrastructure by 2020. And 79 per cent of the respondents predicted that more than half of their transactions would be completed on applications leased using a SaaS platform by 2020.  

The enterprise networking infrastructure needs a major transformation just to keep up with this cloud movement and multi-source congestion from SaaS. The legacy network was built for an era of static connections, when enterprises built their own private networks with mostly proprietary hardware to connect to client/server networks.

The time to be prepared for the coming cloud wave is now and SD-WAN movement is happening swiftly, with real-world deployments beginning in earnest. Enterprises and service providers want to deploy this technology to bridge the gap from legacy networks to virtualised network services adapted to the cloud. Futuriom Research projects that SD-WAN infrastructure and software will hit $2 billion in revenue by 2021. IDC has estimated it could be worth as much as $6 billion by 2021.

Cloud network requirements

Cloud networks have entirely different requirements from client/server networks. Digital transformation is driving an architecture transformation of the edge network. Multi-cloud inbound traffic and SaaS applications are adding to pressure on the WAN as enterprises seek to enhance the customer experience and employee engagement as competitive differentiators. Enterprises are seeking direct access to the Internet for SaaS and Cloud Services for enterprise-class security and robust connectivity into one software platform.

So what does a modern adaptive, cloud-oriented network look like? The most important aspects of this approach to SD-WAN include the following:

  • The capability to recognise and optimise WAN connections to applications including those based in the cloud
  • Native security built into the network
  • Automated software-based provisioning of remote location and brand office nodes

Security concerns dominate

The flipside of ubiquitous connectivity, IoT, exploding cloud applications, and rapid data movement is that security becomes even more challenging. The number of multiplying network devices and the portability of applications expands the attack surface of a network exponentially. Many of the “things” that are connected by IoT never envisioned security.

If you read the cybersecurity risk headlines every day, it’s easy to understand that security concerns are growing daily, ranging to the risk of personal

information leaks to bad actors hacking national elections. This will increase the need for embedded, native security at both the core and the edge of the network. The security will have to span many layers, from the physical layer to higher content and applications layers. And it will have to include many security features that have previously been deployed in a fragmented approach by adding appliances and end-user software without service-chaining third party VMs. The key to the new Secure Cloud IP network is native security in the

core of the networking platform.

A look at secure cloud IP

Recently I was able to do a deeper dive into the technology from one of the leaders of the space, Versa Networks with a new report Networking the Secure IP Cloud – Trends Driving the Cloud.  Versa’s technology is enabled by the Secure Cloud IP (opens in new tab) architecture – a cloud-native multi-service, multi-tenant software platform that delivers elastic scale, segmentation, programmability and automation.

The future needs to be an approach where a high-powered network functionality is plugged in at the edge of the network, using SD-WAN customer premises equipment (CPE) and powerful software.

A Secure Cloud IP architecture should integrate cloud networking, SD-WAN, wireless and mobile connectivity, WAN optimisation, transport line conditioning and software-defined security services in a VNF software stack that displaces multiple branch-office hardware devices.

In order to bake security into the network, it’s crucial that the SD-WAN branch have high levels of security functionality. Ideally a comprehensive suite of security features directly into the SD-WAN fabric. Some of these features could include the following:

  • Next-generation firewall
  • Integrated intrusion Detection System (IDS) and Prevention (IPS), Anti-ransomware and Anti-virus
  • Applications policy control
  • Layer 3 protection – ARP, IP ICMP protocol defence, IP spoofing, source-routing checks, Fragment overlaps
  • DoS protection
  • End-to-end encryption for every connection, including across regions and enterprise sites, and within and between any public clouds.
  • Platform for services at the gateway with unprecedented context visibility

You can see where this is going. The network of the past is filled with many different kinds of software and appliances – all delivering specific features of the network, including security. Security should be native to the network, delivered in a single SD-WAN platform, rather than requiring complex service-chaining third-party arrangements or exotic appliances.

This, of course, is just one of many approaches to solving the cloud networking and security risks at the edge of the network. But it’s demonstrative of a larger trend of thinking in the networking world: That security needs to be built into the network directly, rather than added later as an afterthought.

Conclusion: SD-WAN growth driven by flexibility

Futuriom research indicates there is high demand and growth in the SD-WAN market, because enterprises are looking for a more software-based approach to solving their challenges to cloud networking, including streamlining and securing bandwidth. Futuriom projects that SD-WAN infrastructure and software will hit $2 billion in revenue by 2021. IDC has estimated it could be worth as much as $8 billion by 2021.

As SD-WAN evolves, it becomes a platform for collapsing all networking functionality into an integrated software stack that is deployed on affordable open hardware at the network edge.   The benefit for the end-user will be a broad range of choices of software functionality – with a simplified approach to hardware. Almost all of these services are delivered on cheaper, easier-to-manage COTS or bare-metal hardware, and centrally programmed with software.

Enterprises and service providers will both see the opportunity to get virtualised networking and applications to customers more rapidly, accelerating digital transformation and IT initiatives.

R. Scott Raynovich, Principal Analyst, Futuriom (opens in new tab)
Image Credit: Sergey Nivens / Shutterstock

R. Scott Raynovich is Futuriom's Principal Analyst.