SD-WANs provide Multi-Cloud connectivity
The cloud model has won as digital businesses are looking to increase agility, lower costs and create new operational models. However, most businesses will adopt a multi-cloud strategy that involves a mix of off-premises and on-premises public and private clouds. The reason for this is that like traditional hardware and software vendors, each cloud provider has their own pros and cons. The size of network, location of data centers and breadth of services will vary from cloud to cloud. Also, some applications might contain sensitive data making it more appealing to run in a private cloud. IHS Markit’s 2019 Cloud Services Strategies Survey found that multi-cloud is already the norm among North American enterprises and we believe the rest of the world is following rapidly. On average, survey respondents indicate their organizations are using 10 SaaS providers and 10 IaaS providers growing to 14 and 13 respectively by 2020.
The adoption of multi-cloud will have a profound impact on the enterprise wide area network (WAN). Traditional WANs were designed for client / server computing where the majority of business applications and data were stored in the data center and users were primarily located in branch offices. The “hub and spoke” WAN was optimized for branch to data center communications. This architecture handled internet traffic poorly as the traffic would come in through a central point at the hub and then be directed over the appropriate spoke to the branch. The traffic would then reverse direction to be sent back to the internet effectively sending the same traffic over the WAN twice, resulting in what’s referred to as the trombone effect. Although this was inefficient, it was fine for most companies as the majority of WAN traffic was from client / server applications where internet was primarily used for best effort services.
Today, the environment is completely different as the cloud reigns supreme meaning the bulk of WAN traffic is bound for the internet exposing the architectural issues with legacy WANs. Many businesses are implementing SD-WANs as a way of architecting the network to be optimized for traffic destined for a cloud provider’s data center. With an SD-WAN, SaaS and IaaS traffic can go directly from the branch to the cloud provider, bypassing the enterprise data center. Also, SD-WANs enable traffic to be directed over multiple links so critical cloud services, such as voice or video can be sent over a higher performing network connection and best effort traffic over an alternate. The result is that SD-WANs provide a significant performance boost when accessing cloud services.
And it must be secure
As is the case with most things in life, for every Yin there is a Yang and while SD-WANs with local internet breakout give the cloud a performance enhancement, but security becomes more problematic. This is a problem that most SD-WAN buyers appear to be aware of, as we learned in IHS Markit’s Cloud Services Strategies survey, where we investigated what features were most in demand and the top features identified all had security implications.
- Cloud hosted security (70%) enables connections to be secured via a cloud proxy
- Integration with connectivity services (67%) limits the amount of time the traffic is on the public Internet when using private connections
- VPN (66%) encrypts traffic from point to point
- WAN visibility (65%) provides a view of end to end traffic. Anomalies can often indicate a breach
- Policy creation and enforcement (63%) can be used to limit device access to the network
It’s important to note that none of these security methods are better than the other. Rather, most companies will use a combination of them. However, visibility in particular is a must have today as the WAN has become a business-critical component of distributed organizations. There’s an axiom in networking that states, “you can’t manage or secure what you can’t see” and powerful visibility tools ensure the IT organization is aware of everything happening on the network, so a breach can be identified and dealt with immediately.
The bottom line
Looking ahead, our research also showed that adopters of SD-WAN are expecting to be involved in IoT deployments; IoT is a much bigger investment driver for them than respondents using traditional WAN architectures. Businesses are now connecting non-traditional IT “things” to the network at an unprecedented rate. This includes digital signs, point of sale devices, heart pumps, facilities equipment, robots, autonomous machines and so much more. Many of these devices will be cloud managed adding to the multi-cloud complexity that’s already starting. One challenge with many IoT devices is that they have on board security capabilities underscoring the importance of integrating protection into SD-WAN design. If security is treated as an afterthought, security teams will constantly be playing catch up and applying new tool after new tool. Taking a step back today and rethinking SD-WAN security can help enable multi-cloud today and IoT tomorrow.