Why Secure SD-WAN Should Be Delivered from the Cloud

Feb 14, 2022
Cloud SecurityIT Leadership

Enabling reliable connectivity is still a key promise of SD-WAN, but next-generation SD-WAN can do so much more.

Palo Alto
Credit: Getty Images

By Kumar Ramachandran, SVP, Products

Software-defined WAN, better known today as SD-WAN, is not the same technology that it was when it first got started.

In the beginning, SD-WAN was essentially a way to enable organizations to use inexpensive broadband connectivity to connect back to the data center. It was a lower-cost alternative to other fixed-connectivity WAN options, most notably multiprotocol label switching (MPLS). Enabling reliable connectivity is still a key promise of SD-WAN today, but next-generation SD-WAN can do much more than just that.

In recent years, we’ve seen a significant rise in the adoption of hybrid and multicloud technology as organizations have sought to gain the speed and flexibility advantage enabled by cloud-based development and operations. This shift to the cloud has only accelerated during the COVID-19 pandemic as organizations’ mobility needs have significantly expanded, moving to adopt work-from-home models.

Today, in addition to looking to SD-WAN to enable connectivity for branch offices, organizations are looking to this technology as a secure, low-latency, high-performance path to access all applications. They seek an enterprise-class experience for every user—wherever they are, for whatever applications they want to access. In short, business expectations for the quality and security of application delivery have risen.

What enterprises want now— app-defined and operational simplicity

As SD-WAN has evolved, so have the things enterprises want and really care about.

Network service-level agreements (SLAs) are not what CXOs ask about. They ask about things that impact the business. Are the company’s core applications available?

Are the point-of-sale systems constantly delivering high performance? Are voice and video calls all high quality? “Day One” operations—getting SD-WAN up and running— are not enough to be successful anymore. There is a need for “Day Two” operations, which include increased automation, greater visibility, and reliable security so that the SD-WAN will deliver value for months and years to come.

Leveraging cloud automation and machine learning for AIOps

The power of public broadband internet access is what first made SD-WAN an interesting consideration for enterprises. Now, the cloud is making SD-WAN a foundational element of enterprise architecture because it enables an app-defined approach with a measurable impact on business operations and results.

To model a network that meets business objectives for application and service availability, you need to understand application behavior and data flows across the network. Collecting that data locally at the edge simply isn’t really feasible.

With the average organization seeing more than 10,000 alerts per day and the majority of those being processed manually, cybersecurity staff need a way to scale with speed and intelligently secure their organization using automation and machine learning.

There’s just too much data and not enough compute power. What’s needed instead is a data lake where all the different network and application telemetry can be analyzed. That’s where the power of the cloud comes in.

With the cloud, metadata can be analyzed at massive scale with machine learning algorithms that can infer patterns, make recommendations, and help secure traffic. SD-WAN today isn’t just an edge device that provides cost-optimized access. Next-generation SD-WAN is all about secure, cloud-enabled capabilities that can help to ensure that the services CXOs care about are highly available, and the applications that drive the business are always accessible.

Cloud-delivered security with SD-WAN and SASE

An emerging model for enabling enterprise security is the concept that Gartner has defined as the secure access service edge (SASE), which works in an integrated, built-in approach with SD-WAN. With SASE, security is enabled at the edge of the network, powered by cloud intelligence.

If you’re trying to succeed in this world of myriad devices, users, and applications that can be anywhere, the traditional model of trying to stitch together point products for networking and security just doesn’t work. You can’t bolt on security and expect to be successful; security needs to be built in.

When you pair SD-WAN together with SASE, the always-on, work-from-anywhere world that we all live in today benefits from an always-on model of secure network connectivity and application delivery. While SASE is a relatively new approach, its role in the future will continue to grow as a means to enable a more proactive security model for organizations.

Envisioning the road ahead for SD-WAN

As an industry, SD-WAN is in its early days—much like that of autonomous vehicles.

For example, with self-driving cars, most people are still using the technology for fairly limited capabilities, such as lane assist. The capabilities and technology exist now for cars to be fully self-driving; we’re just not yet taking advantage of everything. Similarly, SD-WAN’s technology coupled with investments in data science and machine learning will be capable of much more, including allowing our customers to have self-healing networks.

With all the metadata that can be analyzed from a cloud-secured SD-WAN, there is a real opportunity to benefit from data science-based techniques that are designed to have a measurable impact on costs and delivery of business services.

Cloud-delivered SD-WAN is a solid investment today with increasing benefits tomorrow. It can provide the ability to get the best application experience, using the power of the cloud to put data science and computation to work and continually enable digital transformation.

To learn more, visit us here.

About Kumar Ramachandran:

Kumar serves as Senior Vice President of Products for SD-WAN and Secure Access Service Edge (SASE) products. Kumar co-founded CloudGenix in March 2013 and was its CEO, establishing the category of SD-WAN. Prior to founding CloudGenix, Kumar held leadership roles in product management and marketing for the multi-billion dollar branch routing and WAN optimization businesses at Cisco. Prior to Cisco, he managed applications and infrastructure for companies such as Citibank and Providian Financial. Kumar holds an MBA from UC Berkeley Haas School of Business and a Master’s degree in Computer Science from the University of Bombay.