Security Experts:

SD-WAN and Managed Service Providers: The Dream Team?

Many of my recent conversations have turned toward SD-WAN, especially with adoption growing at such an impressive rate. According to a recent research from IDC, this is set to continue and could reach $4.5 billion by 2022. The enterprise wants to be efficient and agile, and optimizing cloud connectivity for remote sites and locations is an essential factor in achieving this.

Security First

The traditional WAN is not a cloud-friendly environment. The process of moving traffic between sites is intensive and applying security into that mix adds management overheads and complexity.  This can result in poor performance – and more critically, a poor end-user experience. Therefore, any SD-WAN strategy needs to have security embedded from the outset, with a design that ensures traffic inspection and security policies are applied as close to where data resides as possible.

In a 2019 survey of 500 IT decision-makers by Juniper Networks, 98 percent of respondents stated that they are either using or considering an SDN (Software Defined Network) solution, with SD-WAN being the entry point for many. If this is true, then why is security still seen as the top barrier that’s preventing overall adoption and how can this be alleviated?

Before considering possible solutions, it is crucial to understand why many are on this journey. Today’s enterprise is supporting a new workforce, partners and customers, all of whom have adopted modern ways of working that need to be flexible, fast and not constrained by remote-working or international business. Developing, hosting and maintaining software and infrastructure in a traditional data center can be a business inhibitor, so applications are moving to the cloud. This change enables cost reductions and performance improvements by avoiding the need for unnecessary traffic backhaul thorough a corporate data center. However, it can add complexity with the requirement for traffic optimization.

SD-WAN allows an enterprise to balance its network more effectively, using cheaper broadband circuits where possible to enable bandwidth optimized MPLS and to customize for the unique traffic requirements of each application. This makes the system more efficient and allows for significant cost savings. Some networking vendors have recognized the importance of this and converged their SD-WAN and security solutions to provide a single point for consistent management of network and security configuration.

Simplifying SD-WAN

What this means is that SD-WAN is becoming less complicated. That’s not to say that it is simple, but that enterprises are starting to move away from point solutions and considering broad offerings that solve a wide range of network and security needs. It’s also an excellent opportunity to look at how MSPs can help address the challenge. SD-WAN fundamentally changes how the network operates, and an MSP will have the skills and experience to assist in navigating this successfully. For example:

• Working with an MSP means that you have a single place from which to purchase the solution. Even if the plan is to use as few vendor solutions as possible, it can still be complicated to provide support for existing WAN links, VPN configurations and traffic management. Placing this all on a single order not only simplifies purchasing, but increases overall confidence, as the MSP will only recommend products that work well together.

• An MSP will have processes to deliver centralized reporting, management and monitoring for your environment. These processes are essential because in addition to showing the ongoing performance of the network and monitoring for issues resulting from changes, it allows for the on-demand setup of security policies as requirements change. 

• As you move from MPLS to SD-WAN and start to leverage broadband and other connection types, the number of service providers can prove to be an operational challenge. It would be quite possible to finish up managing a different ISP per region or even per site. An MSP has experience to take on the management of this layer and provide greater visibility into how each is performing – or make recommendations for migrating away toward an even simpler managed network configuration.

• Security is a critical component for any SD-WAN deployment and an MSP will be able to offer both packaged and custom services. There are essential basics to have in place, such as stateful firewalls and more advanced threat management features, including application control, antivirus and web-filtering. Additionally, since cybersecurity threats are ever evolving, it’s vital to look for an MSP who can provide additional advanced security services to help keep ahead of the challenge. These include sandboxing for malware detection, endpoint and network threat intelligence to ensure detection and response capabilities against zero-day or evasive threats, encrypted traffic analysis to warn of risks hidden inside HTTPS traffic and DNS filtering to block malicious websites.

Today’s enterprise recognizes the need to move away from legacy connections to provide better support for the modern workforce and stay ahead of their competition. Using packaged services to address combined SD-WAN and security use cases can help to not only simplify management and deployment, but also reduce overall costs while still providing a high quality end-user experience. 

For an MSP looking to grow business, the convergence of SD-WAN and security, along with the transitional needs of customers, translates to one thing: opportunity.

view counter
Laurence Pitt is Global Security Strategy Director at Juniper Networks. He joined Juniper in 2016 and is the security subject matter expert for the corporate marketing team. He has over twenty years of cyber security experience, having started out in systems design and moved through product management in areas from endpoint security to managed networks. In his role at Juniper, he articulates security clearly to business and across the business, creating and having conversations to provoke careful thought about process, policy and solutions. Security throughout the network is a key area where Juniper can help as business moves to the cloud and undertakes the challenge of digital transformation.