By Jacob Chacko, Regional Director – Middle East, Saudi & South Africa at Aruba, a Hewlett Packard Enterprise company
As governments begin lifting restrictions, the COVID-19 crisis has had a profound impact on organizations. Many organizations have run out of business, some have survived, while others have thrived. This last category was perhaps the best prepared because they had already digitized a large part of their operations, if not their key business functions. As organizations emerge from the crisis, they now must reinvent themselves, be more resilient and increase their ability to cope with business change. In this article, we’ll take a closer look at the key trends in SD-WAN that organizations need to follow to rebound from the crisis and get ready for the post-covid era.
The crisis has accelerated digital transformation and the move of applications to the cloud. As a result, the role of the data center is shrinking, and it has become less relevant to backhaul the traffic to the data center. Organizations now need flexible wide area networking connections that allow them to securely steer the cloud-hosted application traffic directly to the cloud. Continuing to backhaul cloud traffic using costly, rigid MPLS lines prevents them from optimizing and modernizing their network based on business needs.
An SD-WAN allows IT departments to modernize the network to embrace digital transformation and increase the alignment of IT systems with business objectives. SD-WAN connections can indeed leverage cheaper and flexible internet and 5G/LTE connections and deliver end user quality of experience at the same level – and even better – than the previous WAN model based on backhaul. Advanced SD-WANs intelligently steer the traffic to the internet and also use SaaS optimization techniques, leveraging machine learning to automatically select the best path to reach applications. Organizations can also seek greater flexibility by implementing a network-as-a-service model with SD-WAN as a foundational building block.
The migration to hybrid cloud (a composition of a public cloud and a private environment) and multi cloud is not new but it continues to accelerate. This means there is an increasing need to simplify the process of orchestrating network traffic not only from the data center to the cloud, but also from one cloud provider to another. Additionally, organizations are developing cloud-native applications based on microservices, APIs and a multi-cloud approach. These applications use a scalable architecture that helps support a greater business adaptability.
With this shift, organizations need enhanced connectivity to cloud providers to run applications hosted in multiple clouds.
Advanced SD-WAN solutions can be seamlessly deployed to cloud service providers providing secure end-to-end connectivity to the cloud. With these solutions, organizations can easily move workloads from one cloud provider to another, for example from AWS to Azure.
In the recent years the number of cyberattacks has increased significantly, leaving more damage than ever. Cybersecurity threats emerge from various sources including insecure network connections, and a lack of compliance measures. Most of us remember the SolarWinds attacks in December 2020 that spread from software updates, allowing attackers to access Microsoft 365 emails. More recently, the Log4j attack exploited a vulnerability in Log4j, a popular Java logging framework, that allowed attackers to execute arbitrary Java code on a server.
In 2019, Gartner coined the term secure access service edge, or SASE, that combines SD-WAN capabilities with network security features hosted in the cloud. In the post-COVID era, more traffic is heading to the cloud than to the data center, users are consuming more SaaS applications than data center applications, and more sensitive data is located outside the enterprise network. With this in mind, SD-WAN coupled with SSE (Security Service Edge) capabilities such as SWG (Secure Web Gateway), CASB (Cloud Access Security Broker) and ZTNA (Zero-Trust Network Access) enable organizations to mitigate security risks related to the growing adoption of the cloud.
One capability that differentiates a basic SD-WAN solution from an advanced SD-WAN is the ability to connect to a wide range of cloud security vendors giving organizations the choice of best-of-breed SSE capabilities to build a robust SASE architecture based on their business requirements. Advanced SD-WAN solutions natively integrate and can fully automate the orchestration to cloud security services to create a secure fortress against cyberattacks.
Many analysts predict that remote working is here to stay, and organizations must find ways to bring the same level of enterprise security to the home office. With hybrid working becoming the new norm, organizations are evolving into a hyper-distributed edge environment, and they are no longer able to create a security perimeter around the enterprise network. A fully centralized IT network is no longer sustainable, and organizations must now adopt a distributed approach to securing remote connections.
Some access points now integrate SD-WAN capabilities forming a secure tunnel via simple internet and 5G connections. With these access points, organizations can truly implement a cybersecurity mesh strategy to create a smaller perimeter around every access point or device no matter where they are located. This distributed approach gives enterprises better control over cybersecurity risks by securing an individual access point instead of a large perimeter without clear boundaries. With this approach, no device is trusted by default and security policies are enforced at the identity level.
In the post-COVID world, organizations are using a growing number of IoT devices ranging from surveillance cameras, POS terminals, sensors, and many more. These devices represent a significant threat as they are built on a simple architecture, and most can’t run a security agent. Additionally, some industries like manufacturing face even more risks because they are witnessing the convergence of IT and OT (Operational Technology) networks that used to be separated in the past.
Advanced SD-WAN solutions implement a zero-trust architecture that complements SASE. Zero trust frameworks assume that no user or device is inherently trustworthy. They integrate dynamic segmentation that can segment the network into multiple zones while ensuring users or devices can only connect with destinations on the network that are consistent with their role. This segmentation of the network prevents the spread of a malicious code into the enterprise network in case of an cyberattack.
No one was able to anticipate the disruption caused by the pandemic. It is now essential to adapt to the new normal, accelerate digital transformation efforts, and address the need for hybrid working. The shift to cloud-hosted applications and hyper-distributed environments have resulted in performance and security issues. By implementing an advanced SD-WAN solution, organizations create the foundational layer to modernize their network, based on a flexible and secure edge-to-cloud architecture.