Why SD-WAN isn’t fit for the post-COVID workplace

By Jonathan Wright, Director of Products and Operations at Global Cloud Xchange (GCX).

  • Monday, 14th August 2023 Posted 1 year ago in by Phil Alsop

Recent years have seen a huge increase in the deployment of SD-WAN technologies to help organisations strengthen connectivity, reduce costs, and gain greater control and visibility of their networks. Indeed, a recent study estimated that 95 percent of enterprises have either deployed SD-WAN or plan to do so within the next 18 months.   

 

But what many IT directors don’t realise is that SD-WAN was designed for pre-COVID, largely office-based ways of working. With many businesses now taking a hybrid approach to the way their employees work, SD-WAN no longer offers the same level of network flexibility, visibility and security enforcement for anyone working remotely. 

 

It’s perhaps unsurprising, then, especially given the level of investment, that companies are considering the addition of a SASE (Secure Access Service Edge) framework to their SD-WAN infrastructure, and in some cases, transitioning from SD-WAN to SASE completely.  

 

SD-WAN adoption 

 

The adoption of SD-WAN was largely driven by the growing migration of applications to the cloud. Effectively optimising application traffic to route over specific circuits under specific link quality metrics, SD-WAN is concerned with centralisation and automation, allowing users to reliably access applications in the cloud. SD-WAN also breaks vendor lock-in, allowing organisations to use hardware from one provider and software from another, and, by moving control to a software level, it allowed companies to do more with the cloud.  

 

SD-WAN architecture tends not to be built around users, though, but rather around how a particular site or facility accesses services and applications located within the corporate network, in a data centre, or in the cloud. The original assumption behind these architectures was that users would be based at an on-premise location routing traffic via a dedicated LAN or WAN port. The concept of remote working was based around a handful of gateways worldwide, each with a VPN; if someone worked from home on occasion, they would have a secure connection to their office but might have to contend with a slow user experience and inflexibility. 

 

Security and visibility 

 

COVID, of course, changed everything. Today, hybrid working means the same experience is needed in the home, on the move, as in the office whilst ensuring users have the flexibility and freedom to work from anywhere, on any device, securely. Networks and security policies must be scalable, not only so that users can work in the office or elsewhere, but also to ensure any corporate policies and configurations that are applied on-premise are equally applicable when working remotely. Indeed, in today’s hybrid environment, SD-WAN can represent a security risk, as any data sent from a remote device could be unprotected until it reaches the cloud.  

 

Visibility is also an issue. In an office, all traffic passes through a single network device, meaning the analytics and reporting process is simple. With remote working, however, everyone uses their own broadband provider, or may use their personal device, so visibility is lost. The outdated, decentralised model means it’s impossible to collect data for every packet, centrally and report on statistics such as bandwidth consumption, security compliance, or traffic flows to applications in the cloud. Again, there are security concerns. Without visibility over which resources users are accessing, an organisation is essentially inviting risks to its network by virtue of increasing the shadow IT landscape.   

 

Performance benefits 

 

Given their level of investment in the technology, it’s understandable that most organisations are reluctant to move away from SD-WAN. Instead, they want to find a way to leverage the infrastructure with the new, post-pandemic ways of working. The pursuit of this means that, within five years, we can expect to see SD-WAN become a pure access technology, sending traffic – and most of its functionality – to a SASE overlay framework.  

 

The performance and security benefits are manifold. Routing data through a centralised SASE framework, for example, allows users to work from any device from any location, while organisations can be confident that all data is secure and compliant for the entire length of the packet’s journey to the cloud or elsewhere. Moreover, with many providers offering hundreds of SASE gateways on a global basis, users benefit from lower latency through more localised access. The addition of SASE also offers a seamless connection between private and public network services from a single centralised design, whereas this previously required a transitory SD-WAN hub to be installed in a decentralised solution.  

 

SASE simplifies data visibility with its centralised framework, which allows network administrators to monitor, report, and analyse traffic flows and the performance of applications in real-time, end-to-end at a user, branch, or regional level. This enables administrators to view the performance of the network they’re connected to, and how it connects to a given application, and whether the data is secure and compliant, all via a single management platform. This is key to maintaining consistent performance; knowing how and why an issue is occurring means it can then be resolved quickly too. 

 

Finally, there’s the question of cost and quality. One of the drivers for SD-WAN was to provide high-quality networking over cheap internet circuits, however, to facilitate this meant relatively expensive hardware and licenses. So, whilst the overall total cost of ownership (TCO) lessened, there is still a high burden on specialist hardware and ongoing license fees. In many cases, Internet telco circuits have dropped considerably in price which in some scenarios offers a better performance and cheaper solution than delivering expensive SDWAN on a cheaper circuit. However, because SASE only requires a secure connection from a device that supports IPsec or SSL, there are opportunities to optimise costs. 

 

A logical step 

 

SD-WAN’s key benefit is the ability to automatically route application traffic based on link conditions, such as packet loss, latency, and jitter, however higher quality links address these metrics at a lower-cost today, thereby igniting the debate whether the benefits of SD-WAN outweigh the benefits of SASE.   

 

Whether using a private, public, or hybrid network, and regardless of location or device, SASE offers organisations peace of mind, knowing their data is secure and that it routes seamlessly across their global network. Furthermore, the visibility it provides not only helps improve performance, but can also empower IT directors to optimise everything from network performance to security and even spend through one centralised framework.