Borderless SD-WAN: Pioneering Networking Innovation

By Parag Thakore, Senior Vice President of the Borderless WAN Business Unit at Netskope

  • Saturday, 7th October 2023 Posted 1 year ago in by Phil Alsop

In recent years, with the profound cultural shifts in the workplace driven by the rise of remote working, the Internet of Things (IoT), and the ongoing process of digital transformation for enterprises, we have seen a new demand for Software-Defined Wide Area Networking (SD-WAN). As IT leaders work to ensure that organizations can adapt their infrastructure to accommodate this shift in work practices, it's crucial to explore how SD-WAN serves as a pivotal tool for connecting, managing, and optimizing distributed enterprise networks in the age of hybrid workforces.

 

SD-WAN expanding the enterprise

 

SD-WAN acts as a tool to bridge the gap between traditional Multiprotocol Label Switching (MPLS), broadband, and wireless cellular networks, effectively connecting and managing distributed enterprise networks. It represents a cloud-first solution designed to reduce reliance on traditional MPLS, which has struggled to keep pace with the growing demands of the modern workplace.

 

In traditional on-premises networks, MPLS played a vital role to enable organizations to connect multiple branches with access to applications located in data centers, typically housed at a headquarters or regional hub. However, with the proliferation of software-as-a-service (SaaS) applications and the increasing complexity of digitally based business communications, MPLS networks started to strain under the demands. MPLS setup was time-consuming, and the associated exorbitant bandwidth costs, resulting in financial burdens for businesses and limited visibility and control at the application level.

 

In steps SD-WAN as an innovative solution to relieve this pressure and expand the capabilities of the enterprise. SD-WAN leverages multiple connectivity options including low-cost internet links to establish a secure, optimized, carrier-independent, and transport-agnostic overlay network. With these capabilities, IT teams can manually configure traffic, ensuring that critical cloud applications receive top priority.

 

SD-WAN was a game-changer for enterprises, offering remote replication and management of site policies through a centralized SD-WAN orchestrator. Now, instead of manually programming  MPLS configurations, IT teams could make updates using a cloud service l in real-time without the risk of human error. For instance, IT administrators could now prioritize apps, for example Zoom conference calls over Netflix. This ensures the seamless operation of busy company networks and optimized user experience. 

 

SD-WAN pushing the edge

 

While traditional SD-WAN successfully maintained networking consistency for some time, the proliferation of applications, IoT devices, and the added networking and security pressures brought on by remote employees have rendered this solution unsustainable. Traditional SD-WAN systems can only detect a limited number of applications, with each requiring a manual configuration of priorities. This approach was time consuming when businesses used potentially a hundred applications but in today’s cloud environment it is no longer viable. Organizations need to have the ability to secure and optimize tens of thousands of potential applications and accommodate a near limitless number of remote access users and devices.

 

The next step in the evolution of SD-WAN must embrace context-awareness as network connectivity grows more complex, and the number of applications and devices continues to skyrocket. Every remote user, branch office, IoT asset, and multi-cloud environment necessitates zero-trust security and high-performance communication. 

 

Context awareness and Zero Trust

 

At this point in the networking journey, we haven’t addressed the security requirements of protecting a hybrid enterprise. According to Netskope data, 66% of users were regularly working remotely by the end of 2022 and with that came the challenge of securing users accessing services through unmanaged networks. 

 

Across the industry, we have all come to embrace the principle of Zero Trust as a guiding approach when evaluating and permitting user access to applications, websites and devices. This concept has broken into the mainstream over the past decade but was born in a pre-pandemic hybrid work environment where the majority of users were operating from a limited number of controlled locations or devices. 

 

With the increasing complexities of the modern workforce, the traditional zero trust model is too prohibitive for business agility and too permissive in terms of risk. This is where intelligent SD-WAN solutions can help interplay the balance between security and performance.

 

Automating risk assessment

 

The only way to balance this high level of performance and the necessary security requirements from a Zero Trust approach is to incorporate greater automation to assess application risk, simplifying processes for IT architects. We now have the AI and machine learning capabilities that can bring greater contextual awareness of both applications data requirements and the users activity with these apps. 

 

This can be done by assigning each application a confidence score. This eliminates the need for IT teams to individually assess the priority of tens of thousands of applications. For example, Zoom would receive a higher confidence score due to its critical role in business operations, automatically granting it a high priority in the company's SD-WAN policy. Conversely, WhatsApp, could be deemed less critical, would receive a lower confidence score and a lower priority.

 

In this era of IoT, we cannot stop at assessing applications as devices increasingly pose a security risk. With a multitude of IoT devices, IT teams require greater visibility and granular control to mitigate these vulnerabilities. Again, this is where AI and machine learning techniques can provide the necessary IoT visibility and dynamic segmentation at the scale necessary for the challenge, where human controls and intervention prove insufficient. For instance, if a corporate network camera starts exhibiting anomalous traffic patterns, machine learning can quickly identify the issue, quarantine the device, and apply the appropriate policy automatically.

 

Real world implementation

 

Take for example a large accountancy business, with remote users across the UK and Europe, all requiring the benefits of SD-WAN for their home offices or while visiting clients for meetings. Traditional approaches would involve shipping physical SD-WAN appliances and maintaining multiple product points, including VPN clients, SD-WAN appliances, and secure service edge (SSE) components. These collections of disparate technology products, forced to work together, consume significant resources from the networking and security teams to manage zero-trust access, security, and application performance. 

 

Alternatively, the company could implement a Secure Access Service Edge (SASE) approach with a single agent on employees' devices. This would enable the IT teams to deliver an integrated endpoint SD-WAN and Intelligent Secure Service Edge (SSE) offering that provides consistent policy enforcement, security monitoring, and high-performance connectivity for users accessing the company's network regardless of location.

 

When SD-WAN is used in conjunction with an intelligent SSE solution, it gives IT teams even greater visibility over granular user data and the potential for implementing agile and context aware policies that both enable the business to operate efficiently and securely. 

 

Borderless SD-WAN

 

SD-WAN has played a pivotal role in connecting and optimizing modern enterprise networks as businesses look to meet the complex demands of hybrid workforces. As network connectivity becomes more intricate and the number of applications, devices and locations continues to expand, context awareness emerges as the next crucial innovation. 

 

By embracing automation through AI and machine learning, assessing application and device risk, and seamlessly integrating security and optimization into connectivity architecture, organizations can ensure they remain efficient and secure in an evolving networking landscape. SD-WAN's journey is far from over, and its ongoing innovation promises to support organizations with borderless capacity to grow in the future.