How do I select an SD-WAN solution for my business?
In a time when businesses are becoming hybrid and remote, companies have been turning more and more to the adoption of SD-WAN solutions, particularly paying attention to their safety and reliability.
SD-WAN adoption has also shifted from being mostly used by big organizations, to being considered by SMBs as well, who have realized the potentials and benefits of such technology.
To select a suitable SD-WAN solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.
Klaus Gheri, VP of Network Security, Barracuda
When looking for an SD-WAN solution there are four areas to consider:
DIY or “as a service”
Initially you need to decide if you’d rather use one of the many vendors and set up the solution yourself or use a service. For full benefits, the DIY approach is certainly more favorable. With services, you might be missing out on the flexibility you need and be required to use a set of standards but might not fit your use case.
Security
Initially, security was an afterthought when selecting a solution, however the threat landscape and the market has changed. Direct internet access is everywhere and requires full security in single path with SD-WAN. Otherwise, your security device SSL decrypts traffic for threat hunting and next the SD-WAN device decrypts the traffic to find out how to prioritize apps inside.
SD-WAN intelligence
Many security vendors started by renaming their balancing functionality and adding basic logic to it. SD-WAN needs to make use of multiple uplinks intelligently for internet traffic as well as for VPN traffic and treat your applications inside the VPN, so they always use the best uplink. This is still a discipline many struggle with. Be sure to check the details.
Upgrade
Make sure the same service provider/vendor offers an upgrade path to Zero Trust Network Access and SASE. These are the technologies that are on the horizon for widespread adoption with SD-WAN as a launchpad.
Raj Gulani, Sr. Director, Product Management, SD-WAN and SASE, Cisco
In the new era of hybrid work, the challenges of managing and securing multicloud connectivity and ensuring secure access to applications is a top priority for organizations.
SD-WAN should serve as the connective tissue between applications, clouds and remote offices, enabling organizations to deliver applications to users with greater visibility, security and performance. SD-WAN customers’ platform of choice should always include four main criteria:
- Offer security as a foundational capability, spanning across multiple trust domains of campus, branch, WAN and multicloud.
- Connect users to applications whether they are in public or private cloud or through Software Defined Cloud Interconnect, and deliver an optimized application experience across all domains.
- Offer complete line of sight across campus, branch and multi-cloud, effectively delivering visibility/observability to monitor, analyze and optimize network performance.
- Enable simple and intuitive orchestration for zero touch provisioning for rapid rollouts of global sites with security policies mapping to business intent.
Another critical consideration in choosing an SD-WAN solution is one that naturally extends the SD-WAN architecture to enable Cloud Security, also referred to as SASE. With SASE, organizations need to avoid bolt-on architectures built with disparate components from multiple vendors, which effectively burdens IT with additional operational complexity. It’s best to leverage a solution that combines these security edge services in one offer.
Todd Kiehn, SVP Global Product Manager, GTT
Network agility has become critical to an IT strategy as enterprises adapt to an increasingly digital business environment and a hybrid workforce. SD-WAN enables enterprises to improve application performance for their locations and remote workers wherever they are.
Network security is also gaining greater importance as cyber-security threats multiply, leading to cloud-based security techniques converging with SD-WAN in the SASE framework. But the transition to these technologies can be challenging, with significant support required from the SD-WAN partner. Therefore, enterprises need to evaluate SD-WAN providers based on three principal criteria.
First, does the provider’s network reach align with the enterprise’s geographic locations and does the provider offer a Tier 1 IP backbone to realize the full performance advantages of SD-WAN?
Second, does the provider offer a managed SD-WAN, including local internet or MPLS access, with end-to-end delivery, technical implementation support, and service assurance to help manage complexity?
Third, does the provider have a clear SASE roadmap integral to its SD-WAN vision? This includes services like zero-trust network access (ZTNA) and cloud access security broker (CASB) for remote workers and cloud firewall and secure web gateway (SWG) to support the branch level.
Kumar Mehta, CDO, Versa Networks
When selecting an SD-WAN solution, CISOs and other security professionals need to consider what will suit both their networking and security needs. Ultimately, the best way to find a secure SD-WAN solution that meets the desired needs, is to pick one that offers true security and reliable enterprise-wide networking.
It’s not enough to only provide a solution that provides the basics of SD-WAN, particularly as there are options on the market that offer so much more. For example, a solution that offers both security and is scalable will allow organizations to have the opportunity to expand their networks and integrate more solutions such as FWaaS. They may even find that they want to integrate SASE solutions which will provide the next layer of network security and quality.
It also shouldn’t matter if an organization is large or small, an SD-WAN solution that offers analytics to meet WAN Edge requirements for small to large enterprises and provides genuine multi-tenancy will mean that it is flexible and will offer organizations ease of use no matter if they are a two branch retail store, or a 200 branch financial organization.
There are also solutions on the market that are available via the cloud, on-premises, or as a blended combination of both, again, allowing a flexibility that is needed for organizations looking to broaden their network.
Laurence Pitt, Director, Cybersecurity Strategy, Juniper Networks
When selecting an SD-WAN solution, the most important question to ask is “How will this solution improve the day-to-day experience for my users?” Frankly, that should always be the biggest concern when making any purchases for or improvements to networks. Video calls need to perform well every time in today’s work-from-anywhere world, as just one example.
The next step to an organization’s purchase is answering that question. The ability to have comprehensive, real-time visibility into the network and end-user experience will give enterprises the opportunity to make any needed adjustments if there is degradation, delays or outages. Some solutions can also do more than simply make you aware that there is trouble; consider whether the organization could benefit from a solution that offers advice and direction to what the problem is and how to fix it.
The next consideration is how well the SD-WAN solution enables organizations to make the required adjustments. For instance, does it rely on tunnels, or can they steer traffic based on the network status, can they direct the traffic to an optimal path, ensuring the experience is protected? Other considerations such as security and overall cost to the organization shouldn’t be overlooked either, as these can affect the experience.
Nirav Shah, VP of products, Fortinet
When evaluating SD-WAN solutions, ask yourself these questions to ensure your deployment is secure, future-proof, and maximizes ROI:
Does it support work-from-anywhere?
SD-WAN with built-in Zero Trust Network Access and next-generation firewall security enables organizations to maintain a secure and consistent user experience whether employees are accessing applications on the road, at home, or in the office.
Does it keep my network secure?
Deploying a solution rooted in security-driven networking principles that tightly integrate SD-WAN, next-generation firewall and advanced routing ensures that your network can evolve without compromising security operations.
Does it scale to support digital transformation?
To support future changes in your network, SD-WAN must dynamically scale to any environment or workload, managed by a single-pane-of-glass, with AIOps to simplify troubleshooting.
Does it support my hybrid or multi-cloud strategy?
SD-WAN must accelerate the cloud on-ramp and address connectivity to the cloud, between the cloud and within the cloud. It should ensure consistent performance and security no matter which cloud(s) are used.
Does it extend into the branch?
SD-WAN should also protect both the WAN and LAN by extending to support Secure SD-Branch. LTE and 5G support as a cellular gateway is also important for improved availability and resiliency.
John Smith, CTO, LiveAction
There are several areas to consider when selecting an SD-WAN solution. First, it’s important to understand your SD-WAN plan in the larger SASE strategy as networking and security continue to converge. No one wants to end up with a SD-WAN solution that doesn’t have a SASE future, or have integration issues with existing SASE solutions.
In addition, as more organizations rely on multi-cloud, CISO’s must ensure that their SD-WAN solution has integrations that allow easy setup and connections to the major cloud service providers. They must know how well branches, campuses and private clouds can connect securely, but also understand the performance impacts. This includes understanding how security aspects of SD-WAN policies are managed to insure segmentation of traffic. For example, setting up policy to allow the segregation of critical traffic routing over only secure connections. If those connections terminate into the cloud, how is the segregation to specific virtual cloud networks handled.
And finally, CISO’s need to understand how SD-WAN and SASE fit into zero trust requirements. One of the pillars of zero trust is visibility and analytics, including network monitoring. This means having a monitoring solution that can provide the level of visibility required, such as end-to-end and/or into encrypted traffic, is critical.