Corporate networks are evolving, and networking and security solutions have evolved right alongside them. Legacy solutions for implementing a corporate wide area network (WAN), such as virtual private networks (VPNs), were designed for traditional networks and do not meet the needs of the modern business. Software-defined wide area networking (SD-WAN) provides an alternative.
In 2020, over half of organizations are testing, installing, or upgrading SD-WAN systems. A survey of IT leaders reveals that a number of SD-WAN benefits are driving this increased investment in organizations’ network infrastructure.
Supporting a Remote Workforce
The evolution of modern technology and teleconferencing solutions has made working from home (or from anywhere) increasingly feasible. While many companies were exploring telework earlier, the COVID-19 pandemic forced a rapid and widespread transition to remote work.
With the need to support large numbers of teleworkers, many organizations found that legacy secure networking solutions, such as VPN, were incapable of meeting the needs of the modern enterprise. VPN-based WANs require all traffic to be routed through the VPN endpoint and security stack, whether or not the traffic was intended for the corporate network. This causes significant network performance issues for organizations whose VPN infrastructure was not designed to support a mostly or wholly remote workforce.
SD-WAN eliminates these issues by moving away from the centralized perimeter-based model used for VPN-based secure networks. Instead, SD-WAN appliances are distributed throughout the organization’s WAN, and traffic is optimally routed through these to its destination. This is a major reason why SD-WAN appeals to the 44% of organizations targeting IT investments toward better supporting their remote workforce.
Connecting the Cloud
Most organizations have adopted cloud computing, and 93% of enterprises are using multiple different clouds. Providing secure connectivity to and between these different clouds is a priority for IT leaders.
However, a VPN-based WAN is poorly suited to accomplishing this. In order for an organization with a traditional perimeter-based security model – consisting of VPN tunnels in front of a stack of security appliances – to maintain visibility into all of their traffic, all traffic needs to pass through the corporate network for inspection and policy enforcement before being forwarded on to its destination. This incurs significant network latency and performance impacts when both sides of a connection are outside the traditional perimeter, such as teleworkers and cloud infrastructure.
SD-WAN’s ability to eliminate this inefficient routing is a primary selling point to 66% of IT leaders. SD-WAN appliances deployed in the cloud can route traffic directly between remote users and the cloud or across multi-cloud environments. This capability is essential to maintaining employee productivity and the usability of latency-sensitive cloud-based applications.
The average organization’s security team is understaffed and overwhelmed. They need to cope with an expanding corporate attack surface and increasingly sophisticated and numerous cyberattacks despite a cybersecurity skills gap that leaves them incapable of gaining access to the talent that they require. As a result, anything that helps to decrease the load on an organization’s security team makes them more capable of protecting it against cyber threats.
VPNs are designed to be point-to-point connectivity solutions, meaning that every link between two endpoints requires its own VPN connection. This means that a VPN-based WAN is extremely complex to monitor and manage. Each connection is independent, and any software updates must be applied to every device in the network to be effective.
SD-WAN enables an organization to dramatically decrease the complexity of monitoring and managing its network infrastructure. SD-WAN eliminates the inefficient routing common in VPN-based networks, and, since all traffic passes through a network of SD-WAN appliances, it is easy to aggregate their data and provide network-wide visibility.
Additionally, SD-WAN – and especially cloud-based SD-WAN – provides the opportunity for organizations to take advantage of managed or co-managed SD-WAN services. This further decreases management overhead on the organization’s in-house security team. This is why three-quarters of organizations take advantage of a partially or fully-managed SD-WAN solution.
Beyond SD-WAN to SASE
Technically, SD-WAN is a networking solution. It is designed to enable enterprises to optimally route their traffic over multiple different transport media. This enables it to offer an alternative to expensive multi-protocol label switching (MPLS) circuits in terms of performance and reliability.
However, this is not enough for the vast majority of companies. 91% of enterprises want a solution that provides networking and security integration within a single appliance. This eliminates the need to deploy a stack of standalone solutions behind each SD-WAN appliance to provide network security.
For this reason, many organizations are looking at Secure Access Service Edge (SASE) solutions to implement a secure corporate WAN.
SASE integrates the capabilities of SD-WAN and a complete security stack in a single cloud-based solution. This option makes it possible for organizations to implement a secure and high-performance corporate WAN while further decreasing the burden and resource requirements of an organization’s network security team.