Thought SD-WAN Was What You Needed to Transform your Network? Think Again.

Since its premier over a decade ago, SD-WAN was adopted by enterprises as the go-to-technology for preparing their network for the digital transformation. At the...
Thought SD-WAN Was What You Needed to Transform your Network? Think Again. Since its premier over a decade ago, SD-WAN was adopted by enterprises as the go-to-technology for preparing their network for the digital transformation. At the time this made sense, as SD-WAN brought important advantages: Optimized bandwidth costs, by leveraging inexpensive services like Internet broadband whenever possible. Improved cloud and Internet performance, by sending traffic directly to the Internet and not via distant datacenters. Reduced overhead and complexity, by enabling centralized management and agile orchestration. Indeed, SD-WAN presents an affordable solution for site-to-site connectivity and is the initial building block of WAN transformation. Nevertheless, a full digital transformation involves much more than branch connectivity. The modern digital business needs optimized access to cloud resources, reliable global connectivity, security for all enterprise edges, and particularly today – support for the mobile/remote workforce. What COVID-19 Taught us About Work-from-Home Transition COVID-19 has expedited the need to shift to a WFH (or work-from-anywhere) model. Transforming the network to enable secure remote access to all users, at all locations, is crucial for guaranteeing business continuity in today’s reality, and has become a top priority for IT teams worldwide. To successfully address the sudden demand for remote access caused by the pandemic, IT needs to instantly support all employees, at the same time, without affecting user experience and enterprise security posture. This huge WFH challenge is dependent on these three criteria: global scalability, performance optimization, and converged security. Is SD-WAN the Answer to the WFH Challenge? Trying to solve remote access scalability with SD-WAN requires installing an SD-WAN device at each remote user’s home/office, which is inefficient, complicated, and all but scalable. And without a global private backbone, even the SD-WAN device is dependent on the performance of the public Internet, which is unpredictable, especially over global distances. Finally, allowing remote users to access the Internet without security measures increases the chance for breaches and malicious attacks. It’s no wonder that ever since the COVID-19 outbreak, we’re hearing from more and more IT leaders that their SD-WAN can’t address their most pressing need – provide a secure and optimized WFH environment. Enterprises have come to realize that as a point solution, at the branch level, SD-WAN has only partially prepared their network for the digital transformation. What can IT do now? Add more point products to support WFH? If you’re asking us, the answer is clearly no. More appliances and point solutions entail the cost and hassle of procurement, sizing, maintenance, and upgrades. So, what yes? Move to SASE. Global scalability, optimized performance, and converged security, all together, can be found in Gartner’s new industry category Secure Access Service Edge (SASE). A true SASE platform converges SD-WAN and network security into a single, global cloud service; delivering on top of that, SWG, CASB, NGFW and software-defined perimeter (SDP)/zero trust network access (ZTNA). What it Takes to Really Support Remote Users If we were to boil down the topic to a key takeaway, this is it: A viable remote access solution must be a software-only, cloud-native solution. Let’s revisit the WFH criteria and apply them to SASE: Global scalability – SASE’s cloud-native and globally distributed architecture supports optimized and secure access for an unlimited number of users, on any device, from any location, and without requiring additional infrastructure. Performance optimization – A SASE platform includes a private backbone and built-in WAN optimization, avoiding the unpredictable Internet when connecting remote users to applications. This ensures that application performance from remote is the same as from the office. Converged security – A SASE service provides a natively integrated, complete network security stack. All traffic passes through the SASE network, applying multi-factor authentication, continuous threat prevention, and granular application access policies for applications, both on-premises and in the cloud. SASE – All you Need to Transform your Network In its newly released Hype Cycle for Enterprise Networking, 2020, Gartner acknowledges that COVID-19 has “highlighted the need for business continuity plans that include flexible, anywhere, anytime, secure remote access, at scale.” Gartner advises to prioritize SASE use cases that drive measurable business value, such as the mobile and remote workforce. SASE is what you need to successfully transform your network and provide enterprise-wide remote access. SASE offers a cloud-native, agile architecture with converged network and security that is globally distributed and supports all resources. This is what turns SASE into the ultimate answer to the WFH challenge. With SASE you’ll be able to fully transform your business, deliver a secure, productive, work-from-anywhere environment, and support your enterprise with a network built for today and ready for the future.

SD-WAN: Designed for Completeness?

Completeness, as defined by Oxford Dictionary, is “the state or condition of having all the necessary or appropriate parts.” Let’s analyze SD-WAN’s completeness according to...
SD-WAN: Designed for Completeness? Completeness, as defined by Oxford Dictionary, is “the state or condition of having all the necessary or appropriate parts.” Let’s analyze SD-WAN’s completeness according to this definition. SD-WAN delivers various benefits compared to legacy WANs, mainly offering enterprises cost optimization, agility, and simplicity. To achieve this Gartner outlined four characteristics an SD-WAN solution should include: The ability to replace legacy WAN routers and support multiple transport links such as MPLS, Internet, and LTE. Dynamic load sharing of traffic across multiple WAN connections, based on corporate defined policies. Simplification of the complexity associated with configuring, managing, and maintaining a WAN (e.g., delivering zero touch provisioning for new branches). Secure VPNs and the option to integrate additional network services such as firewall, WAN Optimization, and SWG. (Source: Technology Overview for SD-WAN 02 July 2015. ID: G00279026 Analyst(s): Andrew Lerner, Neil Rickard.) So, What’s Missing? SD-WAN presents an affordable and flexible replacement for MPLS without the complexities associated with traditional WANs. It’s great, really SD-WOW. But, since its premier in 2014 a lot has happened, even a global crisis. Enterprises across all industries and geographies are becoming cloud-first. They require cloud application acceleration, enhanced security for users, locations, and data – without affecting performance, and not to mention having to suddenly shift to a work-from-everywhere model. Network security, cloud connectivity, and remote access are all critical requirements, yet SD-WAN fails to address them. It seems that the definition for technology completeness doesn’t fit SD-WAN, at least not for the modern digital business needs. Don’t Settle for a Faster Horse While SD-WAN is the first step in overcoming MPLS costs and constraints, that in itself isn’t enough to ensure the network keeps up with the business. It’s time to take a leap. Simply augmenting SD-WAN doesn’t result in SD-WAN completeness. Rather, it keeps IT teams caught in the never-ending cycle of installing, managing and maintaining point products. What would Albert Einstein say about doing SD-WAN over and over again and expecting different results? The modern digital business is dependent on the network’s ability to connect all resources, protect them, and adapt to any change. SD-WAN alone isn’t the answer. A new network is needed, built from the ground up, on an architecture fit to support the needs and growth plans of enterprises today. This calls for a Secure Access Service Edge (SASE). SASE is designed for completeness. Introduced by Gartner as a new market category, SASE converges SD-WAN and network security capabilities into a single, global, cloud service. SASE eliminates the complexity associated with the procurement, deployment, and management of numerous point solutions (SD-WAN included) that comprise the enterprise network and security infrastructure. 100% Completeness with SASE SASE creates an agile, scalable and elastic platform that truly transforms a WAN to support the way business is conducted today. The SASE architecture connects and secures sites, cloud resources, and remote users. It delivers the required networking capabilities of security, routing, analytics, scalability, and central management missing in SD-WAN. Some advice from Gartner to avoid confusing SD-WAN with the completeness of a SASE platform: Ask network security vendors to show a roadmap for SASE capabilities, including SD-WAN. Request vendors to demonstrate existing and expected investments in POPs. Avoid SASE offerings that are stitched together (i.e., the complexity of point products). Closely evaluate the integration of services, and the ability to be orchestrated as a single experience from a single console and a single method for setting policies. (Source: The Future of Network Security Is in the Cloud. Published: 30 August 2019 ID: G00441737. Analyst(s): Neil MacDonald, Lawrence Orans, Joe Skorupa.) Completeness matters. Today, more than ever. Without it, IT can’t support future business initiatives. SASE offers a global, converged, could-native architecture that supports all edges – four core qualities essential for a complete network that promises to support business transformation in a constantly evolving industry.

Remote Access Survey: Is the Industry Ready for a Global Crisis?

Remote access isn’t a new demand, yet COVID-19 caught the industry by surprise, with businesses unprepared to effectively shift to a work-from-everywhere model. Why? Because...
Remote Access Survey: Is the Industry Ready for a Global Crisis? Remote access isn’t a new demand, yet COVID-19 caught the industry by surprise, with businesses unprepared to effectively shift to a work-from-everywhere model. Why? Because enterprises were suddenly forced to enable remote access to all users, at once, and from anywhere across the globe. Current solutions, such as Virtual Private Network (VPN) servers, provide connectivity for some users, some of the time. But VPN servers can’t support all the users, all the time – which is exactly what’s needed to continue your business during a global crisis. In our recent Remote Access Survey, we gathered data from 694 IT professionals, who shared their experiences of shifting their business to working remotely, post coronavirus outbreak. We learned that the vast majority (96%) of respondents are still using appliance-based solutions, rather than cloud services. Of those respondents, 64% have a dedicated VPN server, which isn’t suited to deliver the scalability, security and performance needed in today’s evolved business reality. We found that more than half (55%) of the respondents experienced an increase of 75%-100% in remote access usage. And 28% reported a growth of at least 200%. VPN might still be the most common remote access technology, it was never designed to continuously connect entire enterprises to critical applications. And, in a global health crisis scenario, where everyone requires constant remote access, legacy VPN can’t support the extreme load, resulting in slow response time and affecting user productivity. VPN provides secure access at network level, rather than at application level. This expands the attack surface and possibility for data breach, affecting the enterprise’s security posture. Providing remote access to specific applications with granular control is critical for ensuring users get access only to authorized applications, whether on premises or in the cloud. This keeps the network safe and prevents unrestricted access. Still, only 29% of the respondents indicated that they manage remote user access at application level. When asked about performance issues, 67% of the respondents confirmed they receive complaints from their remote users, where connection instability and slow application response are the leading problems. VPN uses the unpredictable public Internet, which isn’t optimized for global access and requires backhauling traffic to a datacenter or up to the cloud. This turns VPN into a chokepoint of network traffic into the datacenter, adding latency and resulting in poor user experience. Enterprises are seeking to strategically address the pressing matter of remote access. About half (45%) of the respondents are planning to upgrade to a larger VPN server, but interestingly only a third of them are considering a cloud service. We’re not surprised by this, and believe it indicates a current, mutual sense of urgency among enterprises, which often results in having to make rash decisions. Gartner’s new guide “Solving the Challenges of Modern Remote Access,” addresses this crisis atmosphere, offering practical recommendations and a step-by-step decision tree for dealing with the explosion of remote access. Fortunately, our customers didn’t experience any of the issues described by the survey respondents. Our SASE platform converges networking and security into a unified, global cloud service, enabling seamless connectivity to all locations, users, and applications. Customers can effortlessly move all their users to work-from-anywhere, without degrading performance or security. This is exactly what we mean by a network that’s ready for whatever's next.

How to Re-Evaluate Your Network Security Vendors | Part 2

When should you re-Evaluate your vendor? Welcome to the exclusive How to Re-Evaluate Your Network Security Vendors blog series! In this article, we will cover...
How to Re-Evaluate Your Network Security Vendors | Part 2 When should you re-Evaluate your vendor? Welcome to the exclusive How to Re-Evaluate Your Network Security Vendors blog series! In this article, we will cover when you should re-evaluate your network security vendor. The first step in re-evaluating your security vendor is finding the optimal timing for it. In this section we will review several cases, which combined or stand-alone, mark an ideal timing to re-evaluate your security vendor.   Hardware Refresh and Footprint Expansion By nature, hardware has a tendency to occasionally malfunction or even perish with time and needs to be replaced every now and again. In addition, capacity upgrades, organizations expanding into new locations all mean it’s time to spend incremental budgets on new hardware purchases or look for alternatives.   License Renewals While the hardware may last for several years, software licenses typically renew annually. If your hardware is mostly depreciated, the main cost is software license renewals, which represent a good opportunity to look into alternatives which may be available at the mere cost of the software license.   M&A and Vendor Consolidation If your organization is going through M&A you may end up with multiple security vendors in your network. Regardless of M&A, you may be looking at a heterogeneous security environment across multiple business units that can offer a simplification and cost reduction benefit when standardizing on a common solution.   International Expansion If you are expanding internationally, you need to consider vendor presence and support of that territory. In addition, network security can be affected by connectivity issues across continents. For example, VPN access and even site-to-site mesh established over large distances, are likely to experience latency issues that affect end user experience.   Cloud Datacenter Migration If you are migrating all part of your infrastructure to the Cloud, you need to integrate the new “datacenter” into your network. This often requires the deployment of new network security solution which may not be available from your current vendor or come at additional cost. In the next part of this series, we will cover what to consider when evaluating current and future vendors.

How to Re-Evaluate Your Network Security Vendors

Part 1: Why You Should Re-evaluate Your Network Security Vendor Welcome to the most important blog post series that you will read all year! In...
How to Re-Evaluate Your Network Security Vendors Part 1: Why You Should Re-evaluate Your Network Security Vendor Welcome to the most important blog post series that you will read all year! In this one-of-a-kind series, we will help C-Levels and directors reach better decisions regarding security strategy and choice of security vendor with the goal of making network security simpler, better and more affordable. This first part in the blog series will cover why you should re-evaluate your network security vendor. The drivers we see for re-evaluating security vendors are: My Network Security Total cost of ownership: the capital and operational expenses associated with the incumbent solution vs the alternatives. Network Security Solution's Agility and Adaptability: how quickly the incumbent solution can adapt to emerging threat and incorporate new capabilities. Support for evolving business requirements: how the current security solution supports new business requirements such as global expansion, Cloud-based resources, and the mobile workforce. This last consideration is of strategic importance because it may require not just a technical comparison, but a rethinking of the overall network and security architecture for the business. Three forces are impacting the way we do business today: Globalization, Cloud, and Mobility. Globalization: Network topology has become more complex as organizations need to connect multiple locations into a single global network and keep it secure. The challenges of securing such a complex network derive mostly from having to deploy multiple security solutions at each location separately. Cloud: The increasing use of Cloud infrastructure and applications is loosening the grip on enterprise applications and data. Business critical information is now spread in multiple locations, some outside your control (like, within Amazon AWS or Salesforce.com). Mobility: “Bring Your Own Device” (BYOD) is now a reality and the ability to control the devices or the way in which they are used, is severely restricted. You need to provide the mobile workforce with secure Cloud access to your enterprise applications and data. In the next part of this series, we cover when you should re-evaluate your network security vendor.