Critical Capabilities for a Successful SD-WAN Deployment

February 13, 2017

Last month, analyst Jim Metzler and I joined together on a webinar to discuss the current state of the WAN. Jim shared research from his recent study into the current drivers and inhibitors for WAN transformation and the deployment of SD-WAN. I dove into how Cato addresses those challenges, including showing our new SD-WAN offering. You can see the webinar for yourself by registering for access to the recording here.

Traditional WANs were never designed to handle the dissolving perimeter. Gone are the days when users and data resided solely in corporate premises. The cloud and mobility are the new norm and the WAN needs the agility capabilities, security, and cost structures to adapt to these changes.

Jim’s research showed in part (check out the webinar for full details) how customer concerns around MPLS and those around the Internet are directly inverse of one another. For MPLS services, customers were most concerned about cost, uptime and latency. Lead time to implement new circuits and security were of lesser concern. With Internet services, security is of greatest concern.

We found similar results when polling respondents about the most important drivers for improving the WAN. Respondents indicated that connectivity costs were the most important driver. No surprise, I suppose, as MPLS costs can be more than 5x the cost of Internet bandwidth. With such high disparity in bandwidth costs, backhauling Internet traffic makes little sense. More companies are looking to avoid the backhaul and use direct Internet access links to put cloud and Internet-bound traffic directly onto the Internet. This is particularly important as business applications move to the cloud (e.g. Office 365, Salesforce, Box, etc.) .

What was more interesting to me was that security was second most important driver for WAN improvement, markedly different from Jim’s finding with MPLS services. At first I was surprised by the results to be honest, but this makes sense as we think about the Internet as tomorrow’s WAN.

MPLS has a reputation for being a secure service because of traffic separation: a user in one customer organization cannot ping, traceroute or otherwise discover (at least at the IP layer) resources on another customer network. But beyond traffic separation, MPLS services provide none of the other security components needed to protect the enterprise. There is no native encryption with MPLS services; data is sent in the clear. There is no protection against malware or APTs. There is also no segmentation to prevent users in one remote office from accessing the rest of the organization’s network.

Which of the drivers below is most important to improve your WAN?

Companies traditionally accepted MPLS limitations, probably because of costs, but also because attack came from “out there” on the Internet. Instead of WAN security they built a closed environment, protecting the WAN from the Internet with a perimeter firewall.

But today’s threat landscape has changed, making ignoring WAN security risky at best. Insider threats are more common than ever. Attackers can get past firewalls and, without segmentation, will spread from an obscure field office across the entire enterprise. The opportunity of filtration as business applications shift to the cloud and mobility has become the norm only grows. Companies can no longer assume that perimeter firewalls will secure WANs.

Businesses now look to security anywhere data travels, which is why I think security plays such big role for so many respondents in improving the WAN. To overcome the traditional problems of the WAN —  high costs, long provisioning times and more — with the Internet or any other transport, security is an absolute requirement.

And that‘s exactly why so many companies look into Cato. With networking and security integrated together, the Cato Cloud allows organizations to leverage the benefits of the Internet without the security problems. I walked through how that’s done and demoed our new SD-WAN offering in detail in the webinar. Check it out for yourself and let me know what you think.

Ofir@catonetworks.com

Ofir@catonetworks.com