Modern SD-WAN, pillar of the borderless workplace

According to barometer from the Digital Economy Association, more than 98% of companies with more than 20 employees pursue a digital transformation policy. The work environment no longer knows limits. Your users, devices, sites and clouds communicate via any-to-any connections, imposing new access control requirements. Digital innovation has led to the proliferation of IoT software and devices where the cloud and web host a multitude of applications, and equally many networking and security challenges.

The evolution of the digital environment

In the 2000s, Multiprotocol Label Switching (MPLS) technology was used to route all network traffic to central data centers to use local applications. This system was efficient and offered with service level agreements (SLAs). Later in the 2010s, growing demand for audio exchange, video collaboration, and cloud applications led to an increase in WAN bandwidth requirements for branch offices and branch offices. In addition to becoming very expensive, MPLS technology has proven to be insufficiently dynamic. It also lacked visibility and control at the application level. SD-WAN then appeared to solve these problems, by combining the optimization of the Internet’s economic logic with increased application visibility and better control of data routing at reduced costs.

The Limits of Traditional SD-WAN

With the explosion in the volume of cloud applications and IoT devices, application-driven policy-based controls are no longer sufficient, especially for SD-WAN solutions that do not apply Zero Trust principles. As modern enterprises evolve, they must now equip themselves with a context-aware SD-WAN based on the Zero Trust approach. This way, they can benefit from fast, reliable and secure access to any application and any device, regardless of where they connect, with total visibility and a set of appropriate control systems. This is possible through contextual policies that include understanding applications, users and devices, and their respective risks. These policies thus make network operations smarter and safer.

A traditional SD-WAN solution is also not capable of supporting a large volume of applications, which can slow a company’s ability to innovate and differentiate itself from the competition. In fact, this technology was designed to manage between 3,000 and 4,000 applications, although their number today exceeds several tens of thousands on the web and in the cloud. Additionally, SD-WAN is designed to offer software-defined configuration, management, and monitoring. It performed this role perfectly, until the moment when assigning traffic priorities to all applications became a major challenge. Network operations teams are forced to manually configure these applications one by one. This extremely slow and error-prone process is no longer suitable for tens of thousands of applications.

Another essential point is that control is not possible without visibility. In fact, they are two sides of the same coin. How to control applications without visibility? How to distinguish those who are authorized from others? SD-WAN solutions must be able to strike a balance in this area.

It is also important for enterprises to be fully aware that users and devices can pose a major risk to WAN transformation. They must, therefore, manage the connectivity and security of teams working on site with the same rigor as remote employees. Traditional branch and branch-level SD-WAN solutions do not provide the additional visibility and context needed between users and devices. This visibility and context can bring data about users and devices into SD-WAN policy, which is useful for building better control systems. In the absence of context, is there a policy to quarantine a visitor who has an unmanaged device that could pose a security threat? What about micro-segmentation of IoT devices at the edge when they are compromised and providing access to the corporate network? These issues clearly illustrate the limitations of traditional SD-WAN.

The benefits of a context-aware Zero Trust solution

To overcome these difficulties, contextual SD-WAN can decode thousands of software and cloud services to identify content and its environment, including applications, devices and users, as well as their respective risks; which makes it possible to solve the main problems posed by traditional long distance networks. Additionally, it offers the ability to run efficient operations while managing a large number of applications. This frees network operations teams from performing manual tasks, thereby improving operational efficiency.

Additionally, the Zero Trust approach gives enterprises access to automatic detection of all IoT devices, whether managed or unmanaged, and micro-segmentation to control risks that may be associated with a compromised device. An IoT device such as a camera can indeed be exploited to send video to an unauthorized application. In the event of a compromise, it is easy to block this device thanks to micro-segmentation that will limit the impact of the incident and resolve it quickly. Finally, the need for context was originally felt primarily at the subsidiary and branch level, but is now equally essential for granular control systems and policies designed to manage applications, devices, and users.

Businesses often struggle with poor user experience, inconsistent policies, insufficient security, and limitations of existing networking solutions. One reason for this is traditional SD-WAN architectures, which are bulky and unsuitable for next-generation application management requirements. This is why enterprises must adopt modern SD-WAN, as part of a Zero Trust approach, that is capable of providing them with contextual network connectivity and security capabilities. This strategy allows users of laptops and other devices to benefit from the same level of application experience and security as in the company’s offices, in a work environment that today has no borders.

Leave a Comment