29 August 2024

SD-WAN – arguably the future of networking across the globe – relies on a flexible, scalable, and secure foundation. But how can the UK’s enterprises ensure they have the stable foundational platform required to reap all the benefits?

Getting strategic

Deploying Software-Defined Wide Area Network (SD-WAN) involves careful strategic planning to balance quality of service (QoS), cost, and ease of installation.

“The starting point is to consider why you want SD-WAN and what objectives you want to achieve with it; whether that’s prioritising and distributing traffic, delivering cost savings, or flexibility to grow and be future ready,” says Neil Gobsill, head of networks and security, Abzorb. “Then understanding which applications are mission critical and require higher levels of performance and reliability.”

This understanding “will not only help determine if SD-WAN is the right solution, but also act as a guide in selecting suitable vendors,” shares Jonathan Wright, director of products and operations at GCX. “Organisations should consider speaking with a managed service provider (MSP) that offers multiple SD-WAN original equipment manufacturer (OEM) vendor options. This can provide valuable insights into the advantages and limitations of various solutions, ensuring decisions are tailored to specific needs.”

From identifying network requirements and evaluating the current infrastructure, to vendor selection, service level agreements (SLAs), and a QoS strategy, all the while optimising the costs – implementing the right SD-WAN is no mean feat.

“Seek out a partner that works with you and does not just implement the tech and disappear. A strategic partner will assist in looking at what technology you have in place, what your objectives are and the best solution to meet them,” advises Neil Gobsill, head of networks and security, Abzorb. “From a tech perspective, look for robust QoS features, cost effective pricing models and ensure that it is intuitive. The SD-WAN solution should include traffic prioritisation, load balancing and dynamic path selection that supports QoS requirements. Keep it simple by making the installation and deployment intuitive and simple with Zero-Touch Provisioning (ZTGP), pre-configuration and remote management.”

Enterprises must also look beyond a siloed SD-WAN project and towards their greater digital and IT infrastructure transformation, reports Eyal Webber-Zvik, VP of product marketing at Cato Networks: “the market is shifting from point products to platforms that solve more than one problem at a time. It is for this reason and more that we believe led Gartner to predict that, by 2027, 65% of new SD-WAN purchases will be part of a single-vendor SASE offering, an increase from 20% in 2024.”

Building a strong foundation

Setting a strong foundation for modular SD-WAN architecture can significantly enhance an organisation’s ability to be responsive and adaptive to future trends, which means that additional bandwidth, sites, and services can be added without overhauling the entire infrastructure.

“A strong SD-WAN foundation allows organisations to be more responsive and adaptive to future trends,” agrees Mark Daley, director, digital strategy & business development, Epsilon Telecommunications. “SD-WAN’s flexibility and ability to manage application performance means that changes in priorities can be implemented quickly and efficiently, ensuring adaptability to emerging trends, market changes, technological advancements, and evolving business needs.”
“By using the latest tech your network can grow with the business, so it is scalable and flexible to adapt for elastic bandwidth and changing traffic patterns,” concurs Gobsill. “You can improve services internally and externally resulting in increased efficiencies and productivity by assuring everyone has the bandwidth capacity they require. Also, in the event of a natural disaster you can have a business continuity plan in place, so the network won’t fail ensuring an automatic failover and load balancing with continuous availability and resilience against outages. SD-WAN future proofs the network and new technologies and applications will be easy to integrate.”

In choosing the right technologies, Anthony Senter, CEO of SDWAN Solutions, recommends “making sure the hardware is multi-purpose and is not near end-of-life. Your connections should be upgradeable and changeable, and your contract should not tie you into a static solution for 3-5 or even 10 years. Choose a solution that integrates easily with others and has add-on functionality like multi-cloud access, XDR or smart IoT.”

“Every IT team today would like to be as fast and dynamic as their business needs, thus I would recommend factoring potential projects into the product evaluation and PoC. For example: how fast can new sites be onboarded? How fast can global expansion be achieved? How quickly can two enterprise networks be connected in an M&A?” asks Webber-Zvik.

End-to-end WAN underlay visibility

To build a strong SD-WAN foundation, end-to-end WAN underlay visibility is vital. Organisations must monitor and manage the underlying physical network infrastructure, ensuring optimal performance, quick issue resolution, and enhanced security.

“Advanced solutions that monitor application performance will offer multiple benefits such as enhanced performance through optimised path selection, strengthened security, detailed insights for fault diagnosis and informed decision-making for future investments,” says Wright. “To achieve this, QoS policies need to be well-defined. An ideal solution should provide a holistic view of both the physical circuit underlay and the virtual SD-WAN overlay.”

Daley agrees that visibility is vital, “particularly in global networks where low latency is essential. High, unpredictable latency can severely impact software application performance. A recommended strategy is to use internet access at the network edge, routing through an SD-WAN hub, and utilising a deterministic MPLS core. Additionally, applying application acceleration techniques can improve performance for internet access and MPLS global cores. By implementing these strategies, organisations can ensure they have a clear, comprehensive view of their network.”

Further, Webber-Zvik highlights that “while most SD-WAN solutions will overcome periodic underlay blackouts and brownouts, understanding when there are systematic issues is far more challenging.”

Future-proofing

A mature SD-WAN foundation sets the stage for adopting SASE, wireless WAN, and other future network trends by providing a scalable, flexible, and secure network infrastructure, enabling organisations to stay ahead of the curve.

“A mature SD-WAN offer serves as a springboard for adopting future networking trends, and provides the necessary infrastructure for seamless integration of cloud-based security services, a key component of SASE,” says Senter. “For wireless WAN, SD-WAN’s ability to manage multiple connection types makes it easier to incorporate 4G/5G links. The programmability and automation capabilities of a well-established SD-WAN also facilitate the adoption of AI-driven networking and edge computing solutions.”

However, Webber-Zvik points out that “this is exactly the difference between tactical and strategic approaches to enterprise networking: SD-WAN maturity alone does not guarantee anything beyond reliable branch connectivity. SD-WAN as a feature of a SASE platform creates the foundation needed to support future trends and changes. IT and networking teams should look beyond their current SD-WAN projects and understand how a SASE platform can enable them to achieve their business outcomes in the near and far future. Buying SD-WAN from a SASE vendor does not mean a complete lift-and-shift of the entire network and security infrastructure. It does mean that whatever the future holds, buying SD-WAN from a SASE vendor minimises the chances of being caught unprepared.”

Resilience by design

Cyber-attacks are, as always, on the rise. The ‘Cyber Security Breaches Survey’ recently revealed that 50% of businesses and 32% of charities report having experienced some form of cybersecurity breach in the last 12 months. As such, incorporating security by design into deployments from the outset is critical for protecting the expanded attack surfaces inherent with SD-WAN solutions.

Working with a security-focused vendor is an absolute must, and choosing vendors with integrated security features like next-generation firewalls (NGFW), intrusion prevention systems (IPS), secure web gateways, and antivirus is recommended; particularly those who undergo regular third-party security audits.
“Working with your technology partner, it is advisable to conduct a risk assessment identifying threats and vulnerabilities, then determine which assets are most critical to your business and would have the highest impact if compromised,” advises Gobsill. “Your SD-WAN solution needs to possess robust security features like integrated firewalls, encryption, secure connectivity and intrusion detection/prevent systems (IDS.IPS). It also needs to meet all compliance and certifications regulations. When designing the solution with your tech partner think of segmentation zero trust architecture, redundancy, resilience and encryption. Also implement a robust multi-factor authentication and access contrails.”

It’s also important to define and enforce consistent security policies across all network segments and sites, using dynamic policy enforcement based on real-time context, such as user identity, device type, and location.

“Organisations should start with a foundation and implement clear, practical policies and distinct responsibilities between the Security Operations Centre (SOC) and the Network Operations Centre (NOC). Additionally, leveraging technologies such as next generation firewalls and network segmentation further enhances security,” says Wright.

Secure Access Service Edge (SASE), which combines networking and security-as-a-service functions into a single cloud-delivered service at the network edge, is widely considered an ideal solution to modern networking challenges, embedding security into the very foundations of the network. Effectively delivering consistent secure access to all applications while maintaining full visibility and inspection of traffic across all ports and protocols, SASE radically simplifies management and reduces complexity – solving the challenge of the increased attack surface.

Indeed, “this is exactly what a single-vendor SASE platform is designed to overcome. When SD-WAN and a robust security stack are ONE software delivered as a cloud-native service, the enterprise is inherently put in the optimal security posture,” explains Webber-Zvik. “The alternative, legacy approach is to tailor the security stack to the various ways and forms the enterprise edges are connected. We already know this is a near-impossible mission for most enterprises. A SASE platform makes this a no-brainer, and available to all sizes of enterprises.”

“To address the expanded attack surfaces inherent in SD-WAN, organisations should adopt a SASE architecture,” agrees Daley. “This approach routes internet traffic through a cloud-based Secure Service Edge, providing high-level protection. Trusted and fully qualified domain traffic can be directly routed, ensuring security from the initial stages.”

In or out?

The decision to handle SD WAN in-house or using a managed service largely depends on several factors, including internal expertise, resource availability, and specific business needs.

According to Webber-Zvik, “some solutions use extensive AI and automation and can be self-managed by most enterprises. Others require special skilled staff and expertise. Managed services can always help, regardless of if the solution is simple or complex to operate. An easy to deploy, use and monitor SD-WAN or SASE is of great value to self-sufficient IT teams and to those who rely on managed services.”

“Most UK businesses that require SD-WAN for their networks tend to outsource network management to service providers,” says Daley. “This is because in-house expertise is often lacking, making managed services a more viable and efficient option. Ultimately, the choice depends on a thorough assessment of the organisation’s capabilities, needs, and long-term strategic goals.”