We live in a multi-cloud world. Companies of all sizes and industries are leveraging public, private, and hybrid clouds for digital transformation. The typical approach is to start with infrastructure and applications - what can/should move to SaaS or IaaS, refactoring or rewriting applications on cloud-native platforms - then move to data protection and backups. Yet, two often overlooked aspects of digital transformation are networking and security. Don't misread this. The networking and security teams have the unenviable responsibility to make sure everything is always accessible, from anywhere, with great performance, while protecting the company for always-evolving threats. The challenge is that as more applications and workloads move to a public cloud or SaaS solution, the more important it is that networking and security evolve with it.
Let's start with a review of traditional networking approaches. It starts with a private WAN, typically MPLS or Metro-Ethernet, that has likely been in place for decades even if the WAN provider has changed over the years. In this architecture, all traffic is routed to the production data center - where the applications reside. This is also the access point for internet traffic and where firewalls, anti-virus, and VPN solutions live, as shown in Fig. 1.
This design made sense before the prevalence of public cloud as the majority of network traffic was internal. However, consider where we are today: most companies have already moved traditional back-office applications to SaaS solutions, whether it's O365, Salesforce, Workday, ServiceNow, etc. Add in the rise of public cloud, edge, and remote workers. We now need to connect and secure a highly distributed environment and workforce. As internet traffic demands rise, backhauling through a monolithic architecture leads to performance issues and a bad user experience. IT is left with the burden of care and feeding of this stack. The same reasons applications move to SaaS and cloud - agility, elasticity, centralized management - apply to network and security. We can and must transform these vital elements of the business.
To truly transform and secure the WAN for today requires more than SD-WAN. It is the combination of SD-WAN, Secure Service Edge (SSE), and commodity broadband internet circuits. Each of these components is independent of the others, but when combined, as the old saying goes "the whole is greater than the sum of its parts." SD-WAN is the foundational element that creates the new distributed WAN architecture. These solutions provide a centralized, policy-based management plane that makes deployment simple. Adding a location is as simple as having someone with "smart hands", not necessarily an IT resource, connect the SD-WAN appliance to power and the internet. The configuration is pushed to the device and voila!, you're location is up and running. These devices also have built-in firewalls, most with IPS/IDS, which allows for a distributed approach to perimeter protection. Again, all configuration is done via the same centralized policy-based management.
Add in SSE for internet traffic, again distributed from each location.
While SD-WAN effectively addresses a multitude of challenges, the importance of security remains paramount, particularly in the era dominated by SaaS and cloud-based applications. Herein lies the significance of Secure Service Edge (SSE). SSE takes a proactive stance by implementing security measures at the edge of the network, safeguarding data at its points of entry and exit. Embracing a zero-trust model, SSE operates with an inherent skepticism, continuously verifying access without defaulting to trust for any user or device. What sets SSE apart is its integration of security features such as firewalling, secure web gateways, and advanced threat detection, offering a comprehensive and cohesive security solution that aligns seamlessly with the dynamics of contemporary cloud-driven applications.
Last, replace the expensive slow legacy WAN with high-speed broadband circuits. The value of SD-WAN is its ability to use multiple circuits for optimum performance. At Summit, we have seen an increase of 5x in WAN bandwidth at lower costs for customers that have moved from MPLS to broadband with SD-WAN.
In today's hyper-connected world, digital transformation is not a luxury; it's a survival strategy. Network transformation with SD-WAN and SSE at its core is the cornerstone of this evolution. These technologies empower businesses to build resilient, agile, and secure networks that can support their digital aspirations. As the digital landscape continues to evolve, embracing network transformation is not just a choice; it's a necessity for businesses to remain competitive and future-ready.