Feature Story

Software-defined WANs, without the compromise

Customers no longer need choose between security and user experience.

Recent work by Cisco is set to banish one of the most vexing problems facing software-defined networking (SD-WAN): the need to make hard choices. 

The latest SD-WAN software and hardware from Cisco does not need separate security products to stay secure, because security is baked in. As part of its secure cloud scale SD-WAN architecture, Cisco security is fully integrated.

SD-WAN is starting to be the de facto standard for wide area networks because with SD-WANs it is easy to connect branch offices directly to a wide range of cloud-based  applications making firms much more agile with their information technology (IT).

But SD-WANs are also often much harder to secure than older networks. That’s because with SD-WAN more data is passing over the internet which is outside of the control of IT, and in turn  increases the exposure for attack. 

See also: Where business networking meets the cloud.

Enterprise Strategy Group says four out of five firms are now using SD-WAN. But 68 percent of attacks are on branch office sites and roaming users, where traffic is going over the public Internet. 

The best way to avoid these threats until now was to try to shield each connection between the network and the cloud, using standalone security products typically deployed in a central location like the data center. But this security model increases the distance between users and the cloud increasing latency and impacting performance. 

But, says Will Townsend, a senior analyst in the networking practice at Moor Insights & Strategy, “those solutions are not integrated within the technology stack. If you can integrate security within the stack, it's going to be inherently easier to deploy and manage.”

It will also be less complex and costly, since each security point product tends to drive incremental IT staff activity and licensing. 

Muninder Singh Sambi, vice president of SD-WAN Product Management at Cisco says that for every dollar that a firm spends on its network and security, it can end up spending four or five more just to manage the whole system. 

That just won’t work as the number of cloud-based applications enterprises are consuming grows. And the growth has only just begun. One big driver of this trend has been the rise of cloud applications such as Microsoft Office 365. As firms have started using such products, they have seen a rising need to securely connect to vendor clouds as well as their own. 

And with the Internet of Things, the number of connections to the cloud could quite soon stretch to many thousands per firm, which makes security even more vital. 

A Different Look

The Cisco secure cloud scale SD-WAN approach now means IT heads don’t have to choose between keeping their networks secure or giving users the best application experience. The Cisco secure cloud scale SD-WAN approach now means IT heads don’t have to choose between keeping their networks secure or giving users the best application experience. Cisco believes that no matter what customers’ business and application requirements are, they shouldn’t have to compromise on their SD-WAN deployments when it comes to security, application performance and IT agility.

With Cisco’s embedded SD-WAN security users can enjoy SD-WAN without risk and firms can deploy systems more quickly because they don’t have to add extra products into the mix. Firms that have tried the approach have been able to get much more out of their networks than before.

Kindred Healthcare in the United States, for instance, saw a fourfold to tenfold boost in application performance using Cisco SD-WAN. It was also able to increase its bandwidth by 700 percent and made an ROI of roughly $2 million over five years. 

Using SD-WAN they were able to secure their users as well as their assets, but at the same time keep up the agility that the business needed while lowering their overall cost. Cisco claims that every WAN device must become software-defined and secure and that no customer should ever have to choose between security and experience. This means that adding defense as standard with SD-WANs is a must,” observed Sambi. 

And there is one final reason why the Cisco approach has a lot going for it, says Zeus Kerravala, founder and principal analyst at ZK Research. Many point products are software-based, which means they cannot see what is going on at the hardware level, he notes. 

“When there’s a problem with the physical network it’s very difficult to map what’s going on from the overlay to the underlay,” he says. “Cisco provides visibility into both.”


The contents or opinions in this feature are independent and may not necessarily represent the views of Cisco. They are offered in an effort to encourage continuing conversations on a broad range of innovative technology subjects. We welcome your comments and engagement.

We welcome the re-use, republication, and distribution of "The Network" content. Please credit us with the following information: Used with the permission of http://thenetwork.cisco.com/.