When organizations began to fully embrace both the work-from-anywhere (WFA) user model and multi-cloud strategies, IT leadership quickly realized that traditional networks lack the flexibility needed to support modern digital transformation initiatives. 

Legacy network shortcomings led to the rapid growth of software-defined wide area networking (SD-WAN). This next-generation technology enables a more agile network and provides high-performance access to cloud applications for users on-premises and off-premises. It eliminates the need for backhauling—routing remote traffic through the data center before accessing the internet—enabling direct access to critical cloud services. The benefits are many and include:

Better application performance: SD-WAN can prioritize business-critical traffic and real-time services like Voice over Internet Protocol (VoIP), steering it over the most efficient route and incorporating advanced WAN remediation. Having several options for moving traffic helps reduce packet loss and latency from heavy traffic. 

Increased agility: Organizations can easily scale to whatever sites and traffic levels they experience, eliminating the need to plan network upgrades months or years in advance.

Cost savings and ROI: SD-WAN routes traffic efficiently over multiple channels—including existing MPLS circuits and the public internet via LTE, broadband, and 5G. This maximizes the usage of available WAN capacity and eliminates the need for new MPLS bandwidth, cutting costs. It also optimizes operations and reduces network outages, which frees up IT resources so they can work on other things.

Common SD-WAN misconceptions
Like all technologies, SD-WAN has evolved since it was introduced several years ago. Though it has been around for some time, many in the industry have not embraced it and don’t fully appreciate its capabilities because of some misconceptions. Below are four common myths about SD-WAN:

SD-WAN causes latency: This is not true. Secure SD-WAN eliminates the need to backhaul traffic for security checks because it can do this closer to the remote location where the traffic originates. This reduces latency.  

SD-WAN = uCPE + SSE: Universal customer premises equipment (uCPE) that is stitched together with different virtual machines and security service edge (SSE) components that come from different vendors creates complexity. An integrated solution like SD-WAN from a single vendor is much more efficient. They are not equally effective solutions.

Networking and security solutions should be procured separately: Secure SD-WAN isn’t only about networking. A vendor with strong capabilities and deep experience in both networking and security is going to provide IT organizations with better solutions. 

SASE will replace SD-WAN: This won’t happen because SD-WAN is a foundational element of SASE, a comprehensive solution that securely connects the hybrid workforce. The right SD-WAN needs to be in place for a smooth, seamless transition to SASE that meets the organization’s needs.

The future of SD-WAN
With the rise of distributed applications and the continued increase in network traffic, SD-WAN will continue to grow in importance as a critical part of corporate network infrastructure. In fact, it’s becoming foundational to the distributed, hybrid network because it gives IT teams the visibility to anticipate network issues, automate remediation, enforce consistent security policies, and centrally control access to applications and resources. 

It is also a critical step on the journey to SD-Branch, software-defined secure networking for branch environments, and SASE. Because it plays such an important role in these technologies, SD-WAN needs to be fully autonomous to provide scalable and resilient architecture.

Additionally, the role of AI and automation will continue to grow, especially within Secure SD-WAN solutions that leverage these tools to detect, contain, and respond to emerging threats. Finally, ensuring optimal user experience should be top of mind for CIOs because if users run into challenges accessing resources they need to work, they may find workarounds that will expose the network to threats. 

Embrace SD-WAN for more nimble infrastructure
SD-WAN is an excellent network security solution that has not been fully embraced by all because of some lingering misconceptions. It’s past time for IT leadership to bust the myths and move forward. The future demands that organizations have more agile and secure networks and provide their WFA users with seamless access to data and applications on the cloud.

Fortinet’s Secure SD-WAN solution provides Secure SD-WAN on-premises and in the cloud while offering FortiGuard AI-Powered Security Services to protect sensitive traffic. 

SD-WAN

Despite popular belief, most of today’s smartphones don’t connect directly with satellites orbiting our planet. The vast majority connect to nearby cell towers rooted in the earth. For the everyday consumer, space-based communications are largely limited to phone packages for use during localized emergencies when network coverage is down, or on remote camping trips via specialized “sat” phones.  

But in our hyper-connected and increasingly hybrid world, the need for more sophisticated communication is now required. Indeed, from an individual perspective, one of the biggest demands we place on our mobile phones and computers is better connectivity and access to the internet, anytime and anyplace. 

Apply the potential of unrestricted internet access through a government and business lens, and the results are even more transformative – from helping intelligence and security services and offices operate in isolated regions, to environmental agencies conducting research in remote parts of the planet. 

As investment and use cases in space-based comms continue to increase, it leaves the world asking, is space the great connectivity enabler? Could the answer to the future of communications really lie in the stars? 

Who’s winning the space-based comms race? 

Space-based communications is enjoying a period of sustained investment, and the tech is becoming significantly advanced. Private sector funding in space-related companies eclipsed $10 billion in 2021, while the EU announced ambitious plans to invest €6 billion in space communications at the beginning of 2022 as we move more operations into space. 

Although household names such as DIRECTV (television broadcasting) and Sirius XM (satellite radio service) represent concrete examples of satellite comms in the mainstream, continued investment is giving rise to more innovative and forward-looking space-based comms. 

Companies such as Iridium and Viasat handle highly specialized public and private sector workloads. Space X’s Starlink is perhaps the most recognizable player in the space-based comms race. Starlink’s aim is to provide affordable internet access to everyone, anywhere in the world, and its service has grown rapidly over the past four years, with more than 3,000 satellites in orbit and over 500,000 customers since 2019. It has clearly demonstrated its influence, reach, and resiliency as the communications network helping Ukraine to resist the Russian invasion.  

Low-orbit earth satellites and SD-WAN combine 

The pros of satellite services are clear: with blanket coverage across our planet, it’s conceivable that one day every square inch will be covered. From an environmental perspective, they’re almost completely fueled by solar power, and can be more cost-effective for communication over long distances. 

As a WAN access technology though, satellite communication does experience its fair share of obstacles. For example, because signals must travel into space and back down to earth, there is the inescapable physics of latency eroding performance.  

Additionally, some providers tend to rely on packet manipulation, such as queuing, to deliver a higher quality service. However, when this is combined with business–focused overlay technology – such as SD-WAN – the packet manipulation can damage network performance. 

Fortunately, several providers have developed ways around this. Starlink’s technology specifically uses low-earth orbit systems that operate physically closer to earth, which greatly reduces latency and the associated heavy processing demands of traditional satellites. This is making it possible to easily integrate space-based access paths into existing terrestrial SD-WAN networks. 

The result: low latency and high bandwidth communications capable of reaching the most remote locations on the planet, where the internet was previously inaccessible. The idea is, anywhere you can see the sky, you can access the internet.  

The next evolution in space commercialization 

MetTel’s successful deployment of SD-WAN on SpaceX’s Starlink service signals a continuing shift as space-based comms transitions to a cloud-based, software-centric approach. 

And more widely, Starlink’s investment reflects the increasing commercialization of space, as it becomes a major provider of global communications.  

According to Harvard Business Review, “95% of the estimated $366 billion in revenue earned in the space sector was from the space-for-earth economy” – goods or services produced in space for use on earth, such as telecommunications and internet infrastructure, earth observation capabilities, and national security, among others. 

Next we’ll see much greater emphasis on the space-for-space economy as humanity moves out to the moon, Mars, and other destinations in our solar system. These new habitats will require the same types of IT infrastructure as we have on earth, as well as connectivity back to earth. 

Ultimately, as mass production and competition continue to drive down costs, space-based comms will bring business-grade connectivity and network management to anywhere on earth – and beyond  – without the need for the costly extension of terrestrial networks to remote locations. 

SD-WAN, Telecommunications

Today’s digital era has triggered a mass modernization of corporate IT infrastructures. But in upgrading networks and security systems with technologies like SD-WAN and SASE, IT teams face a paradigm shift in managing a cacophony of new tools and service providers behind them.

SD-WAN and SASE: essential for secure innovation and remote work

Company leaders are feeling the pressure: Now is the time to modernize IT or risk losing the company’s competitive edge. Accelerated demands in digital transformation and remote work have forced companies to upgrade their legacy networks and security systems so they can adequately support online services, cloud innovation, and artificial intelligence.

Two technologies are key in making these foundational upgrades: Software-Defined Wide Area Networks (SD-WAN) and Secure Access Service Edge (SASE). The SASE market will exceed $13B by 2026, a figure unscathed by economic pressures, according to Dell’Oro Group.

These interrelated tools make it faster, easier, and more affordable for businesses to securely connect offices and remote users to the applications and information they need to get work done. Moreover, SASE solutions package SD-WAN with four security capabilities for protection across the network, the public internet, and cloud applications.

While SD-WAN and SASE are praised for revolutionizing IT infrastructures, deployments trigger a wake of changes compounding complexity without the right management strategies in place.

Modernization requires smarter management while keeping an eye on costs

Knowing how to respond to the demands of SD-WAN and SASE can be the difference between a successful modernization project and a digital transformation disaster.

SD-WAN Requirements: In-depth Intelligence about Apps, Workloads, and Assets

One of the key advantages of SD-WAN is its ability to allocate network resources to the applications most important to the business. By prioritizing bandwidth, SD-WAN ensures the most critical tools are always up and running because they “get fed first.” This feature is known as application-based routing, and establishing traffic steering policies is a primary step in designing how any SD-WAN solution will function.

But here lies the critical prerequisite: You can’t establish traffic steering policies if you don’t first have a prioritized list of all your applications ranked from highly critical to discretionary. This is key for SD-WAN readiness because it serves as the blueprint for solution design. Technologies make asset inventories easy. Software used for network workload analysis, expense management, and Shadow IT discovery can help build network maps and a centralized catalog of applications, services, and connected devices and users.

The risk of unnecessary complexity: more IT services to manage

SD-WAN and SASE can spur unforeseen management headaches, and given today’s staffing challenges, companies may not be prepared to take on the vast administrative responsibilities of handling increasingly distributed IT environments with more providers. Here are the primary sources of provider sprawl:

ISPs: Trading MPLS connectivity for broadband connectivity comes with the challenge of more internet service providers (ISPs), particularly for services across a wide geographical area. This can mean switching from one carrier to tens if not hundreds of ISPs.

Security & SASE: Every SD-WAN project should spur a security conversation, and converged SASE solutions make it easy to address network security. But this isn’t enough. Multi-layered security for the entire IT environment requires more tools and providers. Consider endpoint security, threat detection and response services, and comprehensive Zero Trust tools.

IaaS: Ancillary SD-WAN services include direct interconnections to cloud service providers, which is why companies use SD-WAN to migrate to the cloud. But again, cloud Infrastructure as a Service (IaaS) saddles IT teams with yet more distributed providers.

What’s at risk? Costs can get out of control. IT modernization generates a sprawling landscape and when not well managed, both hard and soft costs go unchecked. Cloud service overspending can be as high as 70%, according to Gartner.

SD-WAN & SASE: managing it all

Successful modernization strategies give equal weight to building the IT infrastructure as they do to building the support systems and operations teams necessary to champion SD-WAN and SASE after implementation. Responsible management focuses on key areas of focus:

Tactical management:

Inventories need to be maintained for network services, SaaS apps, users, and their mobile devices, and data cleanliness is of utmost importance.Network service quality should be managed; troubleshooting can be time-consuming.Invoices need to be collected, validated, and paid on time to avoid service disruptions.Credits should be collected when providers fail to meet service level agreements.Contracts and renewals need attention at the end of every lifecycle.

Strategic management:

Centralization brings aggregate benefits:Visibility into all assets and services in one dashboard.Integrations with global providers and internal IT ticketing systems.Advanced analytics evaluating complex data across many data streams.The IT ecosystem means synthesizing insights: There are manylinks in the IT ecosystem (it’s more than just SASE connecting the network with security) – for example, SD-WAN telecom services and corporate mobile devices go together and should therefore be managed together.Converged tools create converged teams: When network, security, and financial data come together, leadership should also bring together, like operational teams.Cost optimization: most companies overestimate their SaaS and IaaS needs, and the ability to correlate usage data with asset ownership helps shed waste by identifying redundant applications and underutilized resources.

Worried about management? Technologies and services can help

Software and services can help alleviate the manual work of management. When teams aren’t prepared to take a do-it-yourself approach, outsourcing can take the workload off internal teams. IT expense and asset management solutions address network services and cloud infrastructure and SaaS applications, as well as mobile devices, delivering benefits across broad areas:

Management: Automating the administration of IT services, mobile device lifecycles, and invoices.Cost Savings: Evaluating IT spending to cut costs and identify inefficiencies as well as unused resources.Consulting: Assisting with service contract negotiation and IT investment strategies that transform the business—rather than just help run the business.

Effective management avoids unnecessary complexity

Modernizing an IT infrastructure requires a constellation of tools and services—and the degree to which a company can effectively manage its assets, providers, and expenses—determines whether it can operationalize SD-WAN and SASE without adding unnecessary complexity.

Without effectively managing all that surrounds SD-WAN, it’s nearly impossible to understand the cost of, or guarantee the performance of—much less the security of—the business’s technology investment.

IT and procurement leaders find it helpful to take a centralized approach, administering all SD-WAN and SASE services and tools in one place with a keen eye on costs. With excellence in tactical and strategic management, it’s far easier to realize the full value of an IT modernization effort.

To learn more about network cost optimization, visit us here.  

Endpoint Protection, Master Data Management, Remote Access, Remote Access Security

By: Nav Chander, Head of Service Provider SD-WAN/SASE Product Marketing at Aruba, a Hewlett Packard Enterprise company.

Today, enterprise IT leaders are facing the reality that a hybrid work environment is the new normal as we transition from a post-pandemic world. This has meant updating cloud, networking, and security infrastructure to adapt to the new realities of hybrid work and a world where employees will need to connect to and access business applications from anywhere and from any device, in a secure manner. In fact, most applications are now cloud-hosted, presenting additional IT challenges to ensure a high-quality end-user experience for the remote worker, home office worker, or branch office.

Network security policies that are based on the legacy data-center environment where applications are backhauled to the data center affect application performance and user experience negatively within a cloud-first environment. These policies also don’t function end-to-end in an environment where there are BYOD or IoT devices. When networking and network security requirements are managed by separate IT teams independently and in parallel, do you achieve the best architecture for digital transformation?

So, does implementing a SASE architecture based on a single vendor solve all of these challenges?

SASE, in itself, is not its own technology or service: the term describes a suite of services that combine advanced SD-WAN with Security Service Edge (SSE) to connect and protect the company from web-based attacks and unauthorized access to the network and applications. By integrating SD-WAN and cloud security into a common framework, SASE implementations can both improve network performance and reduce security risks. But, because SASE is a collection of capabilities, organizations need to have a good understanding of which components they require to best fit their needs.

A key component of a SASE framework is SD-WAN. Because of SD-WAN’s rapid adoption to support direct internet access, organizations can leverage existing products to serve as a foundation for their SASE implementations. This would be true for both do-it-yourself as well as managed services implementations.Enterprises are operating a hybrid access networking environment of legacy MPLS, business and broadband internet 4G/5G and even satellite.

Today, enterprises can start their SASE implementation by adopting a secure SD-WAN solution with integrated software security functions such as NGFW, IDS/IPS, DDoS detection, and protection. Organizations can retire branch firewalls to simplify WAN architecture and eliminate the cost and complexity associated with the ongoing management of dedicated branch firewalls. The Aruba EdgeConnect SD-WAN platform provides comprehensive edge-to-cloud security by integrating with leading cloud-delivered security providers to enable a best-of-breed SASE architecture. Moreover, the Aruba EdgeConnect SD-WAN platform was recently awarded an industry-first Secure SD-WAN certification from ICSA Labs.

When it comes to SASE and SD-WAN transformations, enterprises may have different requirements. Some enterprises, particularly retail, retail banking, and distributed sales offices that require essential SD-WAN capabilities plus Aruba’s EdgeConnect advanced application performance features, can be included in a single Foundation software license that includes a full advanced NGFW, fine-grained segmentation, Layer 7 firewall, DDoS protection, and anti-spoofing. The EdgeConnect SD-WAN is an all-in-one WAN edge branch platform and includes a Foundation license that is simpler to deploy and support for enterprises with lean IT teams and can replace existing branch routers and firewalls with a combination of SD-WAN, routing, multi-cloud on-ramps, and advanced security. It has the added flexibility for an optional software license for Boost WAN Optimization, IDS/IPS with the optional Dynamic Threat Defense license, and automated SASE integration with leading cloud security providers, which provides a flexible SD-WAN and integrated SASE journey.

Then there are other enterprises that require more advanced SD-WAN features to address complex WAN topologies and use cases. An Advanced EdgeConnect SD-WAN software license includes the flexibility to support any WAN topology, including full mesh and network segments/VRFs to account for merger and acquisition scenarios that require multi-VRF/overlapping IP address capability. The Advanced license supports seven business-intent overlays that allow enterprises to apply comprehensive application prioritization and granular security policies for a wide range of traffic types. Like the Foundation license, the Advanced license also supports the same optional software licenses for WAN Optimization option, IDS/IPS option with Dynamic Threat Defense license, and automated SASE integration with leading cloud security providers.

Many enterprises will benefit from a secure SD-WAN solution that can retire branch firewalls, simplify WAN architecture, and gain the freedom and flexibility benefits of an integrated best-of-breed SASE architecture. Aruba’s new Foundation and Advanced licenses for Aruba EdgeConnect SD-WAN enable customers to transform both their WAN and security architectures with a secure SD-WAN solution that offers all the advanced NGFW capabilities and seamless integration with public cloud providers (AWS, Azure, GCP) and industry-leading SSE providers. This robust, multi-vendor, best-in-breed approach for SASE adoption will mitigate the risk associated with relying on a single technology vendor to supply all the necessary components while enabling a secure cloud-first digital transformation enabling enterprises to embark on their own SASE journey.

SASE

Coforge, formerly known as NIIT Technologies, is a global digital services and solutions provider with a presence in 21 countries. The company has more than 20,000 employees, 250-plus customers, and 25 delivery centres spread across nine countries.

However, as recently as three years back, these numbers didn’t look as good. “In 2018-19, the India-based company had about 9,000 employees and 11 offices. This was when the management decided to accelerate growth by aggressively adding employees and newer geographies. The existing network infrastructure at that time, however, was severely inadequate and couldn’t have matched steps with the desired business growth,” says Jitendra Mohan Bhardwaj, CIO and CISO at Coforge.

Jitendra Mohan Bhardwaj, CIO and CISO at Coforge

istock

The company was saddled with a distributed network architecture with multiple managed service providers to deal with. There were issues such as high network maintenance costs, poor collaboration experience, only moderate data security, and excessive time for customer onboarding. It ultimately turned to an SD-WAN (software-defined wide area network) to address all these issues.

Sushant Rabra, a partner at KPMG, says the benefits Coforge saw are in accordance with the potential of SD-WAN. “Large and complex organisations, with a lot of legacy infrastructure, pay through their noses when it comes to network connectivity. Managing different service providers, ensuring point-to-point quality of service, and delivering at the right speed are all a burden on companies. The cost savings of 25% to 30% achieved by leveraging SD-WAN, therefore, doesn’t surprise me. The technology uses the same network more efficiently, thereby lowering costs,” he says.

KPMG’s Rabra says the technology is “fairly mature” and its adoption in multinational enterprises, financial services and manufacturing companies will increase going forward. Various reports peg the SD-WAN market growth in India at 24% to 30% annually. “There are several drivers for this growth. COVID has led to a disruption in the location of work. [In India,] companies are now looking at opening offices in smaller cities such as Coimbatore and Lucknow. The explosion of data from varied sources such as IoT and video analytics is driving an explosion in network outreach. With 5G launch around the corner, there will be thousands of sources to connect to. In such a scenario, the classical mode of connectivity is too complicated. SD-WAN can help overcome all these challenges,” he says.

Legacy network infrastructure posed multiple business and technology challenges

As Coforge had overseas development centres at various locations, there were network termination links at each of the sites. To manage these sites, it had to deploy several network engineers, which increased the cost of maintaining the network. “Besides, the teams had to manually migrate failover traffic from one ISP [internet service provider] to other during service degradations. Managing bandwidth of ODCs [overseas development centres] in different time zones of the US, Europe, and Australia was also a challenge,” says Bhardwaj.

“One of the first things a potential customer asks is how much time will it take to set up the IT infrastructure. If I must onboard a customer, I need network connectivity at that place. So, mastering this turnaround time and uptime, once the customer was onboarded, was also on our priority list,” he says.

The emergence of cloud as a business differentiator was another driver for the company to take a new look at its existing network infrastructure. “For instance, earlier, people had Microsoft Exchange on their premises. But with the advent of Office 365, you need to have better cloud connectivity and control over bandwidth optimisation. SaaS collaboration solutions were also gaining traction. In a distributed architecture with multiple service providers in multiple locations, managing all this was a nightmare,” Bhardwaj says.

With a spurt in cyberattacks, there was also a need for a single pane of view of what was happening in the company’s infrastructure. “We needed to know if any link was going down, if a particular router was under threat, or if there was a DDoS attack happening. It was critical to monitor any abnormal traffic flowing from a particular IP address, which could indicate a ransomware attack or malicious activity. Unfortunately, we were unable to track all this with the multiprovider setup,” he says.

Zeroing in on SD-WAN as the right solution

To overcome these bottlenecks in the way of business growth, Coforge decided to implement an SD-WAN.

“In 2019, SD-WAN was a new concept, with few implementations in the country. We therefore decided to go for a proof of concept to see how the solution would work in the company’s environment. Proof of concept is normally done in controlled environments. [But] once the controls are off and the solution experiences full load, performance degrades. Several projects have been rolled back because of this,” Bhardwaj says.

To avoid such a situation, Bhardwaj decided to go for a proof of concept with full load. Locations at two cities that didn’t have too much traffic were run live in parallel, with traffic was diverted to them.

“We spent considerable time of about eight weeks in this because we wanted to test the solution with full load. If successful, this could be the template for other cities. Once we were satisfied with the outcome, we decided to go ahead,” he says.

After a cost-benefit analysis and looking at the lack of relevant skills in the market, the company decided to go ahead with the implementation through the managed services route. Coforge provided sitewide configuration to the service provider, and the implementation was done remotely with policy push at all SD-WAN customer premises equipment (the routers). There were WAN links at Coforge’s offices, the controller was deployed at the ISP cloud to centrally manage all the customer premises equipment, and a cloud gateway was established for connectivity with other locations.

Coforge implemented the SD-WAN across 11 office locations, including Greater Noida, Mumbai, Hyderabad, and even foreign locations such as Atlanta, New Jersey, and London. The project took six months to complete and went live just before the COVID-19 pandemic started.

Appropriate planning to ensure setup with minimal disruption

Bhardwaj divided the project into smaller pieces “to monitor its success and ensure that learnings from each phase are ploughed back into the next phase. Phase 0 involved a lot of brainstorming with our service providers and customers. In phase 1, high-level designs were done, requirements were frozen, and risk mitigation was completed. We identified the cities and conducted the proof of concept in phases 2 and 3. Some of our customers have point-to-point connectivity, while some of them have IPsec tunnel connectivity. In some cases, we had to set up VPN for them. This was taken up in phase 4 where we worked closely with our customers’ IT teams,” says Bhardwaj.

Communication with the technology provider is a bigger challenge. Often, there is a gap between what is promised and what is delivered. So Bhardwaj fixed daily, weekly, and fortnightly meetings to get timely and frequent updates on the project.

“Besides the daily and weekly calls with the service provider’s team, I used to have an in-person meeting with their seniormost person in the country every fortnight. SD-WAN routers were the only hardware needed for the project and their timely delivery was crucial. The meeting helped in tracking the delivery time and the make of the equipment. This helped us to do the back-end calculation and come up with the critical path of the project life cycle,” he says.

Coforge also imparted training to its people for smooth functioning of the SD-WAN after it went live. “We knew we were the project manager and would have to run the project subsequently. So, we invested in our people by getting them trained and certified on the technology,” says Bhardwaj.

Achieving efficiency, security, agility, and cost reduction through the SD-WAN

With the SD-WAN deployment, Coforge has optimized its WAN Infrastructure, resulting in enhanced efficiency, security, and reduced costs, says Bhardwaj.

As part of the reorganisation and consolidation of infrastructure, the company moved from 44 internet links to 11 internet links. By replacing multiple service provider offering portions of the bandwidth with a single provider, Coforge was able to save costs.

With the entire network now managed from a central location, the need for on-site engineers also came down drastically, leading to further cost savings. “While there are one or two network engineers at critical locations, we have removed them from most locations. By remotely controlling the services, we were able to move 20% of our workforce from nonbillable projects to billable projects,” says Bhardwaj. Coforge also offers infrastructure management to its customers, and the excess manpower was shifted there.

“In such projects, one year is not enough to expect return on investment. We therefore looked at a three-year time frame. From a cost-benefit analysis, overall cost savings were in the range of 25% to 30% over three years,” he says.

Because SD-WAN provides a view of the network load at any point in time, it has helped the company achieve bandwidth optimisation. “If there is a process running in the US, we can give more bandwidth to it in the evening, while the same link can be used in the morning for a customer in Asia. Similarly, if there’s an important board meeting scheduled with certain processes running parallelly, we can prioritise bandwidth allocation at the click of a button,” says Bhardwaj.

Coforge was also able to optimise bandwidth for its cloud offerings. “A call over a collaboration tool could have multiple points of failure — a packet drop in the network, a challenge in the endpoint device, or an issue with the cloud service provider. “The SD WAN helps us proactively see where the packet drops are happening and automatically switches over to another link,” he says.

Similarly, with the adoption of Office 365, the MPLS and internet requirements have gone up. “The SD-WAN enables us to recalibrate our bandwidth according to the new infrastructure, thereby lending the much-needed agility,” says Bhardwaj.

Compared to the earlier days of MPLS and distributed architecture, “the company has also been able to accelerate customer onboarding by 50%. It used to take six to eight weeks, which has now come down to less than four weeks. This brings scalability in operations as we can quicky add a new office. Although this is an internal IT infrastructure, it becomes a selling point for my sales team when they approach customers,” Bhardwaj says.

On the aspect of cybersecurity, he says, “The SD-WAN provided us defence against DDoS. We were fortunate to implement it just before the pandemic as we saw lots of attacks during this time on our infrastructure.” KMPG’s Rabra advises, “The SD-WAN initiative should run in parallel to the cybersecurity initiative. As the technology would bring all traffic under one roof, it becomes even more important to enhance the security of the network. While there is some amount of security in-built in SDWAN and it provides visibility at the packet level, technology leaders would need to know what’s happening with data at the broader level.”

With SD-WAN’s active/active mode, which allows for automatic failover without manual intervention, Coforge ensures 99.999% uptime for its customers. In the absence of committing such high uptimes, the organisation risks losing revenue.

“Since the deployment, we have grown tremendously, almost double of our size in terms of revenue and manpower. We have already rolled out SD-WAN to all our offices and delivery centres and will keep extending it to new offices as and when we add them,” says Bhardwaj.

SD-WAN

The shift to a digital business environment in financial services began well before the pandemic pushed it and other sectors to more rapidly embrace digital transformation. As customers have become increasingly digitally savvy, they demand that financial services firms be more responsive to their needs. Those organizations that don’t make that change risk losing their customers to those that adopted an agile, customer-centric approach to business.

The financial services sector is also subject to more rigorous regulatory requirements than some other industries. Protection of PII data is critical, as financial services firms are extremely popular targets for hackers. Even in the best of times, financial organizations were under constant threat of a cyberattack. During the pandemic, that threat multiplied exponentially.

Three-quarters (74%) of banks experienced a rise in cyber crime since the pandemic began in 2019. However, for many financial services organizations, security and agility traditionally haven’t been mutually achievable—oftentimes, one was sacrificed for the other. That won’t work in today’s digital environment, where customer experience is the top priority.

Customers today want a user experience that is seamless across devices and environments. These days, it’s not unusual for a customer to access a bank’s mobile app to check their account balance, deposit a check or chat with a representative. Customers want to be able to transfer money to anyone, anywhere; get an answer instantly regarding their loan application; and have access to their deposits right away, with no hold on their funds. They want to initiate a transaction online and have the option to finish it in the branch via a rep (either in-person or via video) who can also let the customer know about service offerings that may be beneficial to them. And they want all these things with minimal friction or delay.

Enabling these customer-centric services requires a level of agility not seen traditionally in financial services organizations. Organizations must also ensure their data is protected and compliant. SD-WAN can help financial services organizations achieve network agility and security. Its benefits are myriad and far-reaching, able to accommodate the services that enable financial services organizations to provide customers with the highest-quality experience from anywhere, on any device. Its design provides for fast, efficient movement of data on the network while ensuring security and data integrity.

An SD-WAN overlays traditional or hybrid WAN infrastructures and locates the software or hardware nodes at each location and in the cloud. Then, based on policies defined by the operator, SD-WAN steers the traffic along the best path to ensure data moves along the fastest route.

The application-aware nature of SD-WAN enables IT administrators to determine the most intelligent path for their applications and push, manage and update policies for optimal application and network performance across locations. And because a SD-WAN is centrally managed, all provisioning and changes to the network and applications are done from one location—reducing the time and resources necessary to manage the network. Additionally, all security policies can be managed centrally, enabling IT administrators to implement security updates to all devices and users on the entire network quickly and easily, to help enable compliance.

With a software-defined infrastructure, it is also easier to collect network usage information, which could help organizations better detect anomalous behavior that could point to a security breach or attack. When combined with managed security services and solutions such as next-generation firewalls and secure web gateways, SD-WAN can provide financial services organizations with an infrastructure that offers security as well as the performance necessary for providing high-quality customer experiences.

Comcast Business offers a unique set of secure network solutions to help power financial services organizations. Its portfolio of security offerings includes DDoS mitigation, managed firewall and unified threat management, all designed to complement its SD-WAN technology.

Be ready for tomorrow’s security threats with the next generation of secure networking from Comcast Business. Learn more about Comcast Business Secure Network Solutions.

SD-WAN

Software-Defined WAN (SD-WAN) is one of the most rapidly adopted technologies of the past decade. According to a recent study published by Dell’Oro Group, the worldwide sales of SD-WAN technologies are forecasted to grow at double-digit rates over each of the next five years to surpass $3.2 billion in 2024. This growth is certainly a testament to some of the more well-known benefits of SD-WAN technology, such as centralized network policy management, network flexibility and application-aware routing. More recently, SD-WAN has emerged as a key component for building more flexible, integrated security frameworks.

With SD-WAN, branch offices become part of an enterprise’s larger network topology, with their own Internet egress. Corporate devices can access the Internet via multiple endpoints, adding a layer of complexity to network security. However, if properly configured and equipped, SD-WAN can simplify management, help improve security, and decrease threat vectors. In sum, SD-WAN can improve an organization’s security posture and help decrease the stress and costs associated with a security intrusion.

In this article, we will review the integral role SD-WAN plays in enterprise network security approaches as network and security continues to converge in order to best support hybrid workforces, the migration to the cloud and increased security threats.

Key considerations

Traditional security models were designed to support a walled castle approach where all of a company’s data, applications, and users operate behind a firewall at a centralized headquarters or data center. As more enterprises continue to support hybrid workforces and cloud migration, critical data and applications are also moving out of the traditional data center to the edge. As security perimeters evolve, every access point and network element becomes a potential risk for security breach. The basic firewall functionality may not be enough to help protect enterprise networks. Organizations are better served by using an SD-WAN solution that integrates security into the network functionality. The following are some key considerations for optimization:

Network policies and segmentation for security:
SD-WAN delivers the flexibility to segment networks and implement application-aware routing, thus limiting the attack surface of highly sensitive data and systems. For example, segmenting mission critical systems and data from those less critical systems like basic productivity, office and research tools creates risk domains. Network segmentation can minimize the impact of a successful attack to said domain. When set up properly, enterprise security policies with segmentations can help prevent or reduce the impact of a security incursion, and hopefully prevent propagation beyond the borders of the impacted segment.

Without SD-WAN, application-specific security for cloud-based applications can be complicated and expensive. By setting up protected regional zones to securely direct cloud-based application traffic to where it needs to go based on corporate security policies—SD-WAN can help you architect and incorporate security controls to platforms and apps into your connectivity fabric.

Encryption:
In order to help protect the site-to-site traffic of corporate locations, software-defined networking (SDN) management can connect all locations with a secure tunnel using AES256 encryption. SD-WAN can also help you prioritize and route that traffic by application, and then allow IT leaders to apply security policies using the SD-WAN appliances as enforcement.

Unified threat management (UTM):
UTM delivers multiple security functions through a single service designed to help protect business infrastructure. This combined security approach can present a unified security posture over geographically dispersed, distributed networks. SD-WAN appliances with UTM and/or next-generation firewall capabilities built in, to help protect each branch location – getting back to the expanding perimeter point. Using SD-WAN technology that includes integrated security solutions can reduce the complexity of deploying and networking a separate suite of security tools. This includes point solutions like NGFW, IDS/IPS, URL or a fully stand-alone UTM.

Single Pane of Glass Monitoring:
Once proper orchestration and security policies are in place, IT teams can monitor all traffic and ports. With SD-WAN’s real-time, simultaneous management of the network and UTM threat detection on a single pane of glass, flagging risks and thwarting potential threats can help reduce corporate risk profile.

Compliance:
For retail or other credit card accepting digital commerce organizations, finding an SD-WAN solution that is PCI compliant should be a top consideration for transmitting sensitive credit card data using industry standard encryption. Flexible provisioning and segmentation capabilities of SD-WAN are especially relevant for retailers in order to easily isolate their POS systems, as well as other critical networks and data. Segregating the POS system from the rest of the network is highly recommended and considered a best practice.

Managed security and managed SD-WAN:
Managing both an SD-WAN and advanced security is simplified when combined, but can still be a lot to handle, especially in an environment where companies may be working with a reduced staff. Working with a service provider that has a broad purview of the threat landscape can reduce a threat before it even reaches the organization’s perimeter.

Threat visibility and management are a critical component in managed security services and can offer peace of mind in an environment where security threats are constantly changing.

Conclusion

SD-WAN with Security simplifies management with agile network design that enables organizations to transform in stages, allowing new and old networks to co-exist. This reduces the complexity and effort required to redesign networks, providing a smooth migration path for any deployment models, from flat networks to highly segmented ones. And as this migration advances, special security rules and policies can be applied to reduce risk along the way. Optimally, advanced security and network architecture can work in harmony to deliver a network with enhanced performance, exceptional user experiences, and reliable connectivity with a strong security posture.

Help defend your network against fast-changing and malicious attacks with the Comcast Business suite of cybersecurity offerings.

SD-WAN