Authored by: David Hughes, founder of Silver Peak and senior vice president of the WAN business at Aruba
Enterprises navigate new path to SASE
If enterprises are to realise the full promise of the cloud and digital transformation, while supporting a new work-from-anywhere normal, they must transform both their WAN and security architectures — not just one or the other. As the noise surrounding SASE subsides, the strategic imperative in 2021 will be to successfully navigate a path from legacy data centre-centric, perimeter security architectures toward a cloud-centric SASE architecture. This will require an intelligent SD-WAN edge that unifies embedded security capabilities at the edge with automated orchestration and steering for leading cloud-delivered security services. Enterprises will value a neutral, non-captive edge as they simultaneously support their legacy security architecture, navigate towards SASE for an improved user experience, and to address security challenges associated with new IoT initiatives.
Enterprises tackle IoT security challenges
Digital transformation is driving a proliferation of IoT devices, which, in turn, is creating new security challenges. A zero-trust framework that limits device connectivity to just what is required will become essential to contain threats and prevent lateral movement following a breach. While endpoint agents can be used to provide zero trust access for users and applications, agents cannot be installed on most connected devices such as printers, cash registers, cameras and sensors. The new WAN edge will have to implement granular segmentation based on device identification, enforce distinct security policies for each class of IoT endpoints and provide sufficient embedded security capabilities to support east-west inter-segment use cases.
The new Edge will evolve to bring together the principles of SD-WAN, SD-Branch and SASE
The edge is the pivot point for WAN and security transformation and is at the centre of three architectural shifts. First, SD-WAN provides cloud-first connectivity and steering in accordance with business policy or intent. Second, SASE provides a better and more direct way to connect users to business applications. Finally, SD-Branch will become increasingly important to simplify the branch as IoT adoption accelerates. SD-Branch will enable enterprises to implement consistent role-based policies that tie together identity, device and application, extending control from the wired and wireless edge, to the WAN edge appliance and across the wide-area-network. The coupling of SD-WAN, SD-Branch and SASE will significantly enhance the security posture and yield operational efficiencies.
Edge strategies will be re-evaluated in light of a new normal
When COVID-19 struck, enterprises needed to quickly adapt and typically reacted by implementing the most expedient remote work options available. Generally, this involved a combination of VDI, remote VPN access and simple-to-deploy cloud-managed devices like remote access points. It’s now commonly recognised that the global pandemic has forever changed the way we work and conduct business. In 2021, enterprises will step back and review what they learned in the past year and evolve their remote work strategies, applying a longer-term perspective of the workplace. This will include eliminating trade-offs between security and user-experience and providing more a consistent experience as users work from home, the road or the office.
LEO joins 5G in the race to become the preferred wireless WAN technology
Wireless WAN access technologies have the advantage of being ubiquitous and quick to deploy. However, the traditional option of 4G/LTE has been expensive and offered lower bandwidth in comparison to wired technologies. This has limited deployments to use cases where existing services are unavailable and time-to-deploy is critical, including construction sites and pop-up shops, and for backup where LTE connectivity is utilised as a last resort. As 5G is rolled out more broadly, improved performance and cost-competitiveness may see 5G adopted for primary connectivity. To support work-from-home, enterprises will extend their SD-WAN fabrics to the home, bonding 5G and consumer broadband services to deliver the highest quality of experience for latency-sensitive voice and video applications and significantly improving network and application availability and resiliency. We are also witnessing early trials of low earth orbit (LEO) satellite broadband service, and we expect that later in 2021 a new race will emerge between 5G and LEO broadband, with the latter promising blanket coverage to all parts of the globe. This will be a boon for businesses that require connectivity in remote locations, adding LEO broadband to the list of SD-WAN connectivity options.
IoT will drive the requirement for dynamic segmentation
Network segmentation is critical to containing security breaches. To date, most enterprises have segmented traffic using VLANs and virtual routing and forwarding (VRF) technology. This enables them to separate guest Wi-Fi traffic from business application traffic from cash register transactions and IoT device traffic. With digital transformation driving a surge of IoT device deployment, and the potential for lateral movement from one class of compromised device to others, a new requirement for finer-grained segmentation by IoT device type is emerging. This will increase the number of segments required in a typical branch from single digits to fifty or more, multiplying the number VLANs, subnets and VRFs, in turn increasing complexity and administration overhead exponentially. In 2021, we will see a significant uptick in adoption of dynamic segmentation architectures that create virtual segments based on end-user role, device type and endpoint security posture, allowing tens or even hundreds of segments to be created, as needs arise, without requiring VLAN or subnet allocation. This trend will start from the edge, in the branch and campus. This granular segmentation will be extended across the WAN by advanced SD-WAN and SD-Branch implementations, realising the true potential of fully orchestrated, edge-to-edge dynamic segmentation.
Advances in automation and AI propel enterprises toward a self-driving wide area network
A growing number of enterprises are benefitting from advances in automation and the use of AI at the WAN edge to further streamline application management. Advanced SD-WAN edge platforms are business-driven, reflecting a top-down approach to aligning network resources to the changing needs of the business. Advances in areas like threat analysis and automated diagnostics are making the network more secure and resilient to disruptions in underlying network conditions and an ever-expanding threat landscape. Network engineers are becoming more confident in “letting the network drive itself”, acknowledging the benefits of being able to focus more attention on moving their businesses forward and less on day-to-day administration.
The software-defined enterprise will emerge
Much as we’ve witnessed with SD-WAN where automation and AI have created a much better way of implementing WANs, the same software-defined principles are being applied in other areas like the data centre and campus LAN. In 2021, these software-defined silos will begin to come together into a broader software-defined enterprise architecture. We have seen early steps with SD-Branch, which unifies SD-LAN, SD-WAN and branch security together under one orchestration framework. With the help of VXLAN metadata, dynamic security segmentation can be extended from the LAN across the WAN and into the data centre or cloud. With end-to-end automation, AI and role-based policy control driven consistently across remote sites, campus, data centre and cloud, enterprises will benefit from driving substantial gains in business efficiency and agility.
(0)
(0)Archive
- October 2024(44)
- September 2024(94)
- August 2024(100)
- July 2024(99)
- June 2024(126)
- May 2024(155)
- April 2024(123)
- March 2024(112)
- February 2024(109)
- January 2024(95)
- December 2023(56)
- November 2023(86)
- October 2023(97)
- September 2023(89)
- August 2023(101)
- July 2023(104)
- June 2023(113)
- May 2023(103)
- April 2023(93)
- March 2023(129)
- February 2023(77)
- January 2023(91)
- December 2022(90)
- November 2022(125)
- October 2022(117)
- September 2022(137)
- August 2022(119)
- July 2022(99)
- June 2022(128)
- May 2022(112)
- April 2022(108)
- March 2022(121)
- February 2022(93)
- January 2022(110)
- December 2021(92)
- November 2021(107)
- October 2021(101)
- September 2021(81)
- August 2021(74)
- July 2021(78)
- June 2021(92)
- May 2021(67)
- April 2021(79)
- March 2021(79)
- February 2021(58)
- January 2021(55)
- December 2020(56)
- November 2020(59)
- October 2020(78)
- September 2020(72)
- August 2020(64)
- July 2020(71)
- June 2020(74)
- May 2020(50)
- April 2020(71)
- March 2020(71)
- February 2020(58)
- January 2020(62)
- December 2019(57)
- November 2019(64)
- October 2019(25)
- September 2019(24)
- August 2019(14)
- July 2019(23)
- June 2019(54)
- May 2019(82)
- April 2019(76)
- March 2019(71)
- February 2019(67)
- January 2019(75)
- December 2018(44)
- November 2018(47)
- October 2018(74)
- September 2018(54)
- August 2018(61)
- July 2018(72)
- June 2018(62)
- May 2018(62)
- April 2018(73)
- March 2018(76)
- February 2018(8)
- January 2018(7)
- December 2017(6)
- November 2017(8)
- October 2017(3)
- September 2017(4)
- August 2017(4)
- July 2017(2)
- June 2017(5)
- May 2017(6)
- April 2017(11)
- March 2017(8)
- February 2017(16)
- January 2017(10)
- December 2016(12)
- November 2016(20)
- October 2016(7)
- September 2016(102)
- August 2016(168)
- July 2016(141)
- June 2016(149)
- May 2016(117)
- April 2016(59)
- March 2016(85)
- February 2016(153)
- December 2015(150)
