E-Handbook:

SD-branch devices promise network, security benefits

stock.adobe.com

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

The convergence of networking and security at the edge

Networking and security are converging with offerings like SD-WAN and SD-branch. But enterprises and vendors must overcome IT silos that delay innovation and decision-making.

Advances in software virtualization and the migration of intelligence to the cloud are driving the convergence of networking and security functionality at the network edge.

The software-defined branch (SD-branch) model provides an example of how IT organizations can consume a product or service at the branch edge, including a range of WAN, LAN and network security functions. Despite this trend, IT organizations should be cautious about deploying converged network and security offerings for complex requirements.

Networking and network security remain highly specialized with multiple market categories and suppliers. Most converged offerings, such as SD-branch, have functionality that is strong in one area -- like Wi-Fi, software-defined WAN (SD-WAN) or firewalls -- but weak in others. Literally dozens of suppliers are available for converged offerings -- none with a commanding lead in technology -- so it will take years for clear leaders to emerge.

Technology and service delivery models remain in flux among appliances, software and cloud intelligence. To truly offer IT customers flexibility and customization, vendors will need to further develop their ecosystem of technology partners among LAN, WAN and security suppliers. Channel organizations -- including communications service providers, managed service providers and systems integrators -- will need training and experience with delivering converged edge offerings as a service.

IT trends driving network and security convergence

IT organizations are rethinking their edge network and security architectures. With cloud and SaaS applications leading the way, traffic now flows from the branch to the cloud, not to an organization's central data center.

The complexity and diversity of organizational requirements for network and security at the edge are challenging for any single supplier to deliver.

IoT and other edge computing applications require intelligence and rapid performance, which best fit with a distributed IT model. The lack of a security perimeter means network security intelligence needs to be deployed at the edge and use cloud-based intelligence to meet the evolving threat environment.

Networking at the edge

Advances in network software with cloud-based intelligence have enabled new network edge offerings that are quick to deploy, scalable, flexible and simple to manage. This innovation is most notable in the highly dynamic SD-WAN market, which has dozens of suppliers, a highly fragmented market share and no dominant supplier. The network edge -- including Wi-Fi, SD-WAN and SD-branch -- will continue to see innovation in terms of breadth of functionality, cloud-based intelligence, native security functionality and security partnerships.

Innovative SD-WAN suppliers include Aryaka, Cisco, CloudGenix, Hewlett Packard Enterprise (HPE) Aruba Networks, Oracle, Riverbed, Versa Networks and VMware.

Key network security trends

Most IT organizations use an in-depth defense strategy with multiple network security elements at various points in their architecture, often with multiple suppliers. Network security intelligence is moving to the cloud -- i.e., cloud access security brokers -- and as-a-service offerings are growing rapidly. Many network security suppliers have started to add basic routing and SD-WAN features to their products.

network security elements
These areas make up the essential and emerging elements of network security, but converging them can be tricky.

Network security has dozens of suppliers, many specialized offerings and a highly distributed market share with no dominant vendor. Network security encompasses a wide array of functionality across eight distinct segments. This makes it difficult for IT and security teams to agree to consolidate network security designs around a single supplier.

Read more about the different segments of network security.

Innovative network security suppliers include Cisco, Fortinet, Palo Alto Networks, Privafy, Tempered Networks and VMware.

SD-branch

SD-branch combines LAN, Wi-Fi, SD-WAN, routing and security functionality in an integrated offering. During 2020, SD-branch vendors will improve their SD-branch options by providing better functional integration between technology elements -- e.g., LAN and WAN -- and offering IT end-to-end quality of service, security policies and unified management.

Read more about SD-branch developments in 2020.

Innovative SD-branch suppliers include Cisco, Fortinet, HPE Aruba and Versa Networks.

IT and security organizational silos impede progress

Small and midsize organizations can rapidly adopt converged network and security offerings, especially in an as-a-service model. Large organizations with distinct IT and security teams will be challenged to migrate to a converged model.

Organizational silos have long deterred data center convergence among network, compute, storage and security. Dedicated security teams with their specified requirements and favorite suppliers are unlikely to approve new comprehensive edge security offerings, especially from network suppliers. Network teams will remain skeptical about network security suppliers' ability to meet their sophisticated LAN and WAN requirements.

The concept of network and security convergence is currently in vogue among suppliers in response to changing IT requirements. The new requirements to secure and accelerate cloud-based applications, deploy IoT and meet edge security threats are real.

The complexity and diversity of organizational requirements for network and security at the edge are challenging for any single supplier to deliver. The sheer number of incumbent LAN, WAN and network security suppliers in larger organizations results in difficult technological evaluations. And the real divide between IT and security teams will delay strategic decision-making.

Lean IT organizations are starting to deploy converged network and security products in the form of SD-branch and as-a-service offerings for greenfield deployments, architectural refresh projects and agile branch locations. The broader migration to converged network and security at the edge will take three to five years -- or longer -- for other IT deployments.

Next Steps

How SASE architecture integrates with network infrastructure

This was last published in March 2020

Dig Deeper on Network Security

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

@Lee, 


This is a great article capturing the importance of security and a wave of reality underway in the industry.


We also observed that as Enterprises moved more sites onto production SD-WAN, they were finding that they still required a separate security instantiation in addition to their SD-WAN implementation. The security solution would often appear in the form of a second software stack, a VNF, or worse, a separate appliance altogether. This also necessitated a separate management interface for configuration, monitoring, and changes. Many of these Enterprises also found that they were unable to part with their router as they still relied on its advanced routing capabilities.  This was especially true when there was a requirement to integrate with an existing “brownfield” implementation (who doesn’t have at least some brownfield in their network?).


We are seeing customers gravitating towards an architecture, design, and implementation that integrates comprehensive security, scalable advanced routing, full-featured SD-WAN, and genuine multi-tenancy to achieve a complete Secure SD-WAN implementation on-premises and in the cloud.  Enterprises have told us that this architecture is necessary to converge all of these services into a single software stack and integrate seamlessly with their existing networks (underlay is just as important as the overlay and SD-WAN should support both). This model also paves the way for an end-to-end Software-Defined Enterprise.


In addition to all of this, there appears to be an organizational meeting of the minds developing within these Enterprises as the RFIs generated are beginning to look like Secure SD-WAN RFIs whether they are originated by the security team within the Enterprise or the networking team.  These traditional silos are collaborating together much more.


Have you noticed any of these trends in your interactions with Enterprises?


Best,


Michael Wood

CMO

Versa Networks

Cancel

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close