Going beyond SD-WAN: Differentiation and innovation with programmable networking
04 March 2019 | Edward Wood
SD-WAN is part of almost every carriers’ product roadmap. It puts control in the hands of the customer and delivers the flexibility that enterprises crave. The challenge is that when you look under the hood its built on legacy networking technology and puts limits on the kinds of applications and services it can support.
Already, the SD-WAN infrastructure market is expected to reach $4.5 billion and grow at a 40.4% compound annual growth rate from 2017 to 2022, according to research firm IDC. While that’s phenomenal growth, carriers face a commoditising market that often involves reselling the same solutions their competitors are offering.
Carriers have to look beyond SD-WAN to differentiate their product portfolios while taking a frank look at the security and performance limitation of basic SD-WAN solutions. The next is to look at programmable software-defined networking, which offers both ubiquitous network security and cost-effectiveness.
SD-WAN solutions use IPsec VPNs to establish secure connectivity between sites. VPNs tend to be rigid. Designing them involves extensive engineering and complex rules. They also have well known vulnerabilities. At any point in the network, a hacker can disrupt a session or surreptitiously attempt to steal sensitive data and then use brute force techniques to decrypt that data.
Additionally, VPNs are easily detectable and easily blocked, creating challenges and risks for a deployed mobile workforce. Finally, VPNs significantly impair performance, adding significant overhead, especially in high-latency or disadvantaged sites.
Overcoming these limitations have spawned an industry shift and focus towards “hybrid WAN” solutions, using a combination of private networks for mission-critical communications paired with SD-WAN for everything else.
Not surprisingly, critical infrastructure industries, such as power, oil & gas, and financial services, are hesitant to move to hybrid WAN or SD-WAN solutions due to these security concerns.
Programmable networking enables enterprises to securely and resiliently connect their digital ecosystem. It can also be a catalyst for digital transformation.
How? Programmable networks can be configured to connect branches (a traditional SD-WAN focus), the Internet of Things (IoT), cloud-based applications, partners and customers, across multiple clouds and network transports, significantly reducing the risk exposure of critical communications.
These networks do not rely on VPNs. Instead, they split every session into multiple streams that transit different paths deployed over a combination of public and private clouds. Each path is encrypted with a different, NIST-compliant AES-GCM key. Furthermore, if the programmable network detects a man-in-the-middle attack or other network disturbance, it reacts in real time, dynamically and automatically rolling data from the troubled path to a reliable one. This avoids bottlenecks and service interruptions.
It also eliminates a key security weakness of VPNs: the single data path. This one pipeline is not only an attractive target for hackers, but it makes decryption easier because all data is captured in order from one source. Conversely, the programmable networking’s multipath approach and data-rolling capability makes reconstructing the data virtually impossible.
To further increase security, a programmable network requires off-network, two-factor authentication that authenticates before providing network access. Its call-out only approach shifts the attack surface outside the enterprise network and eliminates the need for open firewall ports.
Finally, the flexibility to operate across multiple clouds and networks provides enterprises the ability to deploy a solution that is exceptionally resilient to outages, including DDoS attacks. If the network identifies disruption, it can roll to other clouds. Couple the adaptive nature of programmable networking with active managed services (where providers can deploy real-time changes such as new data centres, clouds, geographies, etc.) and you have a powerful capability for protecting critical communications and assets.
Programmable networking delivers the flexibility and scalability that enterprises need while providing new levels of security, reliability and performance. It goes beyond SD-WAN without the cost implications of private networks. As an increasing number of enterprises deploy mission-critical communications, it is solving some of the most important challenges in networking and provides a secure foundation for innovation.