Archive:

How Businesses Gain from Integrating SD-WAN and Security

April 16th, 2019 by

SD-WAN (software-defined wide area network) and security technologies are convergently evolving—responding to the needs of the market while stimulating new demand through innovation. SD-WAN and security capabilities are being integrated in platforms both on-premises and in the cloud. What’s more—network and security functions once tied to dedicated hardware solutions are now being delivered more effectively via flexible software applications.

Security is biggest WAN concern

Overcoming WAN security concerns

In a recent survey administered by Gartner on behalf of Fortinet, 72% of the respondents confirmed that “security is the biggest WAN concern,” outranking performance at 58% and cost at 47%. Not a surprising result considering the potential impacts that a single security event can have in terms of network performance and financial damages.

Security can no longer be an afterthought. It must be designed as a fundamental component in SD-WAN deployments—whether integrated into the platform itself or as an adjacent service. SD-WAN solutions today often become hybrid solutions in order to maximize returns on prior investments, therefore, any embedded security functions must also be designed for a complex, hybrid world.

The simplification of existing technology in one area often introduces greater complexity elsewhere to stimulate innovation that will yield a greater aggregate value. As overall solution complexity ebbs and flows, the dynamic environment can be very challenging to manage. Network and security management challenges can be multiplied by many factors in a WAN, including:

  • Connection complexity. Network performance requirements and security needs may vary by users, transactions, applications, sites and link types. As a simple example, the guest enjoying complementary WiFi over a cup of coffee in a café likely requires less security than the employee who processes that same guest’s credit card at the table via a tablet.
  • Security-induced latency. As more users of all types use more cloud-based applications and services, security functions such as deep packet inspection, content filtering and data loss protection can impair application performance—reducing productivity and negatively impacting the customer or user experience.

Security gains from technological advances

Software-defined networking introduced the concept of network functions virtualization (NFV), including security. Service chaining enabled multiple functions to be linked together and work in harmony. Software-defined technologies can deliver seamless security across vast WANs with centralized management. The virtualization and integration of network and security functions can reduce dependencies on dedicated hardware solutions. This standardization, simplification and automation can improve the uniformity—and therefore the integrity—of security across all locations, while reducing the need for human intervention.

SD-WAN Security

While virtualization has simplified the physical world, it has also enabled the logical complexity required for Unified Threat Management (UTM) to address ever-growing complexity in the threat landscape. User segmentation enables security capabilities to be applied to each segment type in the most efficient and cost-effective manner possible. For example, PCI DSS (Payment Card Industry Data Security Standard) Compliance may apply to a company at large, but there may be relatively small subsets of employees or network segments that require special handling from a network and security perspective.

IT and security leaders must carefully consider and evaluate segments of user types, or “security classes,” for WAN traffic, and impose policy and technical controls to ensure traffic and apps are treated appropriately. Service providers can help with hosted security options and demonstrating how customers can segment traffic to engage or bypass various security functions.

SD-WAN deployments can also enable Internet connections to software-as-a-service (SaaS) applications in the cloud, but those cost savings come with new security risks. Cloud-based application access may precipitate a new approach to security with a next‑generation virtualized firewall (NGFW) that runs at the network core. Once customized for the specific apps used in the enterprise, a cloud NGFW can be serviced‑chained into SD-WAN connections to as many WAN locations as desired.

Security gains from technology-empowered humans

SD-WAN solutions offer “hard savings” relative to the MPLS solutions they are slowly displacing. Less tangible—but perhaps of even greater importance—are the “soft savings” that an SD-WAN solution with integrated security can yield.

In the past, “rip and replace” WAN deployments created significant disruptions and distractions for all users and especially for the IT professionals tasked with challenges well above and beyond “business as usual” operations. That kind of chaos creates opportunities for existing and emerging security vulnerabilities to be more easily exploited. In contrast, SD-WAN solutions can be deployed “over the top” (OTT) of existing networks. Security risk factors can be mitigated because businesses can progressively deploy SD-WAN by a self-defined project plan and schedule, adjusting on the fly to fight the unexpected, but inevitable, fires of the day. Top tier service providers also offer premium high touch services to fully outsource the deployment and/or ongoing management of SD-WAN, as needed or desired.

Once deployed, SD-WANs provide greater security because the people who manage them can operate more effectively and efficiently via a “single pane of glass” that simultaneously monitors the environment for network and security events. With an integrated SD-WAN and security deployment, security can be managed from a centralized portal, and modifications to security policies can be made for all locations in a matter of minutes, without the need for on-site IT support that could previously take days or weeks for hundreds of locations. Some amount of “soft savings” are realized from operational efficiencies. Much greater savings may be realized when (not if) a security event does occur. A fully-integrated portal for managing network and security enables operators to recognize, analyze and respond to events as quickly as possible. When a security event is significant, every second saved in mitigating it may prove invaluable to protecting the company’s infrastructure, data and—ultimately—its brand and reputation.

Wherever you are in your path to digital transformation, ensuring your existing network security plans help you realize the full value of prior investments and the new investments you make will support the evolving needs of your business well into the future will be key.

SD-WAN in 2019: The New De Facto Standard

January 9th, 2019 by

With its sweeping improvements in agility, reliability, security, performance, and cost, SD-WAN has moved into the networking mainstream in a remarkably short period of time. While MPLS will continue to serve in hybrid networks and as legacy infrastructure, it’s clear now that SD-WAN is becoming the new de facto standard – and I expect 2019 to be the year it leads in new network build-outs by a long shot.

SD-WAN is becoming the new de facto standard

The speed with which SD-WAN took hold can be contributed to a couple of factors, and it’s having a tremendous impact on solution providers as 2019 gets into full swing.

Two main reasons why SD-WAN adoption will continue to explode

  • Digital transformations and cloud initiatives. Major enterprises are uniformly transitioning to digital technologies and the cloud. On the way, many are realizing that router-centric WANs have inherent performance issues that stand in the way of realizing full value from digital and cloud initiatives. Aligning the network to these larger needs has become an imperative – and SD-WAN stands alone in suitability.
  • Pairing with UCaaS solutions. For enterprises of all sizes, including SMBs, the continuing trend toward unified communications as a service drives demand for network quality, availability, and reliability that legacy networks can’t provide. This is causing an increasing number of UCaaS solution providers to pair their offerings with SD-WAN, which can deliver the added benefit of single-vendor ease of implementation and ongoing support.

Additional impact on solution providers

From a solution provider perspective, the rapid rise of SD-WAN has serious implications going forward including:

  • Continuing consolidation. Many smaller start-up vendors hopped on the SD-WAN bandwagon with solutions that weren’t fully baked and traditional CPE vendors added (or marketed) SD-WAN in their legacy portfolio which led to marketplace noise and confusion. Consolidation to a smaller number of established providers will clear some of the confusion and bolster adopter confidence.
  • Managed service providers will increase dominance. While the largest enterprises will continue to prefer to manage their own networks, their mid-enterprise and SMB counterparts will partner with vendors who will manage or co-manage the solution and handle the day-to-day operations of the network while they re-focus their IT teams on driving value.
  • Security, security, security. As more of the network operates over the Internet, SD-WAN adopters are understandably highly concerned with protecting network assets. Solution providers will have to build in and integrate far richer security options than have historically been available.
  • Universal CPE is coming, I swear. I’ve predicted in the past that “white box” or universal CPE will move into the SD-WAN mainstream as it becomes more economical to deploy multiple network functions on commodity hardware. That process has been slowed by everyone in that value chain wanting the same bite of the apple that they have historically enjoyed, but I remain convinced that over time, economics and sourcing options will bring the cost of uCPE and VNFs in line with the value it can produce for end users.

I’m happy to say that SD-WAN’s rapid rise has helped my previous projections prove accurate overall – and there is no longer any doubt that SD-WAN is solidifying its position as a key element in all kinds of contemporary enterprise initiatives.

PCI Compliance Bolsters the Retail Case for Windstream Enterprise SD‑WAN

September 18th, 2018 by

As every merchant who processes payment cards knows, properly protecting sensitive data requires every in-scope network, device, process, and control to be PCI-compliant.

Windstream Enterprise’s SD-WAN solution is the first to achieve PCI DSS compliance, and is enabling retailers to simplify the process of satisfying that requirement.

Our SD-WAN solution’s PCI DSS compliance was recently confirmed by an independent, third-party Qualified Security Assessor (QSA) in the form of Windstream Enterprise’s Attestation of Compliance (AOC). Attaining PCI DSS compliance means that Windstream Enterprise can now provide an SD-WAN AOC report to every customer that adopts its SD-WAN solution.

Customer paying with credit card on a PCI-compliant SD-WAN

Reducing the scope – and cost – of compliance audits

PCI compliance ensures that our SD-WAN solution meets PCI service provider requirements for credit card transactions and the transport of data. With compliance, we are able to reduce the scope and cost of PCI DSS audits that adopting retailers and their QSAs must perform.

Retailers who implement Windstream Enterprise SD-WAN can request an AOC and Windstream will deliver annual updates automatically in successive years.

It’s important to note that while the SD-WAN network itself is PCI-compliant, retailers that process credit cards, must ensure that other networks, devices, processes, and controls connected to the SD-WAN, in addition to other systems that handle sensitive data are also PCI-compliant.

End-user enterprises that don’t process credit cards benefit as well

Windstream Enterprise extends tremendous value to customers in all industries, and that includes the protection of sensitive data and the security of the solution. Whenever any consumer-facing enterprise incurs a network breach, its customers will always be understandably concerned about whether any of their own information was compromised. The protections built into our SD‑WAN offer assurance that those customers’ personal information, and the enterprise’s sensitive data within the SD‑WAN, are thoroughly protected.

While SD-WAN was designed to address the need to simplify network expansion, provide increased visibility and control, and reduce networking costs and downtime, attaining PCI compliance reinforces the security of the data inside the SD-WAN.

Firewalls: No Longer a Sufficient Cyberattack Defense Alone

September 17th, 2018 by

The headlines are so common that we all understand clearly: Cyberattacks have become a constant fact of life.

But with most of those headlines trumpeting attacks on major corporations and government agencies, it’s easy to overlook the fact that small to medium-sized businesses (SMBs) are also under attack – and typically are more vulnerable than larger enterprises. Consider:

  • 61% of last year’s breaches occurred at SMBs, up from 53% the previous year.1
  • Losses from the worst cyber breaches range from $84,000 and $148,000, and 60% of SMBs cease to exist within six months of a significant attack.2

What makes these businesses so vulnerable? Insufficient defense. SMBs too often leave network security to the firewalls that alone served so well years ago. Those days have past.

Firewall unable to combat a cyberattack

Times have changed – dramatically

When firewalls became the standard network defense, there were no employee-owned smartphones on SMB networks, phishing was easy to spot, ransomware hadn’t been invented, and all applications ran locally.

Since then, the advent of cloud-based services, remote working, BYOD computing, and many other factors have exponentially increased SMB vulnerability. While firewalls are still a core protection element, they are no longer sufficient by themselves.

What’s an SMB to do?

Small to medium-sized businesses often feel hamstrung by limited IT staffs and budgets, and the sheer number of security solutions available can seem overwhelming. It doesn’t have to be that way.

For starters, not every business needs every defense. A thorough audit of your risk level, potential security weaknesses, and security readiness can reveal where you’re in good shape, and what deficiencies you need to correct – which can often be handled cost-efficiently by a managed service.

Correction may include a managed firewall built for current realities, and perhaps a managed cloud firewall, and DDoS mitigation as well.  It may mean beefing up email and web security. If you have remote workers, you may need more secure VPN access that connects them to your network.  You may also opt for unified threat management. The right combination of security solutions depends on current vulnerabilities and needs specific to your business.

Regardless, you do need protection from breaches and the dire consequences that can follow. The best place to start is by contacting a provider of managed network security services that is highly adept at keeping SMB networks like yours thoroughly secure.

1 http://www.veille.ma/IMG/pdf/2017_state_of_cybersecurity_in_small_medium-sized_businesses.pdf
2 https://upscapital.com/product-services/cyber-liability-insurance/

SD-WAN Cloud Connect: A Truly Exceptional Networking Breakthrough

July 20th, 2018 by

I don’t normally talk about product releases in my blog posts, but the new SD-WAN Cloud Connect service that Windstream Enterprise recently unveiled is something I’ve been championing for months.

Because for me, SD-WAN Cloud Connect is game-changing in its marriage of software‑defined WAN and cloud based applications. We’re finally getting to the core purpose of networking: Extending every application in an enterprise to everyone who needs access to it, efficiently and economically.

Created in a partnership by Windstream Enterprise and VMware NSX (formerly VeloCloud), SD‑WAN Cloud Connect’s breakthrough is that it connects every network location in an enterprise to the cloud-based applications run by that enterprise – and provides end-to-end visibility and control enterprises have come to expect from a SD‑WAN.

In doing so, it answers long-standing enterprise needs for agility, affordability, visibility, and control with highly secure access to leading cloud service providers over public Internet.

How the technologies combine to make it work

With SD-WAN Cloud Connect, a virtual Windstream SD-WAN edge device at the cloud service provider (CSP) becomes another location on the SD-WAN. This location is then linked directly to all other sites, putting those apps closer to end users to decrease latency. The SD-WAN technology provides the security and application performance that an Internet-only connection can’t deliver on its own. Then, adding a secondary connection to the SD-WAN Cloud Connect edge device virtually eliminates downtime for mission-critical, cloud-based apps.

Finally, adopting enterprises have the option of self-installing or engaging Windstream Enterprise’s Professional Services to spin up the virtual SD-WAN Cloud Connect edge device on a server at the CSP. Once the install is complete, Windstream Enterprise activates the edge device, making it part of the network, and manages that location as part of a fully managed SD-WAN Concierge solution. The SD-WAN Cloud Connect location appears in the SD-WAN Management Tool with the same levels of visibility and control as any other SD-WAN location.

A new level of network access to applications

As a champion of advanced networking benefits, this approach to application availability gets me pumped in multiple ways:

  • It enables low-latency connections from all SD-WAN locations to both public and proprietary apps running at leading CSPs
  • It provides flexible options for connection via Internet from any provider
  • An active/active configuration with 2 connections delivers maximum uptime and performance
  • It’s fully managed, and integrates with other premises-based edge devices. The SD-WAN Management Tool provides complete visibility, with real-time dashboards and reporting, plus control over business and security policies.

The best new products are those that make it possible to do something you couldn’t easily do before – if at all – and to do it elegantly, efficiently, and cost-effectively. That absolutely describes SD-WAN Cloud Connect. If you’ve been looking for the ultimate in cloud connectivity, be sure to check it out.

My SD-WAN Predictions for 2018: Taking Stock at the Halfway Point

July 19th, 2018 by

At the beginning of this year, I wrote a looking back/looking ahead blog post titled 2017: The year SD-WAN caught fire – get ready for more to come. Seems natural for someone with the job title “Vice President for SD-WAN,” right?

So, how did the looking ahead portion pan out?

In comparing that year-end blog post with what I’ve seen in the first half of 2018, it seems I got much of it right, and some not quite right, with a few surprises popping up. As I always strive to be a technology realist, here’s my updated take on the state of affairs for SD-WAN.

SD-WAN is moving front and center

Consistent with my earlier assessment, all indications are that SD-WAN remains “on fire.” We’re seeing solid increases in new deployments, month-over-month and quarter‑over‑quarter. Those increases are coming across multiple verticals, too. There’s the expected embrace of SD-WAN in retail, healthcare, and finance, with manufacturing, professional services, and pretty much every other vertical market following suit. That means SD-WAN isn’t just gaining—it’s heading toward mainstream status.

But MPLS is far from dead

I didn’t state this in my previous post, but I assumed the ascent of SD-WAN would balance with a march toward the sunsetting of MPLS. Not so! The need for private network connections endures for many enterprises, where MPLS is finding a comfortable home in hybrid networks. Many customers are downsizing their MPLS circuits by perhaps 50 percent, adding broadband and cellular, and implementing SD‑WAN to control it all. That’s one of many aspects where SD-WAN shines: It provides uniform control of diverse connections – while delivering visibility and control that wasn’t possible with straight MPLS.

Approaches to management are diverging

Regarding the best use of SD-WAN’s higher level of visibility, two camps are emerging:

  1. Do-it-yourself
  2. Managed SD-WAN

It doesn’t have to be either-or, and providers have a clear opportunity to provide a “co‑management” bridge between DIY and managed service. All SD-WAN customers can exercise the increased visibility and control to their degree of comfort as they gain hands-on experience. Those who opt to take fewer control actions still retain the ability to jump into the portal when they want to see what’s happening. The Windstream Enterprise solution provides this co-management ability that is really resonating with our customers.

A word about security, which goes hand-in-hand with SD-WAN

SD-WAN security, which goes beyond site-to-site security and data encryption, is top of mind for most buyers. There’s also the need to protect network assets now that more of the network operates over the Internet. There are multiple ways to address this, and it’s really a topic unto itself which I covered here. Bottom line: Software-defined networking (SDN) is infinitely more flexible than legacy models, offering an array of security options that should be reviewed with any SD-WAN vendor under consideration.

Lightweight SD-WAN for SMBs? Not exactly….

Six months ago, I expected to see the near-term emergence of stripped-down versions of SD-WAN for smaller enterprises, which typically don’t need the full set of features and functions in most standard offerings. What we’re actually seeing instead, are vendors of firewalls, load-balancing solutions and more promoting SD-WAN as a new feature of the narrow services they already offered. Rather than the pure SD-WAN technology vendors trying to move into the SMB space, these other vendors are stepping up into SD-WAN. SD-WAN as an enhancement to an existing platform, and not a product unto itself, is what’s emerging instead of “SD-WAN light.” This isn’t to say that every company marketing their capabilities as “SD-WAN” are actually providing SD-WAN, however, and buyers should educate themselves to really understand if it’s SD-WAN or something masquerading as SD-WAN.

Universal CPE is coming, but not as fast as I expected

Another development that isn’t coming along as quickly as I anticipated is the introduction of “white box” or universal CPE. The big hardware companies are moving in that direction, but slowly, mainly due to issues with pricing models and figuring out what it means to be a software company. A company that has been selling a $1,000 solution consisting of $700 in software and $300 for hardware can have a hard time switching to $700 total for an all-software solution – whether or not there is profit in the hardware (as most would say “we aren’t in the hardware business anymore, it’s just a platform to deliver the software”), that $300 shows as top-line revenue. The use cases are out there, but hardware companies will need to approach pricing with a software mindset.

Service providers building their own platforms

On a final note, here’s one development I intentionally skipped over in my previous blog post. We’re hearing a good deal of buzz about service providers building their own SD‑WAN platforms, rather than reselling platforms from third-party vendors. It’s driven by the need to differentiate service offerings, plus the opportunity for tighter integration with cloud provider infrastructure.

As a pathfinder and SD-WAN leader, Windstream Enterprise will continue to differentiate its services to maintain a leadership position. When I’m asked whether Windstream Enterprises plans to develop its own platform, I always say we will do what’s best for the market and for our customers, and that’s the truth. Time will tell where it goes!

How SD-WAN Can Take On Branch Office Security Challenges

April 10th, 2018 by

Prior to SD-WAN, multi-location enterprise networks needed to rely solely on local protection at the branch office level from a data security perspective. This typically meant point security appliances at the network boundary in the branch office, which combine functionality including firewalls and unified threat management for local use (content filters, data loss protection, data encryption services, etc.). Moving to SD-WAN introduces new options for taking on typical multi-office network security challenges. Following is a summary of those challenges, and an explanation of how SD-WAN, along with other security solutions, can help mitigate them.

SD-WAN faces multiple branch office security challenges

Most distributed enterprises manage their security infrastructure internally or work with a managed security service provider (MSSP). Despite these best efforts, they face a variety of complex challenges when using multi-point solutions to provide comprehensive security at branch offices, including:

  • Latency using cloud applications and services: With applications being delivered through the cloud and via corporate data centers, security requirements can mean that cloud traffic gets routed through the data center to take advantage of deep packet inspection, content filtering and data loss protection. This introduces latency and imposes a drag on branch office applications.
  • Complexity related to network connectivity: Security needs may vary from location to location with link types or by applications accessed. Some locations may rely on different links for network access (broadband, MPLS, and/or hybrid combinations) when using security appliances to implement typical branch office security models.
  • Complexity adding to cost of ownership: The need to purchase, deploy and manage appliances for multiple layers of security at branch locations where expertise is minimal or absent altogether adds to capital and operational expenses.
  • Complexity increases security risks: Integrating multiple point security solutions and managing multi configurations always poses some risk that comprehensive coverage may not result from a combination of elements, thereby exposing the branch (and its parent organization) to a variety of security risks and vulnerabilities.
  • Lack of flexibility lengthens deployment: Deploying point security solutions can take considerable time for branch offices (purchasing and shipping hardware, arranging or scheduling staff or vendors to handle installs and testing). This can happen both during initial deployment, and every time an upgrade or change is required at the branch level.

How SD-WAN can help boost branch security

Software defined technology introduces the concept of network function virtualization (NFV). This includes security functions and service chaining, which enables multiple functions to be linked together for servicing-specific network connections. Thus, software defined technologies can deliver seamless security across branch offices in a way that is painlessly managed within a centralized approach by a service provider, or from the data center. This allows virtualized network and security functions to migrate away from hardware point solutions to their virtualized software-based counterparts, improving security integrity across all locations. This makes them easier to define, deploy, and manage at the branch, and to update, upgrade, or replace when changes are required. Using data centers at the network core makes it easier and more affordable to update branch office security models.

This introduces a potential cloud-based approach to security, featuring a high-function, next gen virtualized firewall (NGFW) that runs at the network core. Once configured and tuned for the specific apps used in the enterprise, this NGFW can be serviced-chained into SD-WAN connections to as many branch offices as desired. Such core-based solutions may pose some of the latency issues noted in the preceding “enterprise challenges,” so IT must be selective about how and when they’re used.

SD-WAN and “security classes”

For example, in a location where the application and traffic includes both A) customer records and transactions, and B) guest or visitor WiFi, it makes sense to differentiate the traffic by “security classes.” More sensitive customer records and transactions would be routed through the service chained NGFW functions to ensure the highest level of security, while less sensitive traffic in the “guest WiFi class” could make use of local security appliances.

This kind of configuration would require an enterprise to carefully consider and evaluate “security classes” for branch office traffic, and impose policy and technical controls to ensure traffic and apps are treated appropriately by “security class.” Service providers can help by describing hosted security options, and demonstrate how customers can segment traffic to use or bypass the various security functions they provide.

Using SD-WAN, customers can maintain communication confidentiality through encrypted tunnels between branch offices, improving the Integrity of security and business policies by having centralized policy management. They can also improve network availability, by seamlessly utilizing multiple access paths, and path condition to avoid service interruptions. Providing confidentiality, integrity and availability are the three main factors for developing and maintaining a secure network.

Much of this may be new to many people, so feel free to bring your thoughts and questions to our team at Windstream Enterprise anytime so we can add further explanation about what SD-WAN can do to enhance security.

AI Spotlight: Artificial Intelligence Will Transform Everything, Including Your Network

March 30th, 2018 by

Welcome to the age of AI. It’s the dawn of an era that will change everything, enabling amazing advances in science, medicine, business, and life itself.

Yes, you’ve likely read this same sentence, in one form or another, for the last 20 years. For nearly as long as we’ve had computing, there have been periods of AI hype mixed with progress, followed by … What happened? But this time, consider that in the past few years we’ve experienced:

  • Explosive Internet growth
  • Quantum leaps in computing power
  • Corresponding advances in big data
  • The emergence of technology powerhouses like Google, Facebook, and Amazon
  • Mainstream recognition that data matters

In addition, the computing industry is developing a roadmap to address AI challenges relating to education and talent, ethical concerns, overall digital momentum, and the drive to apply AI and its sibling, machine learning, towards innovation in the customer experience.

Enterprises are aligned with AI

Optimism among business and IT leaders regarding AI and machine learning and their impact on digital transformation is stronger than ever. The Accenture Technology Vision 2016 survey of 3,100 business/IT execs in 11 countries found that 70% of organizations are investing significantly more in AI compared to three years earlier. In a recent Infosys poll of 1,600 senior business decision-makers, 76% said that AI is fundamental to the success of their organization’s strategy.

What’s driving these trends is that to compete in the cloud economy (and with the likes of the tech powers mentioned above), companies must deliver a customer experience (CX) that transcends channels and is fast, reliable, personalized, mobile, seamless, and secure. This demand reaches into virtually every industry with research by a myriad of analysts reporting a vast majority of organizations believe that CX will be their primary basis for competition in the next few years.

A looming bottleneck

Improving the customer experience for competitive advantage requires learning from oceans of data on the back end, while providing a seamless customer experience up front (something we’re doing ourselves to drive our own CX). All of this adds tremendous stress to the network, with specific implications regarding performance, reliability,  bandwidth, security, resiliency, visibility, and control.

And it’s only going to get worse, with a new generation of bandwidth-hungry customer/user experience-enhancing technologies and apps (AR, VR, etc.) about to crash the network party. When it comes to supporting enterprise AI with network infrastructure, it’s like when Chief Brody said to Captain Quint after his first up-close look at the Shark in Jaws: “You’re gonna need a bigger boat.”


When it comes to AI and enterprise networks, “you’re gonna need a bigger boat.”
JawsTM image ©Universal Studios

The essential problem is that traditional networks were developed for a vanishing enterprise technology landscape. Left unaddressed, this will at best lead to annoying bottlenecks. At worst, it could bring a swift end to AI and IT digital transformation initiatives that overpromised and under-delivered.

To run at AI speed, networks need to adapt

To deliver the promise of Machine Learning AI, networks must enable vast amounts of data to be instantaneously gathered, transferred to the cloud, analyzed, retrieved, and then applied wherever work is to be accomplished. All in a blink of the eye. This presents substantial challenges, as the solution may fail if the data is inaccurate or incomplete, or delayed.

This will require a new type of network infrastructure that provides:

  • Operational efficiency, with high value at lower total cost of ownership (TCO) than traditional networking
  • Exceptional performance, with high availability, redundancy and flexible bandwidth
  • New levels of visibility and control, including granular application QoS
  • Unprecedented agility and including analytics

In other words, it sounds like a job for SD-WAN.

This is why the growth profile and maturity/adoption curve for SD-WAN – which IDC estimates will see a compound annual growth rate of 69.6% and become an $8.05 billion market 2021.


WE’s SD-WAN architecture is designed to deliver the cloud performance and reliability that applying AI to CX in real time demands

Is your network AI ready?

If you have not already done so, it’s time to begin preparing your enterprise network for AI. The starting point is to answer four key questions:

  1. Is your network prepared to meet projected bandwidth needs in the next year/five years?
  2. Will it meet them across all locations?
  3. Do you have the access diversity to guarantee uptime needed for AI applications?
  4. Is your network optimized to prioritize these apps for the cloud?

These are tough ones to answer for a lot of organizations. To make sure you address them properly, and to be sure your network is ready for the data tsunami that will accompany the artificial intelligence era, it is essential that you step up your investigation soon. SD-WAN is a great place to start. A conversation with a cloud/AI ready network provider might be even better.

Tagging for Superior SD-WAN Visibility in the Cloud

March 15th, 2018 by

Having recently returned from the first annual SD-WAN Expo, I can confidently say the SD-WAN market is on fire. And the numbers back it up (see my other recent blogs for more on that). But rather than focus on market projections, I want to talk about what comes next, as the inevitable stampede gains momentum. It’s something we’ve seen with other new technologies, especially those that in effect democratize access to a once exclusive capability. Giving people the false impression that all solutions that fall into that particular category are the same. Or in this case, giving them the impression that the features of SD-WAN solutions are the same industry wide.

So, as the tire kicking of potential SD-WAN service providers begins, let’s set the record straight…

All SD-WAN solutions are not created equal

While most SD-WAN solutions address the same four basic challenges outlined in a recent study by Forrester Consulting – increased readiness for current and upcoming innovations and trends, reduced downtime, decreased service costs, and improved security – there are essential differences in how easy they are to implement, monitor and manage. Where the rubber truly meets the road is the level of visibility and control built into the SD-WAN orchestration layer, which should ideally be designed for and made available to network/IT staff.  This is important even when it’s part of a fully-managed service like our own SD-WAN Concierge.

Understanding how much control your IT staff will have should be an important consideration in service provider selection. The number of mission critical cloud-based enterprise apps being deployed grows daily and are too important to your customer experience and employee productivity to be left to chance.

The problem is, there is a good bit of disparity between how one service provider’s solution approaches this need vs. another. Even among those that seem to be using the same underlying technology from a common software/hardware provider.

Visibility and control to see into and navigate the cloud

At Windstream Enterprise, we’ve made it a priority since SD-WAN day one to provide a superior management portal to our customers to empower their people to get the most out of their SD-WAN investment. We know that how network technology companies provide information is rarely how end users want to consume information and set out to make the Windstream digital experience different. Drawing on our extensive experience managing our own network, and delivering complex hybrid solutions prior to the emergence of SD-WAN, we created a proprietary SD-WAN management portal with a level of usability that sets our solution apart. In addition to the foundation of integrating the SD-WAN visibility and control into our existing portal which provides you a single pane of glass for your Windstream services, trouble ticketing, billing and digital interactions we focused on a process of continuous improvement to make sure our portal continues to offer our customers a truly competitive edge.

How “Tagging” and “customized naming” support superior visibility/control

Two exciting additions to come from this process are “customized naming” and “tagging.” They don’t sound fancy but what they do make management, monitoring, and ongoing optimization significantly faster and easier (an IT manager’s favorite combination!). This is especially true as you add more locations, devices, users and applications to the network. Needless to say, the benefits multiply quickly.

Custom Naming: The ability for a network manager to assign an easily identifiable name for every location or device on the network drastically improves their ability to recognize and synthesize performance monitoring data in the context of the portal on a real-time basis. So they can react to it quickly, easily, and proactively, without having to look up IP addresses and technical location data or cross reference their commonly used names with some gobbledygook that their service provider uses to identify their locations. It’s the difference between seeing that ATL-Laptop-44872 is almost constantly sharing files peer to peer and seeing that “Mark’s laptop” that is exhibiting anomalous behavior. It may sound like a total no-brainer to include this but the process to make this happen was unique to the WE management portal.

SD-WAN Custom Naming

Logical custom names can be assigned by location as shown here, or other identifiers such as users, devices or apps, with tags added (indicated by green tag) to help filter results and support simplified monitoring, reporting and optimization

Tagging: Tagging is another feature that differentiates our SD-WAN management portal from all others. It takes visibility to a new level by enabling customers to add tags for filtering to the custom names they’ve already assigned them. The combination renders real-time visibility on an easy to interpret basis and simplifies report creation on customer created filters, helping deliver superior results with speed and simplicity. And enabling IT managers to make better use of the data to proactively optimize the network, instead of spending too much time simply gathering it.

SD-WAN Tagging

Filtering devices by tags such as “high bandwidth” can help monitor/report on a variety of variables; here we see how one device shows spikes in bandwidth use on specific dates, helping support modification of business policies to prioritize or limit use if needed.

Identifying application usage is great but typically our teams are using multiple devices to accomplish their daily activities. Tagging allows the IT manager to quickly visualize the application usage of team members, groups, departments or any other stratification in their organization. Going back to our example of Mark using his laptop for peer to peer file transfer using tags to identify his laptop, tablet and cellular phone we can quickly see that he also spends an inordinate amount of time watching videos and browsing social media. Tagging can similarly be used to identify network usage by department – say sales, marketing and engineering – to help organizations allocate costs internally.

The control needed to avoid flying blind

Wherever you are in your SD-WAN journey, it’s essential that you dig deep to understand the degrees of visibility and control you will have with one SD-WAN provider vs. another. The differences, as we often point out, are in the details. But they are critical to the results you will be able to achieve. So be sure to evaluate the visibility features the provider offers to see if they support easy-to-interpret real-time monitoring, and simplified graphing and report generation. As well as the enhanced control features that give you and your team an easy-to-use centralized portal to make changes whenever you need, and implemented across all locations instantly without truck rolls or on-site IT resources.

Tagging and customized naming are just two small parts of how WE approaches these needs and WE are only just beginning. Part of a broader, highly comprehensive approach that puts power in our customers’ hands which is critical to getting the most out your investment in SD-WAN.

Be sure to ask prospective providers how they approach this challenge. To learn more about what Windstream Enterprise’s SD-WAN Management Tool can do, schedule a live demo to see it in action. The differences are extremely important as you continue making your journey to the cloud.

SD-WAN Will Assume a Key Role in Supporting the IoT

February 27th, 2018 by

The automobile didn’t become ubiquitous because people needed to get to lots of places. Cars wouldn’t be everywhere if not for the simple fact that we created roadway infrastructure, which made it possible for cars to pretty much get everywhere.

It’s true–Building roads as a response to traffic congestion is a relatively recent phenomenon. Our overall, century-long growth from a few cars on a few dirt roads to some 250 million cars and trucks in the U.S. today absolutely depended on the proactive creation of roadway infrastructure. Our current, expansive network of purpose-built roads (city streets, rural routes, interstates, etc.) and lane segmentation on major thoroughfares (express, high-occupancy vehicle, exits) makes it possible for those millions of vehicles to take us where we want to go.

Complex roadway systems are of course networks, and the need for enabling infrastructure to support explosive growth in auto travel applies very similarly to explosive growth in IoT data networking.

The looming IoT explosion in traffic

Consider projections for IoT-connected devices by the year 2020, which vary widely. Whether we end up hitting near the low end (Bain and Company’s 20 billion connected devices) or high end (ABI Research’s 47 billion) will depend in part on whether networks provide sufficient transport for satisfying IoT implementations.

SD-WAN is ready and capable of stepping into that role, counting among its many advantages an inherent ability to support IoT initiatives. SD-WAN’s built-in IoT support comes in the form of commodity traffic offload to inexpensive transport options, with a healthy dose of segmentation and security coming along for the ride.

Offloading IoT traffic with SD-WAN

When applied to hybrid WANs that include low-cost broadband infrastructure, SD-WAN offers a unique offloading advantage that is tailor-made for IoT. In a hybrid network, SD-WAN enables enterprises to route traffic through the best choice of WAN path based on an application’s requirements for such variables as network security and quality of service.

This in turn lets enterprises take advantage of the benefits of IoT while offloading IoT traffic – which is typically well-suited to low-cost broadband – directly to the Internet, rather than bringing it back through their more expensive private core network over symmetrical connections. Given SD-WAN’s extreme flexibility, network administrators, and the network itself, can be easily reconfigured as needed based on changing conditions, without a corresponding investment in new equipment.

Added bonus: protecting private data from IoT compromise

To further support IoT initiatives, SD-WAN’s segmentation capabilities enable the complete separation of private data from IoT traffic. This addresses one of the greatest concerns regarding IoT: The possibility of very simple devices being compromised and providing access to highly sensitive information.

In this regard, SD-WAN segmentation provides a level of protection not readily available with traditional networking approaches. As long as private data and IoT traffic are segmented properly throughout the network, private data is safeguarded, regardless of the many changes likely to be seen as the IoT applications themselves rapidly evolve and grow.

Looking further into the future the application of machine learning to behavior-based security combined with SD-WAN will further protect enterprises from the potential threats of compromised IoT devices. As the platforms become smarter they will understand the expected behaviors of the IoT devices that send traffic through the network and will be able to respond real time to mitigate anomalous activities.

Testament to the lasting power of SD-WAN

SD-WAN didn’t come about specifically because of IoT. It is the result of a growing need for lower cost networking with minimal downtime, along with detailed application visibility and simplified network  control. Because it brings with it tremendous flexibility, SD-WAN is also proving to be essential to the expected IoT explosion –as much as flexibility in roadway design proved essential to enabling the automotive age.

X
Business zip code

Enter your business location zip code below for business solutions in your area.

Find business zip code