PCI Compliance Bolsters the Retail Case for Windstream Enterprise SD‑WAN

September 18th, 2018 by

As every merchant who processes payment cards knows, properly protecting sensitive data requires every in-scope network, device, process, and control to be PCI-compliant.

Windstream Enterprise’s SD-WAN solution is the first to achieve PCI DSS compliance, and is enabling retailers to simplify the process of satisfying that requirement.

Our SD-WAN solution’s PCI DSS compliance was recently confirmed by an independent, third-party Qualified Security Assessor (QSA) in the form of Windstream Enterprise’s Attestation of Compliance (AOC). Attaining PCI DSS compliance means that Windstream Enterprise can now provide an SD-WAN AOC report to every customer that adopts its SD-WAN solution.

Customer paying with credit card on a PCI-compliant SD-WAN

Reducing the scope – and cost – of compliance audits

PCI compliance ensures that our SD-WAN solution meets PCI service provider requirements for credit card transactions and the transport of data. With compliance, we are able to reduce the scope and cost of PCI DSS audits that adopting retailers and their QSAs must perform.

Retailers who implement Windstream Enterprise SD-WAN can request an AOC and Windstream will deliver annual updates automatically in successive years.

It’s important to note that while the SD-WAN network itself is PCI-compliant, retailers that process credit cards, must ensure that other networks, devices, processes, and controls connected to the SD-WAN, in addition to other systems that handle sensitive data are also PCI-compliant.

End-user enterprises that don’t process credit cards benefit as well

Windstream Enterprise extends tremendous value to customers in all industries, and that includes the protection of sensitive data and the security of the solution. Whenever any consumer-facing enterprise incurs a network breach, its customers will always be understandably concerned about whether any of their own information was compromised. The protections built into our SD‑WAN offer assurance that those customers’ personal information, and the enterprise’s sensitive data within the SD‑WAN, are thoroughly protected.

While SD-WAN was designed to address the need to simplify network expansion, provide increased visibility and control, and reduce networking costs and downtime, attaining PCI compliance reinforces the security of the data inside the SD-WAN.

Firewalls: No Longer a Sufficient Cyberattack Defense Alone

September 17th, 2018 by

The headlines are so common that we all understand clearly: Cyberattacks have become a constant fact of life.

But with most of those headlines trumpeting attacks on major corporations and government agencies, it’s easy to overlook the fact that small to medium-sized businesses (SMBs) are also under attack – and typically are more vulnerable than larger enterprises. Consider:

  • 61% of last year’s breaches occurred at SMBs, up from 53% the previous year.1
  • Losses from the worst cyber breaches range from $84,000 and $148,000, and 60% of SMBs cease to exist within six months of a significant attack.2

What makes these businesses so vulnerable? Insufficient defense. SMBs too often leave network security to the firewalls that alone served so well years ago. Those days have past.

Firewall unable to combat a cyberattack

Times have changed – dramatically

When firewalls became the standard network defense, there were no employee-owned smartphones on SMB networks, phishing was easy to spot, ransomware hadn’t been invented, and all applications ran locally.

Since then, the advent of cloud-based services, remote working, BYOD computing, and many other factors have exponentially increased SMB vulnerability. While firewalls are still a core protection element, they are no longer sufficient by themselves.

What’s an SMB to do?

Small to medium-sized businesses often feel hamstrung by limited IT staffs and budgets, and the sheer number of security solutions available can seem overwhelming. It doesn’t have to be that way.

For starters, not every business needs every defense. A thorough audit of your risk level, potential security weaknesses, and security readiness can reveal where you’re in good shape, and what deficiencies you need to correct – which can often be handled cost-efficiently by a managed service.

Correction may include a managed firewall built for current realities, and perhaps a managed cloud firewall, and DDoS mitigation as well.  It may mean beefing up email and web security. If you have remote workers, you may need more secure VPN access that connects them to your network.  You may also opt for unified threat management. The right combination of security solutions depends on current vulnerabilities and needs specific to your business.

Regardless, you do need protection from breaches and the dire consequences that can follow. The best place to start is by contacting a provider of managed network security services that is highly adept at keeping SMB networks like yours thoroughly secure.


SD-WAN Cloud Connect: A Truly Exceptional Networking Breakthrough

July 20th, 2018 by

I don’t normally talk about product releases in my blog posts, but the new SD-WAN Cloud Connect service that Windstream Enterprise recently unveiled is something I’ve been championing for months.

Because for me, SD-WAN Cloud Connect is game-changing in its marriage of software‑defined WAN and cloud based applications. We’re finally getting to the core purpose of networking: Extending every application in an enterprise to everyone who needs access to it, efficiently and economically.

Created in a partnership by Windstream Enterprise and VMware NSX (formerly VeloCloud), SD‑WAN Cloud Connect’s breakthrough is that it connects every network location in an enterprise to the cloud-based applications run by that enterprise – and provides end-to-end visibility and control enterprises have come to expect from a SD‑WAN.

In doing so, it answers long-standing enterprise needs for agility, affordability, visibility, and control with highly secure access to leading cloud service providers over public Internet.

How the technologies combine to make it work

With SD-WAN Cloud Connect, a virtual Windstream SD-WAN edge device at the cloud service provider (CSP) becomes another location on the SD-WAN. This location is then linked directly to all other sites, putting those apps closer to end users to decrease latency. The SD-WAN technology provides the security and application performance that an Internet-only connection can’t deliver on its own. Then, adding a secondary connection to the SD-WAN Cloud Connect edge device virtually eliminates downtime for mission-critical, cloud-based apps.

Finally, adopting enterprises have the option of self-installing or engaging Windstream Enterprise’s Professional Services to spin up the virtual SD-WAN Cloud Connect edge device on a server at the CSP. Once the install is complete, Windstream Enterprise activates the edge device, making it part of the network, and manages that location as part of a fully managed SD-WAN Concierge solution. The SD-WAN Cloud Connect location appears in the SD-WAN Management Tool with the same levels of visibility and control as any other SD-WAN location.

A new level of network access to applications

As a champion of advanced networking benefits, this approach to application availability gets me pumped in multiple ways:

  • It enables low-latency connections from all SD-WAN locations to both public and proprietary apps running at leading CSPs
  • It provides flexible options for connection via Internet from any provider
  • An active/active configuration with 2 connections delivers maximum uptime and performance
  • It’s fully managed, and integrates with other premises-based edge devices. The SD-WAN Management Tool provides complete visibility, with real-time dashboards and reporting, plus control over business and security policies.

The best new products are those that make it possible to do something you couldn’t easily do before – if at all – and to do it elegantly, efficiently, and cost-effectively. That absolutely describes SD-WAN Cloud Connect. If you’ve been looking for the ultimate in cloud connectivity, be sure to check it out.

My SD-WAN Predictions for 2018: Taking Stock at the Halfway Point

July 19th, 2018 by

At the beginning of this year, I wrote a looking back/looking ahead blog post titled 2017: The year SD-WAN caught fire – get ready for more to come. Seems natural for someone with the job title “Vice President for SD-WAN,” right?

So, how did the looking ahead portion pan out?

In comparing that year-end blog post with what I’ve seen in the first half of 2018, it seems I got much of it right, and some not quite right, with a few surprises popping up. As I always strive to be a technology realist, here’s my updated take on the state of affairs for SD-WAN.

SD-WAN is moving front and center

Consistent with my earlier assessment, all indications are that SD-WAN remains “on fire.” We’re seeing solid increases in new deployments, month-over-month and quarter‑over‑quarter. Those increases are coming across multiple verticals, too. There’s the expected embrace of SD-WAN in retail, healthcare, and finance, with manufacturing, professional services, and pretty much every other vertical market following suit. That means SD-WAN isn’t just gaining—it’s heading toward mainstream status.

But MPLS is far from dead

I didn’t state this in my previous post, but I assumed the ascent of SD-WAN would balance with a march toward the sunsetting of MPLS. Not so! The need for private network connections endures for many enterprises, where MPLS is finding a comfortable home in hybrid networks. Many customers are downsizing their MPLS circuits by perhaps 50 percent, adding broadband and cellular, and implementing SD‑WAN to control it all. That’s one of many aspects where SD-WAN shines: It provides uniform control of diverse connections – while delivering visibility and control that wasn’t possible with straight MPLS.

Approaches to management are diverging

Regarding the best use of SD-WAN’s higher level of visibility, two camps are emerging:

  1. Do-it-yourself
  2. Managed SD-WAN

It doesn’t have to be either-or, and providers have a clear opportunity to provide a “co‑management” bridge between DIY and managed service. All SD-WAN customers can exercise the increased visibility and control to their degree of comfort as they gain hands-on experience. Those who opt to take fewer control actions still retain the ability to jump into the portal when they want to see what’s happening. The Windstream Enterprise solution provides this co-management ability that is really resonating with our customers.

A word about security, which goes hand-in-hand with SD-WAN

SD-WAN security, which goes beyond site-to-site security and data encryption, is top of mind for most buyers. There’s also the need to protect network assets now that more of the network operates over the Internet. There are multiple ways to address this, and it’s really a topic unto itself which I covered here. Bottom line: Software-defined networking (SDN) is infinitely more flexible than legacy models, offering an array of security options that should be reviewed with any SD-WAN vendor under consideration.

Lightweight SD-WAN for SMBs? Not exactly….

Six months ago, I expected to see the near-term emergence of stripped-down versions of SD-WAN for smaller enterprises, which typically don’t need the full set of features and functions in most standard offerings. What we’re actually seeing instead, are vendors of firewalls, load-balancing solutions and more promoting SD-WAN as a new feature of the narrow services they already offered. Rather than the pure SD-WAN technology vendors trying to move into the SMB space, these other vendors are stepping up into SD-WAN. SD-WAN as an enhancement to an existing platform, and not a product unto itself, is what’s emerging instead of “SD-WAN light.” This isn’t to say that every company marketing their capabilities as “SD-WAN” are actually providing SD-WAN, however, and buyers should educate themselves to really understand if it’s SD-WAN or something masquerading as SD-WAN.

Universal CPE is coming, but not as fast as I expected

Another development that isn’t coming along as quickly as I anticipated is the introduction of “white box” or universal CPE. The big hardware companies are moving in that direction, but slowly, mainly due to issues with pricing models and figuring out what it means to be a software company. A company that has been selling a $1,000 solution consisting of $700 in software and $300 for hardware can have a hard time switching to $700 total for an all-software solution – whether or not there is profit in the hardware (as most would say “we aren’t in the hardware business anymore, it’s just a platform to deliver the software”), that $300 shows as top-line revenue. The use cases are out there, but hardware companies will need to approach pricing with a software mindset.

Service providers building their own platforms

On a final note, here’s one development I intentionally skipped over in my previous blog post. We’re hearing a good deal of buzz about service providers building their own SD‑WAN platforms, rather than reselling platforms from third-party vendors. It’s driven by the need to differentiate service offerings, plus the opportunity for tighter integration with cloud provider infrastructure.

As a pathfinder and SD-WAN leader, Windstream Enterprise will continue to differentiate its services to maintain a leadership position. When I’m asked whether Windstream Enterprises plans to develop its own platform, I always say we will do what’s best for the market and for our customers, and that’s the truth. Time will tell where it goes!

How SD-WAN Can Take On Branch Office Security Challenges

April 10th, 2018 by

Prior to SD-WAN, multi-location enterprise networks needed to rely solely on local protection at the branch office level from a data security perspective. This typically meant point security appliances at the network boundary in the branch office, which combine functionality including firewalls and unified threat management for local use (content filters, data loss protection, data encryption services, etc.). Moving to SD-WAN introduces new options for taking on typical multi-office network security challenges. Following is a summary of those challenges, and an explanation of how SD-WAN, along with other security solutions, can help mitigate them.

SD-WAN faces multiple branch office security challenges

Most distributed enterprises manage their security infrastructure internally or work with a managed security service provider (MSSP). Despite these best efforts, they face a variety of complex challenges when using multi-point solutions to provide comprehensive security at branch offices, including:

  • Latency using cloud applications and services: With applications being delivered through the cloud and via corporate data centers, security requirements can mean that cloud traffic gets routed through the data center to take advantage of deep packet inspection, content filtering and data loss protection. This introduces latency and imposes a drag on branch office applications.
  • Complexity related to network connectivity: Security needs may vary from location to location with link types or by applications accessed. Some locations may rely on different links for network access (broadband, MPLS, and/or hybrid combinations) when using security appliances to implement typical branch office security models.
  • Complexity adding to cost of ownership: The need to purchase, deploy and manage appliances for multiple layers of security at branch locations where expertise is minimal or absent altogether adds to capital and operational expenses.
  • Complexity increases security risks: Integrating multiple point security solutions and managing multi configurations always poses some risk that comprehensive coverage may not result from a combination of elements, thereby exposing the branch (and its parent organization) to a variety of security risks and vulnerabilities.
  • Lack of flexibility lengthens deployment: Deploying point security solutions can take considerable time for branch offices (purchasing and shipping hardware, arranging or scheduling staff or vendors to handle installs and testing). This can happen both during initial deployment, and every time an upgrade or change is required at the branch level.

How SD-WAN can help boost branch security

Software defined technology introduces the concept of network function virtualization (NFV). This includes security functions and service chaining, which enables multiple functions to be linked together for servicing-specific network connections. Thus, software defined technologies can deliver seamless security across branch offices in a way that is painlessly managed within a centralized approach by a service provider, or from the data center. This allows virtualized network and security functions to migrate away from hardware point solutions to their virtualized software-based counterparts, improving security integrity across all locations. This makes them easier to define, deploy, and manage at the branch, and to update, upgrade, or replace when changes are required. Using data centers at the network core makes it easier and more affordable to update branch office security models.

This introduces a potential cloud-based approach to security, featuring a high-function, next gen virtualized firewall (NGFW) that runs at the network core. Once configured and tuned for the specific apps used in the enterprise, this NGFW can be serviced-chained into SD-WAN connections to as many branch offices as desired. Such core-based solutions may pose some of the latency issues noted in the preceding “enterprise challenges,” so IT must be selective about how and when they’re used.

SD-WAN and “security classes”

For example, in a location where the application and traffic includes both A) customer records and transactions, and B) guest or visitor WiFi, it makes sense to differentiate the traffic by “security classes.” More sensitive customer records and transactions would be routed through the service chained NGFW functions to ensure the highest level of security, while less sensitive traffic in the “guest WiFi class” could make use of local security appliances.

This kind of configuration would require an enterprise to carefully consider and evaluate “security classes” for branch office traffic, and impose policy and technical controls to ensure traffic and apps are treated appropriately by “security class.” Service providers can help by describing hosted security options, and demonstrate how customers can segment traffic to use or bypass the various security functions they provide.

Using SD-WAN, customers can maintain communication confidentiality through encrypted tunnels between branch offices, improving the Integrity of security and business policies by having centralized policy management. They can also improve network availability, by seamlessly utilizing multiple access paths, and path condition to avoid service interruptions. Providing confidentiality, integrity and availability are the three main factors for developing and maintaining a secure network.

Much of this may be new to many people, so feel free to bring your thoughts and questions to our team at Windstream Enterprise anytime so we can add further explanation about what SD-WAN can do to enhance security.

AI Spotlight: Artificial Intelligence Will Transform Everything, Including Your Network

March 30th, 2018 by

Welcome to the age of AI. It’s the dawn of an era that will change everything, enabling amazing advances in science, medicine, business, and life itself.

Yes, you’ve likely read this same sentence, in one form or another, for the last 20 years. For nearly as long as we’ve had computing, there have been periods of AI hype mixed with progress, followed by … What happened? But this time, consider that in the past few years we’ve experienced:

  • Explosive Internet growth
  • Quantum leaps in computing power
  • Corresponding advances in big data
  • The emergence of technology powerhouses like Google, Facebook, and Amazon
  • Mainstream recognition that data matters

In addition, the computing industry is developing a roadmap to address AI challenges relating to education and talent, ethical concerns, overall digital momentum, and the drive to apply AI and its sibling, machine learning, towards innovation in the customer experience.

Enterprises are aligned with AI

Optimism among business and IT leaders regarding AI and machine learning and their impact on digital transformation is stronger than ever. The Accenture Technology Vision 2016 survey of 3,100 business/IT execs in 11 countries found that 70% of organizations are investing significantly more in AI compared to three years earlier. In a recent Infosys poll of 1,600 senior business decision-makers, 76% said that AI is fundamental to the success of their organization’s strategy.

What’s driving these trends is that to compete in the cloud economy (and with the likes of the tech powers mentioned above), companies must deliver a customer experience (CX) that transcends channels and is fast, reliable, personalized, mobile, seamless, and secure. This demand reaches into virtually every industry with research by a myriad of analysts reporting a vast majority of organizations believe that CX will be their primary basis for competition in the next few years.

A looming bottleneck

Improving the customer experience for competitive advantage requires learning from oceans of data on the back end, while providing a seamless customer experience up front (something we’re doing ourselves to drive our own CX). All of this adds tremendous stress to the network, with specific implications regarding performance, reliability,  bandwidth, security, resiliency, visibility, and control.

And it’s only going to get worse, with a new generation of bandwidth-hungry customer/user experience-enhancing technologies and apps (AR, VR, etc.) about to crash the network party. When it comes to supporting enterprise AI with network infrastructure, it’s like when Chief Brody said to Captain Quint after his first up-close look at the Shark in Jaws: “You’re gonna need a bigger boat.”

When it comes to AI and enterprise networks, “you’re gonna need a bigger boat.”
JawsTM image ©Universal Studios

The essential problem is that traditional networks were developed for a vanishing enterprise technology landscape. Left unaddressed, this will at best lead to annoying bottlenecks. At worst, it could bring a swift end to AI and IT digital transformation initiatives that overpromised and under-delivered.

To run at AI speed, networks need to adapt

To deliver the promise of Machine Learning AI, networks must enable vast amounts of data to be instantaneously gathered, transferred to the cloud, analyzed, retrieved, and then applied wherever work is to be accomplished. All in a blink of the eye. This presents substantial challenges, as the solution may fail if the data is inaccurate or incomplete, or delayed.

This will require a new type of network infrastructure that provides:

  • Operational efficiency, with high value at lower total cost of ownership (TCO) than traditional networking
  • Exceptional performance, with high availability, redundancy and flexible bandwidth
  • New levels of visibility and control, including granular application QoS
  • Unprecedented agility and including analytics

In other words, it sounds like a job for SD-WAN.

This is why the growth profile and maturity/adoption curve for SD-WAN – which IDC estimates will see a compound annual growth rate of 69.6% and become an $8.05 billion market 2021.

WE’s SD-WAN architecture is designed to deliver the cloud performance and reliability that applying AI to CX in real time demands

Is your network AI ready?

If you have not already done so, it’s time to begin preparing your enterprise network for AI. The starting point is to answer four key questions:

  1. Is your network prepared to meet projected bandwidth needs in the next year/five years?
  2. Will it meet them across all locations?
  3. Do you have the access diversity to guarantee uptime needed for AI applications?
  4. Is your network optimized to prioritize these apps for the cloud?

These are tough ones to answer for a lot of organizations. To make sure you address them properly, and to be sure your network is ready for the data tsunami that will accompany the artificial intelligence era, it is essential that you step up your investigation soon. SD-WAN is a great place to start. A conversation with a cloud/AI ready network provider might be even better.

Tagging for Superior SD-WAN Visibility in the Cloud

March 15th, 2018 by

Having recently returned from the first annual SD-WAN Expo, I can confidently say the SD-WAN market is on fire. And the numbers back it up (see my other recent blogs for more on that). But rather than focus on market projections, I want to talk about what comes next, as the inevitable stampede gains momentum. It’s something we’ve seen with other new technologies, especially those that in effect democratize access to a once exclusive capability. Giving people the false impression that all solutions that fall into that particular category are the same. Or in this case, giving them the impression that the features of SD-WAN solutions are the same industry wide.

So, as the tire kicking of potential SD-WAN service providers begins, let’s set the record straight…

All SD-WAN solutions are not created equal

While most SD-WAN solutions address the same four basic challenges outlined in a recent study by Forrester Consulting – increased readiness for current and upcoming innovations and trends, reduced downtime, decreased service costs, and improved security – there are essential differences in how easy they are to implement, monitor and manage. Where the rubber truly meets the road is the level of visibility and control built into the SD-WAN orchestration layer, which should ideally be designed for and made available to network/IT staff.  This is important even when it’s part of a fully-managed service like our own SD-WAN Concierge.

Understanding how much control your IT staff will have should be an important consideration in service provider selection. The number of mission critical cloud-based enterprise apps being deployed grows daily and are too important to your customer experience and employee productivity to be left to chance.

The problem is, there is a good bit of disparity between how one service provider’s solution approaches this need vs. another. Even among those that seem to be using the same underlying technology from a common software/hardware provider.

Visibility and control to see into and navigate the cloud

At Windstream Enterprise, we’ve made it a priority since SD-WAN day one to provide a superior management portal to our customers to empower their people to get the most out of their SD-WAN investment. We know that how network technology companies provide information is rarely how end users want to consume information and set out to make the Windstream digital experience different. Drawing on our extensive experience managing our own network, and delivering complex hybrid solutions prior to the emergence of SD-WAN, we created a proprietary SD-WAN management portal with a level of usability that sets our solution apart. In addition to the foundation of integrating the SD-WAN visibility and control into our existing portal which provides you a single pane of glass for your Windstream services, trouble ticketing, billing and digital interactions we focused on a process of continuous improvement to make sure our portal continues to offer our customers a truly competitive edge.

How “Tagging” and “customized naming” support superior visibility/control

Two exciting additions to come from this process are “customized naming” and “tagging.” They don’t sound fancy but what they do make management, monitoring, and ongoing optimization significantly faster and easier (an IT manager’s favorite combination!). This is especially true as you add more locations, devices, users and applications to the network. Needless to say, the benefits multiply quickly.

Custom Naming: The ability for a network manager to assign an easily identifiable name for every location or device on the network drastically improves their ability to recognize and synthesize performance monitoring data in the context of the portal on a real-time basis. So they can react to it quickly, easily, and proactively, without having to look up IP addresses and technical location data or cross reference their commonly used names with some gobbledygook that their service provider uses to identify their locations. It’s the difference between seeing that ATL-Laptop-44872 is almost constantly sharing files peer to peer and seeing that “Mark’s laptop” that is exhibiting anomalous behavior. It may sound like a total no-brainer to include this but the process to make this happen was unique to the WE management portal.

SD-WAN Custom Naming

Logical custom names can be assigned by location as shown here, or other identifiers such as users, devices or apps, with tags added (indicated by green tag) to help filter results and support simplified monitoring, reporting and optimization

Tagging: Tagging is another feature that differentiates our SD-WAN management portal from all others. It takes visibility to a new level by enabling customers to add tags for filtering to the custom names they’ve already assigned them. The combination renders real-time visibility on an easy to interpret basis and simplifies report creation on customer created filters, helping deliver superior results with speed and simplicity. And enabling IT managers to make better use of the data to proactively optimize the network, instead of spending too much time simply gathering it.

SD-WAN Tagging

Filtering devices by tags such as “high bandwidth” can help monitor/report on a variety of variables; here we see how one device shows spikes in bandwidth use on specific dates, helping support modification of business policies to prioritize or limit use if needed.

Identifying application usage is great but typically our teams are using multiple devices to accomplish their daily activities. Tagging allows the IT manager to quickly visualize the application usage of team members, groups, departments or any other stratification in their organization. Going back to our example of Mark using his laptop for peer to peer file transfer using tags to identify his laptop, tablet and cellular phone we can quickly see that he also spends an inordinate amount of time watching videos and browsing social media. Tagging can similarly be used to identify network usage by department – say sales, marketing and engineering – to help organizations allocate costs internally.

The control needed to avoid flying blind

Wherever you are in your SD-WAN journey, it’s essential that you dig deep to understand the degrees of visibility and control you will have with one SD-WAN provider vs. another. The differences, as we often point out, are in the details. But they are critical to the results you will be able to achieve. So be sure to evaluate the visibility features the provider offers to see if they support easy-to-interpret real-time monitoring, and simplified graphing and report generation. As well as the enhanced control features that give you and your team an easy-to-use centralized portal to make changes whenever you need, and implemented across all locations instantly without truck rolls or on-site IT resources.

Tagging and customized naming are just two small parts of how WE approaches these needs and WE are only just beginning. Part of a broader, highly comprehensive approach that puts power in our customers’ hands which is critical to getting the most out your investment in SD-WAN.

Be sure to ask prospective providers how they approach this challenge. To learn more about what Windstream Enterprise’s SD-WAN Management Tool can do, schedule a live demo to see it in action. The differences are extremely important as you continue making your journey to the cloud.

SD-WAN Will Assume a Key Role in Supporting the IoT

February 27th, 2018 by

The automobile didn’t become ubiquitous because people needed to get to lots of places. Cars wouldn’t be everywhere if not for the simple fact that we created roadway infrastructure, which made it possible for cars to pretty much get everywhere.

It’s true–Building roads as a response to traffic congestion is a relatively recent phenomenon. Our overall, century-long growth from a few cars on a few dirt roads to some 250 million cars and trucks in the U.S. today absolutely depended on the proactive creation of roadway infrastructure. Our current, expansive network of purpose-built roads (city streets, rural routes, interstates, etc.) and lane segmentation on major thoroughfares (express, high-occupancy vehicle, exits) makes it possible for those millions of vehicles to take us where we want to go.

Complex roadway systems are of course networks, and the need for enabling infrastructure to support explosive growth in auto travel applies very similarly to explosive growth in IoT data networking.

The looming IoT explosion in traffic

Consider projections for IoT-connected devices by the year 2020, which vary widely. Whether we end up hitting near the low end (Bain and Company’s 20 billion connected devices) or high end (ABI Research’s 47 billion) will depend in part on whether networks provide sufficient transport for satisfying IoT implementations.

SD-WAN is ready and capable of stepping into that role, counting among its many advantages an inherent ability to support IoT initiatives. SD-WAN’s built-in IoT support comes in the form of commodity traffic offload to inexpensive transport options, with a healthy dose of segmentation and security coming along for the ride.

Offloading IoT traffic with SD-WAN

When applied to hybrid WANs that include low-cost broadband infrastructure, SD-WAN offers a unique offloading advantage that is tailor-made for IoT. In a hybrid network, SD-WAN enables enterprises to route traffic through the best choice of WAN path based on an application’s requirements for such variables as network security and quality of service.

This in turn lets enterprises take advantage of the benefits of IoT while offloading IoT traffic – which is typically well-suited to low-cost broadband – directly to the Internet, rather than bringing it back through their more expensive private core network over symmetrical connections. Given SD-WAN’s extreme flexibility, network administrators, and the network itself, can be easily reconfigured as needed based on changing conditions, without a corresponding investment in new equipment.

Added bonus: protecting private data from IoT compromise

To further support IoT initiatives, SD-WAN’s segmentation capabilities enable the complete separation of private data from IoT traffic. This addresses one of the greatest concerns regarding IoT: The possibility of very simple devices being compromised and providing access to highly sensitive information.

In this regard, SD-WAN segmentation provides a level of protection not readily available with traditional networking approaches. As long as private data and IoT traffic are segmented properly throughout the network, private data is safeguarded, regardless of the many changes likely to be seen as the IoT applications themselves rapidly evolve and grow.

Looking further into the future the application of machine learning to behavior-based security combined with SD-WAN will further protect enterprises from the potential threats of compromised IoT devices. As the platforms become smarter they will understand the expected behaviors of the IoT devices that send traffic through the network and will be able to respond real time to mitigate anomalous activities.

Testament to the lasting power of SD-WAN

SD-WAN didn’t come about specifically because of IoT. It is the result of a growing need for lower cost networking with minimal downtime, along with detailed application visibility and simplified network  control. Because it brings with it tremendous flexibility, SD-WAN is also proving to be essential to the expected IoT explosion –as much as flexibility in roadway design proved essential to enabling the automotive age.

SD-WAN, Security, and the Accelerated Transformation of Retail Networking

February 8th, 2018 by

Any retail IT professional who is not already investigating software-defined wide area networking (SD-WAN) likely soon will be. Enterprises that embrace SD-WAN enjoy greatly increased bandwidth at lower cost, up to 100% uptime, and centralized control across any number of remote locations. Those gains are driving rapid adoption; Gartner projects SD-WAN growth from today’s 5% market share to 25% within two years.

SD-WAN’s benefits are especially valuable to retailers with centralized operation of multiple stores, positioning SD-WAN to drive digital transformation going forward. How quickly that happens will depend largely on how SD-WAN fits in the retailers security envelope.

Critical Requirements for SD-WAN Security

Any network used to transmit credit card data must meet rigorous security requirements. One of the ways in which SD-WAN delivers its benefits is by supplementing existing connections with low-cost broadband, which means data transmission crosses the public internet as well as private networks. This in turn means that any retail SD-WAN solution must transmit encrypted data at all times over open public networks – unsecured credit card data must never be present at any point in the network.

In addition, access to network control capabilities must meet stringent guidelines, with security checks of infrastructure components performed on a regularly scheduled basis. All SD-WAN components that are involved in the delivery of the service – i.e., the portal, orchestrator, controller, CPE device, and gateways – must be evaluated for security vulnerabilities and the SD-WAN technology must integrate with other security capabilities such as hosted and/or premises firewalls.

Retail transformation powered by SD-WAN

While the digital transformation of retail is clearly underway, traditional networking approaches and technologies have limited the pace. MPLS networks with T1 connections were originally designed for the same kind of general-purpose connectivity any distributed enterprise needs. Those connections and the centralized firewalls that secure them have only so much capacity to apply to the multitude of digital initiatives retailers are pursuing today, let alone the more ambitious initiatives on retailers’ drawing boards. When we remove the barriers imposed by legacy networking approaches, so much more becomes possible.

With SD-WAN, multiple services and solutions can more easily interoperate with existing services and solutions, which in turn assists retailers in breaking down barriers between online and offline customer experiences. SD-WAN also separates control and data-forwarding, making it much easier to centrally configure and control store-level CPE with software hosted outside the store.

Unlike traditional WAN architectures, SD-WAN active/active configuration delivers up to 100% uptime. In addition to delivering a more satisfying digital customer experience, this helps to ensure business continuity and limit financial exposure from loss of sales due to downtime. If the SD-WAN solution supports application routing, that capability can further eliminate downtime while optimizing performance.

These are just some of the many advantages to be explored with SD-WAN. As an added bonus, SD-WAN can be incorporated into existing network infrastructure rather than requiring replacement – enabling preservation of investment in legacy hardware with continued depreciation.

Retail’s digital transformation has a healthy future

Retail leaders are understandably concerned about encroachment from online powerhouses, and are mounting effective campaigns to deliver the superior experience required to retain and grow customers. SD-WAN will prove exceedingly useful to those efforts. Regardless of the exact path a retailer opts to pursue, all roads point to increased unity of all channels through all phases of customer engagement.

In an increasingly digital world, that means advanced networking built around SD-WAN. As SD-WAN solutions integrate the security necessary to serve the retail industry, we can all count on a fantastic acceleration of the digital transformation already begun within the retail industry.

2017: The year SD-WAN caught fire – get ready for more to come

January 29th, 2018 by

2017 was quite a year for SD-WAN. By the year’s start, we were clearly moving beyond the early-adopter stage. SD-WAN technology from multiple vendors had established a solid foot-hold in the market. A growing number of enterprises were moving beyond trials and into production. Though not all analysts agreed on the details, their near-term predictions were uniformly bullish – and adoption mirrored expectations. 

As the year progressed, many in the industry expected to see consolidation, with merger & acquisition activity organizing around SD-WAN. That, too, unfolded as anticipated, with Cisco buying Viptela and VMWare announcing plans to buy VeloCloud. 

While SD-WAN progressed much as expected, there were several very significant surprises. 

Trends among smaller and larger enterprises 

One 2017 SD-WAN dynamic that few foresaw was the amount of positive traction gained among single-site, single-access customers. Because the use case is stronger for the multi-location enterprises that SD-WAN excels at knitting together, most in the industry expected single-site companies to hold back. That turned out not to be the case, with SMBs adopting at a rate similar to their larger counterparts – driven primarily by overall cloud strategies and the dramatic visibility that SD-WAN provides. 

SD-WAN predictions for 2018 

One trend that hasn’t yet fully emerged, but likely will in 2018, is the appearance of lightweight SD-WAN offerings that target small and medium-sized businesses (SMB) – or Enterprises with SMB-like locations. While single-site enterprises have shown a surprising willingness to embrace SD-WAN, not all of those customers need the full set of features and functions typically provided by current solutions. If standard offerings tailored to SMBs-like sites arrive with fewer options and lower price tags, we should see SMB-like SD-WAN adoption accelerate even faster. 

Moving up to mid-market and large enterprises, 2018 will likely see an acceleration of network function virtualization and “white box” or universal CPE, while we continue to see smaller-sized locations deploying separate hardware appliances for the various network functions. As production ramps up and software and hardware costs make it more economical to deploy multiple network functions on commodity hardware, white box CPE deployment will become more commonplace. In the 2018-2019 timeframe, we can expect to see more sophisticated analytics and machine-learning technology make its way into the SD-WAN arena.

Finally, we should start to see more service chaining from cloud service providers and from managed network service providers; deeper integrations with cloud applications; and greater incorporation of SD-WAN technologies into established hardware vendor’s mainline product portfolios – all due to M&A activity consolidation and general acceptance of the technology.

Regardless of the degree to which these predictions come true, there is one overriding likelihood for 2018: It will almost certainly be the year SD-WAN goes truly mainstream. We can talk about this more in person at this year’s SD-WAN Expo February 14-16 in Fort Lauderdale, FL.