4 Ways to Improve WAN Security

November 4th, 2019 by
With global spending on cyber security estimated to reach $10 billion by 20271, cybersecurity has arguably become one of the most important corporate initiatives. The wide area network (WAN) is one of the most common attack points used by hackers to enter an organization’s systems and databases. As attacks continue to grow in sophistication, the defense of the WAN will become ever more critical.

4 ways to improve WAN security

Many legacy WANs consist of disparate and isolated links which make consistent security policy enforcement nearly impossible. Vulnerabilities frequently occur due to security tools and products that are not used across all WAN links. A holistic configuration requires network security teams to individually deploy and manage security for each specific link—a process that’s not only resource-intensive but increases the probability of human error. As a result, businesses are shifting to more comprehensive security foundations for their WAN—SD-WAN, within an overall software-defined network (SDN) environment.

A next-generation WAN

What has become a highly effective approach for securing the WAN is to overlay software-defined WAN (SD-WAN) functionality to act as a platform to provide consistent management and comprehensive visibility. This method allows for consistent policy implementation and holistic use of security solutions across the WAN. A single network “image” reduces complexity and simplifies deploying better security. It also reduces potential errors or omissions that can occur when the network is comprised of links that must be secured individually. With a SD-WAN, network operations and security teams can ensure that there is documented and consistent use of security solutions and policies across the WAN.

Securing your WAN

Secure WAN solutions require more than just the basics. There are several specific features and capabilities to look for when using SD-WAN and software-defined networking (SDN) to WAN security.

  1. Broad and effective encryption. The use of encryption to protect data in flight over public networks is the standard. However, with a highly siloed, legacy WAN, encryption can be difficult to implement and manage. The ability to support broad, integrated encryption across the SD-WAN provides an important security enhancement.
  2. PCI DSS-compliant service. One of the most important and useful standards to ensure and improve WAN security is a network that delivers Payment Card Industry Data Security Standard (PCI DSS) compliance. Many organizations that aren’t directly involved in using payment cards still rely on the PCI standard because it delivers documented protection. A network that delivers PCI compliance has undergone access control, process and documentation audits as well as penetration and other testing to ensure it is secure. In addition, these networks will support two-factor authentication (2FA) as part of the compliance regime. PCI compliance shows a network provider is serious about security.
  3. Next-generation firewall (NGFW) integration and delivery. Protecting the WAN at key locations or at the nexus of key traffic flows is essential. The best SD-WAN services will offer the ability to insert a physical or virtual NGFW to offer more protection at various points on the network. Using firewalls based on application flow is an especially important capability that many organizations will find improves their defensive posture.
  4. Pathway to unified threat management (UTM). Among the most important changes in the operational model for cybersecurity solutions is the movement to a single, unified security instance. These models often include NGFWs, gateway anti-virus and intrusion detection/prevention capabilities. Ensuring that the SD-WAN is designed to support UTM has become an important component of providing a truly secure environment.

SD-WAN and SDN provide a software-defined platform for managing, securing and operating the WAN that can dramatically enhance security. To learn more about improving the security of your network, check out our whitepaper: “Enhancing network security through programmable networks”.  


How SD-WAN Enhances the Performance of Existing WANs

October 2nd, 2019 by

The wide area network (WAN) is the key determinant of application performance, user experience and other key IT success measures. According to Forbes, 83% of workloads will run in the cloud by the end of 20201. Yet, most current WANs were never designed to support the volume and types of traffic destined for the cloud—much less to meet the demands for application performance and the daily operations of today’s businesses.

What began more than 10 years ago with server virtualization, has manifested into the move to a next-generation WAN environment—the migration of compute and storage resources to a software-defined status.

The concept of using software to describe resources has become the standard approach and the future of IT for all three aspects of the infrastructure (compute, storage and networking). The first step to deploying a cloud-ready WAN is moving away from legacy WAN processes and technologies to services that can support the challenges of a cloud-driven IT environment. Utilizing a software-defined wide area network (SD-WAN) can solve many problems that legacy WANs present. Much as hyperscale cloud service providers (CSPs) are already reaping the benefits of virtualization when it comes to compute and storage resources, expanding this approach to the WAN further optimizes end-to-end application experience for business users and yields many benefits, such as:

  • Eliminating/reducing network fragmentation. SD-WAN enables network assets to be managed as a single logical entity, rather than a collection of disjointed physical ones. The resulting consistencies improve application performance, security compliance and customer experience.
  • Enhancing security. Meeting compliance for PCI DSS, HIPAA and other regulations is easier with comprehensive security policy implementation and real‑time monitoring.
  • Ensuring application performance. As dynamic workloads migrate to the cloud, connections can be automatically optimized to continuously meet performance requirements.
  • Improving reliability. Real-time traffic moves with active/active failover capabilities to ensure that end-users never perceive an outage.
  • Increasing flexibility. A macro view of an SD-WAN (with drill‑down “micro” capabilities) enables IT teams to proactively identify and resolve potential issues—in real time, and perhaps, before issues are even detected or reported by end-users.
  • Providing real-time management and visibility. Real-time measurement, information and status updates across an SD-WAN enable admins to function with much greater efficiency.
  • Enhancing connectivity to critical CSPs. Maintaining secure, high‑performance connections to leading CSPs is becoming a more significant component for most organizations’ IT ecosystems.
  • Reducing management and operational complexity. Managing logical entities enables administrative operators to optimize networks at a higher, strategic level, rather than tactically optimizing circuits one‑by‑one.

To further explore the benefits of software-defined networking, check out this whitepaper: “SD-WANs enabling the move to a cloud-centric world.”


How Businesses Gain from Integrating SD-WAN and Security

April 16th, 2019 by

SD-WAN (software-defined wide area network) and security technologies are convergently evolving—responding to the needs of the market while stimulating new demand through innovation. SD-WAN and security capabilities are being integrated in platforms both on-premises and in the cloud. What’s more—network and security functions once tied to dedicated hardware solutions are now being delivered more effectively via flexible software applications.

Security is biggest WAN concern

Overcoming WAN security concerns

In a recent survey administered by Gartner on behalf of Fortinet, 72% of the respondents confirmed that “security is the biggest WAN concern,” outranking performance at 58% and cost at 47%. Not a surprising result considering the potential impacts that a single security event can have in terms of network performance and financial damages.

Security can no longer be an afterthought. It must be designed as a fundamental component in SD-WAN deployments—whether integrated into the platform itself or as an adjacent service. SD-WAN solutions today often become hybrid solutions in order to maximize returns on prior investments, therefore, any embedded security functions must also be designed for a complex, hybrid world.

The simplification of existing technology in one area often introduces greater complexity elsewhere to stimulate innovation that will yield a greater aggregate value. As overall solution complexity ebbs and flows, the dynamic environment can be very challenging to manage. Network and security management challenges can be multiplied by many factors in a WAN, including:

  • Connection complexity. Network performance requirements and security needs may vary by users, transactions, applications, sites and link types. As a simple example, the guest enjoying complementary WiFi over a cup of coffee in a café likely requires less security than the employee who processes that same guest’s credit card at the table via a tablet.
  • Security-induced latency. As more users of all types use more cloud-based applications and services, security functions such as deep packet inspection, content filtering and data loss protection can impair application performance—reducing productivity and negatively impacting the customer or user experience.

Security gains from technological advances

Software-defined networking introduced the concept of network functions virtualization (NFV), including security. Service chaining enabled multiple functions to be linked together and work in harmony. Software-defined technologies can deliver seamless security across vast WANs with centralized management. The virtualization and integration of network and security functions can reduce dependencies on dedicated hardware solutions. This standardization, simplification and automation can improve the uniformity—and therefore the integrity—of security across all locations, while reducing the need for human intervention.

SD-WAN Security

While virtualization has simplified the physical world, it has also enabled the logical complexity required for Unified Threat Management (UTM) to address ever-growing complexity in the threat landscape. User segmentation enables security capabilities to be applied to each segment type in the most efficient and cost-effective manner possible. For example, PCI DSS (Payment Card Industry Data Security Standard) Compliance may apply to a company at large, but there may be relatively small subsets of employees or network segments that require special handling from a network and security perspective.

IT and security leaders must carefully consider and evaluate segments of user types, or “security classes,” for WAN traffic, and impose policy and technical controls to ensure traffic and apps are treated appropriately. Service providers can help with hosted security options and demonstrating how customers can segment traffic to engage or bypass various security functions.

SD-WAN deployments can also enable Internet connections to software-as-a-service (SaaS) applications in the cloud, but those cost savings come with new security risks. Cloud-based application access may precipitate a new approach to security with a next‑generation virtualized firewall (NGFW) that runs at the network core. Once customized for the specific apps used in the enterprise, a cloud NGFW can be serviced‑chained into SD-WAN connections to as many WAN locations as desired.

Security gains from technology-empowered humans

SD-WAN solutions offer “hard savings” relative to the MPLS solutions they are slowly displacing. Less tangible—but perhaps of even greater importance—are the “soft savings” that an SD-WAN solution with integrated security can yield.

In the past, “rip and replace” WAN deployments created significant disruptions and distractions for all users and especially for the IT professionals tasked with challenges well above and beyond “business as usual” operations. That kind of chaos creates opportunities for existing and emerging security vulnerabilities to be more easily exploited. In contrast, SD-WAN solutions can be deployed “over the top” (OTT) of existing networks. Security risk factors can be mitigated because businesses can progressively deploy SD-WAN by a self-defined project plan and schedule, adjusting on the fly to fight the unexpected, but inevitable, fires of the day. Top tier service providers also offer premium high touch services to fully outsource the deployment and/or ongoing management of SD-WAN, as needed or desired.

Once deployed, SD-WANs provide greater security because the people who manage them can operate more effectively and efficiently via a “single pane of glass” that simultaneously monitors the environment for network and security events. With an integrated SD-WAN and security deployment, security can be managed from a centralized portal, and modifications to security policies can be made for all locations in a matter of minutes, without the need for on-site IT support that could previously take days or weeks for hundreds of locations. Some amount of “soft savings” are realized from operational efficiencies. Much greater savings may be realized when (not if) a security event does occur. A fully-integrated portal for managing network and security enables operators to recognize, analyze and respond to events as quickly as possible. When a security event is significant, every second saved in mitigating it may prove invaluable to protecting the company’s infrastructure, data and—ultimately—its brand and reputation.

Wherever you are in your path to digital transformation, ensuring your existing network security plans help you realize the full value of prior investments and the new investments you make will support the evolving needs of your business well into the future will be key.

SD-WAN in 2019: The New De Facto Standard

January 9th, 2019 by

With its sweeping improvements in agility, reliability, security, performance, and cost, SD-WAN has moved into the networking mainstream in a remarkably short period of time. While MPLS will continue to serve in hybrid networks and as legacy infrastructure, it’s clear now that SD-WAN is becoming the new de facto standard – and I expect 2019 to be the year it leads in new network build-outs by a long shot.

SD-WAN is becoming the new de facto standard

The speed with which SD-WAN took hold can be contributed to a couple of factors, and it’s having a tremendous impact on solution providers as 2019 gets into full swing.

Two main reasons why SD-WAN adoption will continue to explode

  • Digital transformations and cloud initiatives. Major enterprises are uniformly transitioning to digital technologies and the cloud. On the way, many are realizing that router-centric WANs have inherent performance issues that stand in the way of realizing full value from digital and cloud initiatives. Aligning the network to these larger needs has become an imperative – and SD-WAN stands alone in suitability.
  • Pairing with UCaaS solutions. For enterprises of all sizes, including SMBs, the continuing trend toward unified communications as a service drives demand for network quality, availability, and reliability that legacy networks can’t provide. This is causing an increasing number of UCaaS solution providers to pair their offerings with SD-WAN, which can deliver the added benefit of single-vendor ease of implementation and ongoing support.

Additional impact on solution providers

From a solution provider perspective, the rapid rise of SD-WAN has serious implications going forward including:

  • Continuing consolidation. Many smaller start-up vendors hopped on the SD-WAN bandwagon with solutions that weren’t fully baked and traditional CPE vendors added (or marketed) SD-WAN in their legacy portfolio which led to marketplace noise and confusion. Consolidation to a smaller number of established providers will clear some of the confusion and bolster adopter confidence.
  • Managed service providers will increase dominance. While the largest enterprises will continue to prefer to manage their own networks, their mid-enterprise and SMB counterparts will partner with vendors who will manage or co-manage the solution and handle the day-to-day operations of the network while they re-focus their IT teams on driving value.
  • Security, security, security. As more of the network operates over the Internet, SD-WAN adopters are understandably highly concerned with protecting network assets. Solution providers will have to build in and integrate far richer security options than have historically been available.
  • Universal CPE is coming, I swear. I’ve predicted in the past that “white box” or universal CPE will move into the SD-WAN mainstream as it becomes more economical to deploy multiple network functions on commodity hardware. That process has been slowed by everyone in that value chain wanting the same bite of the apple that they have historically enjoyed, but I remain convinced that over time, economics and sourcing options will bring the cost of uCPE and VNFs in line with the value it can produce for end users.

I’m happy to say that SD-WAN’s rapid rise has helped my previous projections prove accurate overall – and there is no longer any doubt that SD-WAN is solidifying its position as a key element in all kinds of contemporary enterprise initiatives.

PCI Compliance Bolsters the Retail Case for Windstream Enterprise SD‑WAN

September 18th, 2018 by

As every merchant who processes payment cards knows, properly protecting sensitive data requires every in-scope network, device, process, and control to be PCI-compliant.

Windstream Enterprise’s SD-WAN solution is the first to achieve PCI DSS compliance, and is enabling retailers to simplify the process of satisfying that requirement.

Our SD-WAN solution’s PCI DSS compliance was recently confirmed by an independent, third-party Qualified Security Assessor (QSA) in the form of Windstream Enterprise’s Attestation of Compliance (AOC). Attaining PCI DSS compliance means that Windstream Enterprise can now provide an SD-WAN AOC report to every customer that adopts its SD-WAN solution.

Customer paying with credit card on a PCI-compliant SD-WAN

Reducing the scope – and cost – of compliance audits

PCI compliance ensures that our SD-WAN solution meets PCI service provider requirements for credit card transactions and the transport of data. With compliance, we are able to reduce the scope and cost of PCI DSS audits that adopting retailers and their QSAs must perform.

Retailers who implement Windstream Enterprise SD-WAN can request an AOC and Windstream will deliver annual updates automatically in successive years.

It’s important to note that while the SD-WAN network itself is PCI-compliant, retailers that process credit cards, must ensure that other networks, devices, processes, and controls connected to the SD-WAN, in addition to other systems that handle sensitive data are also PCI-compliant.

End-user enterprises that don’t process credit cards benefit as well

Windstream Enterprise extends tremendous value to customers in all industries, and that includes the protection of sensitive data and the security of the solution. Whenever any consumer-facing enterprise incurs a network breach, its customers will always be understandably concerned about whether any of their own information was compromised. The protections built into our SD‑WAN offer assurance that those customers’ personal information, and the enterprise’s sensitive data within the SD‑WAN, are thoroughly protected.

While SD-WAN was designed to address the need to simplify network expansion, provide increased visibility and control, and reduce networking costs and downtime, attaining PCI compliance reinforces the security of the data inside the SD-WAN.

Firewalls: No Longer a Sufficient Cyberattack Defense Alone

September 17th, 2018 by

The headlines are so common that we all understand clearly: Cyberattacks have become a constant fact of life.

But with most of those headlines trumpeting attacks on major corporations and government agencies, it’s easy to overlook the fact that small to medium-sized businesses (SMBs) are also under attack – and typically are more vulnerable than larger enterprises. Consider:

  • 61% of last year’s breaches occurred at SMBs, up from 53% the previous year.1
  • Losses from the worst cyber breaches range from $84,000 and $148,000, and 60% of SMBs cease to exist within six months of a significant attack.2

What makes these businesses so vulnerable? Insufficient defense. SMBs too often leave network security to the firewalls that alone served so well years ago. Those days have past.

Firewall unable to combat a cyberattack

Times have changed – dramatically

When firewalls became the standard network defense, there were no employee-owned smartphones on SMB networks, phishing was easy to spot, ransomware hadn’t been invented, and all applications ran locally.

Since then, the advent of cloud-based services, remote working, BYOD computing, and many other factors have exponentially increased SMB vulnerability. While firewalls are still a core protection element, they are no longer sufficient by themselves.

What’s an SMB to do?

Small to medium-sized businesses often feel hamstrung by limited IT staffs and budgets, and the sheer number of security solutions available can seem overwhelming. It doesn’t have to be that way.

For starters, not every business needs every defense. A thorough audit of your risk level, potential security weaknesses, and security readiness can reveal where you’re in good shape, and what deficiencies you need to correct – which can often be handled cost-efficiently by a managed service.

Correction may include a managed firewall built for current realities, and perhaps a managed cloud firewall, and DDoS mitigation as well.  It may mean beefing up email and web security. If you have remote workers, you may need more secure VPN access that connects them to your network.  You may also opt for unified threat management. The right combination of security solutions depends on current vulnerabilities and needs specific to your business.

Regardless, you do need protection from breaches and the dire consequences that can follow. The best place to start is by contacting a provider of managed network security services that is highly adept at keeping SMB networks like yours thoroughly secure.


SD-WAN Cloud Connect: A Truly Exceptional Networking Breakthrough

July 20th, 2018 by

I don’t normally talk about product releases in my blog posts, but the new SD-WAN Cloud Connect service that Windstream Enterprise recently unveiled is something I’ve been championing for months.

Because for me, SD-WAN Cloud Connect is game-changing in its marriage of software‑defined WAN and cloud based applications. We’re finally getting to the core purpose of networking: Extending every application in an enterprise to everyone who needs access to it, efficiently and economically.

Created in a partnership by Windstream Enterprise and VMware NSX (formerly VeloCloud), SD‑WAN Cloud Connect’s breakthrough is that it connects every network location in an enterprise to the cloud-based applications run by that enterprise – and provides end-to-end visibility and control enterprises have come to expect from a SD‑WAN.

In doing so, it answers long-standing enterprise needs for agility, affordability, visibility, and control with highly secure access to leading cloud service providers over public Internet.

How the technologies combine to make it work

With SD-WAN Cloud Connect, a virtual Windstream SD-WAN edge device at the cloud service provider (CSP) becomes another location on the SD-WAN. This location is then linked directly to all other sites, putting those apps closer to end users to decrease latency. The SD-WAN technology provides the security and application performance that an Internet-only connection can’t deliver on its own. Then, adding a secondary connection to the SD-WAN Cloud Connect edge device virtually eliminates downtime for mission-critical, cloud-based apps.

Finally, adopting enterprises have the option of self-installing or engaging Windstream Enterprise’s Professional Services to spin up the virtual SD-WAN Cloud Connect edge device on a server at the CSP. Once the install is complete, Windstream Enterprise activates the edge device, making it part of the network, and manages that location as part of a fully managed SD-WAN Concierge solution. The SD-WAN Cloud Connect location appears in the SD-WAN Management Tool with the same levels of visibility and control as any other SD-WAN location.

A new level of network access to applications

As a champion of advanced networking benefits, this approach to application availability gets me pumped in multiple ways:

  • It enables low-latency connections from all SD-WAN locations to both public and proprietary apps running at leading CSPs
  • It provides flexible options for connection via Internet from any provider
  • An active/active configuration with 2 connections delivers maximum uptime and performance
  • It’s fully managed, and integrates with other premises-based edge devices. The SD-WAN Management Tool provides complete visibility, with real-time dashboards and reporting, plus control over business and security policies.

The best new products are those that make it possible to do something you couldn’t easily do before – if at all – and to do it elegantly, efficiently, and cost-effectively. That absolutely describes SD-WAN Cloud Connect. If you’ve been looking for the ultimate in cloud connectivity, be sure to check it out.

My SD-WAN Predictions for 2018: Taking Stock at the Halfway Point

July 19th, 2018 by

At the beginning of this year, I wrote a looking back/looking ahead blog post titled 2017: The year SD-WAN caught fire – get ready for more to come. Seems natural for someone with the job title “Vice President for SD-WAN,” right?

So, how did the looking ahead portion pan out?

In comparing that year-end blog post with what I’ve seen in the first half of 2018, it seems I got much of it right, and some not quite right, with a few surprises popping up. As I always strive to be a technology realist, here’s my updated take on the state of affairs for SD-WAN.

SD-WAN is moving front and center

Consistent with my earlier assessment, all indications are that SD-WAN remains “on fire.” We’re seeing solid increases in new deployments, month-over-month and quarter‑over‑quarter. Those increases are coming across multiple verticals, too. There’s the expected embrace of SD-WAN in retail, healthcare, and finance, with manufacturing, professional services, and pretty much every other vertical market following suit. That means SD-WAN isn’t just gaining—it’s heading toward mainstream status.

But MPLS is far from dead

I didn’t state this in my previous post, but I assumed the ascent of SD-WAN would balance with a march toward the sunsetting of MPLS. Not so! The need for private network connections endures for many enterprises, where MPLS is finding a comfortable home in hybrid networks. Many customers are downsizing their MPLS circuits by perhaps 50 percent, adding broadband and cellular, and implementing SD‑WAN to control it all. That’s one of many aspects where SD-WAN shines: It provides uniform control of diverse connections – while delivering visibility and control that wasn’t possible with straight MPLS.

Approaches to management are diverging

Regarding the best use of SD-WAN’s higher level of visibility, two camps are emerging:

  1. Do-it-yourself
  2. Managed SD-WAN

It doesn’t have to be either-or, and providers have a clear opportunity to provide a “co‑management” bridge between DIY and managed service. All SD-WAN customers can exercise the increased visibility and control to their degree of comfort as they gain hands-on experience. Those who opt to take fewer control actions still retain the ability to jump into the portal when they want to see what’s happening. The Windstream Enterprise solution provides this co-management ability that is really resonating with our customers.

A word about security, which goes hand-in-hand with SD-WAN

SD-WAN security, which goes beyond site-to-site security and data encryption, is top of mind for most buyers. There’s also the need to protect network assets now that more of the network operates over the Internet. There are multiple ways to address this, and it’s really a topic unto itself which I covered here. Bottom line: Software-defined networking (SDN) is infinitely more flexible than legacy models, offering an array of security options that should be reviewed with any SD-WAN vendor under consideration.

Lightweight SD-WAN for SMBs? Not exactly….

Six months ago, I expected to see the near-term emergence of stripped-down versions of SD-WAN for smaller enterprises, which typically don’t need the full set of features and functions in most standard offerings. What we’re actually seeing instead, are vendors of firewalls, load-balancing solutions and more promoting SD-WAN as a new feature of the narrow services they already offered. Rather than the pure SD-WAN technology vendors trying to move into the SMB space, these other vendors are stepping up into SD-WAN. SD-WAN as an enhancement to an existing platform, and not a product unto itself, is what’s emerging instead of “SD-WAN light.” This isn’t to say that every company marketing their capabilities as “SD-WAN” are actually providing SD-WAN, however, and buyers should educate themselves to really understand if it’s SD-WAN or something masquerading as SD-WAN.

Universal CPE is coming, but not as fast as I expected

Another development that isn’t coming along as quickly as I anticipated is the introduction of “white box” or universal CPE. The big hardware companies are moving in that direction, but slowly, mainly due to issues with pricing models and figuring out what it means to be a software company. A company that has been selling a $1,000 solution consisting of $700 in software and $300 for hardware can have a hard time switching to $700 total for an all-software solution – whether or not there is profit in the hardware (as most would say “we aren’t in the hardware business anymore, it’s just a platform to deliver the software”), that $300 shows as top-line revenue. The use cases are out there, but hardware companies will need to approach pricing with a software mindset.

Service providers building their own platforms

On a final note, here’s one development I intentionally skipped over in my previous blog post. We’re hearing a good deal of buzz about service providers building their own SD‑WAN platforms, rather than reselling platforms from third-party vendors. It’s driven by the need to differentiate service offerings, plus the opportunity for tighter integration with cloud provider infrastructure.

As a pathfinder and SD-WAN leader, Windstream Enterprise will continue to differentiate its services to maintain a leadership position. When I’m asked whether Windstream Enterprises plans to develop its own platform, I always say we will do what’s best for the market and for our customers, and that’s the truth. Time will tell where it goes!

How SD-WAN Can Take On Branch Office Security Challenges

April 10th, 2018 by

Prior to SD-WAN, multi-location enterprise networks needed to rely solely on local protection at the branch office level from a data security perspective. This typically meant point security appliances at the network boundary in the branch office, which combine functionality including firewalls and unified threat management for local use (content filters, data loss protection, data encryption services, etc.). Moving to SD-WAN introduces new options for taking on typical multi-office network security challenges. Following is a summary of those challenges, and an explanation of how SD-WAN, along with other security solutions, can help mitigate them.

SD-WAN faces multiple branch office security challenges

Most distributed enterprises manage their security infrastructure internally or work with a managed security service provider (MSSP). Despite these best efforts, they face a variety of complex challenges when using multi-point solutions to provide comprehensive security at branch offices, including:

  • Latency using cloud applications and services: With applications being delivered through the cloud and via corporate data centers, security requirements can mean that cloud traffic gets routed through the data center to take advantage of deep packet inspection, content filtering and data loss protection. This introduces latency and imposes a drag on branch office applications.
  • Complexity related to network connectivity: Security needs may vary from location to location with link types or by applications accessed. Some locations may rely on different links for network access (broadband, MPLS, and/or hybrid combinations) when using security appliances to implement typical branch office security models.
  • Complexity adding to cost of ownership: The need to purchase, deploy and manage appliances for multiple layers of security at branch locations where expertise is minimal or absent altogether adds to capital and operational expenses.
  • Complexity increases security risks: Integrating multiple point security solutions and managing multi configurations always poses some risk that comprehensive coverage may not result from a combination of elements, thereby exposing the branch (and its parent organization) to a variety of security risks and vulnerabilities.
  • Lack of flexibility lengthens deployment: Deploying point security solutions can take considerable time for branch offices (purchasing and shipping hardware, arranging or scheduling staff or vendors to handle installs and testing). This can happen both during initial deployment, and every time an upgrade or change is required at the branch level.

How SD-WAN can help boost branch security

Software defined technology introduces the concept of network function virtualization (NFV). This includes security functions and service chaining, which enables multiple functions to be linked together for servicing-specific network connections. Thus, software defined technologies can deliver seamless security across branch offices in a way that is painlessly managed within a centralized approach by a service provider, or from the data center. This allows virtualized network and security functions to migrate away from hardware point solutions to their virtualized software-based counterparts, improving security integrity across all locations. This makes them easier to define, deploy, and manage at the branch, and to update, upgrade, or replace when changes are required. Using data centers at the network core makes it easier and more affordable to update branch office security models.

This introduces a potential cloud-based approach to security, featuring a high-function, next gen virtualized firewall (NGFW) that runs at the network core. Once configured and tuned for the specific apps used in the enterprise, this NGFW can be serviced-chained into SD-WAN connections to as many branch offices as desired. Such core-based solutions may pose some of the latency issues noted in the preceding “enterprise challenges,” so IT must be selective about how and when they’re used.

SD-WAN and “security classes”

For example, in a location where the application and traffic includes both A) customer records and transactions, and B) guest or visitor WiFi, it makes sense to differentiate the traffic by “security classes.” More sensitive customer records and transactions would be routed through the service chained NGFW functions to ensure the highest level of security, while less sensitive traffic in the “guest WiFi class” could make use of local security appliances.

This kind of configuration would require an enterprise to carefully consider and evaluate “security classes” for branch office traffic, and impose policy and technical controls to ensure traffic and apps are treated appropriately by “security class.” Service providers can help by describing hosted security options, and demonstrate how customers can segment traffic to use or bypass the various security functions they provide.

Using SD-WAN, customers can maintain communication confidentiality through encrypted tunnels between branch offices, improving the Integrity of security and business policies by having centralized policy management. They can also improve network availability, by seamlessly utilizing multiple access paths, and path condition to avoid service interruptions. Providing confidentiality, integrity and availability are the three main factors for developing and maintaining a secure network.

Much of this may be new to many people, so feel free to bring your thoughts and questions to our team at Windstream Enterprise anytime so we can add further explanation about what SD-WAN can do to enhance security.

AI Spotlight: Artificial Intelligence Will Transform Everything, Including Your Network

March 30th, 2018 by

Welcome to the age of AI. It’s the dawn of an era that will change everything, enabling amazing advances in science, medicine, business, and life itself.

Yes, you’ve likely read this same sentence, in one form or another, for the last 20 years. For nearly as long as we’ve had computing, there have been periods of AI hype mixed with progress, followed by … What happened? But this time, consider that in the past few years we’ve experienced:

  • Explosive Internet growth
  • Quantum leaps in computing power
  • Corresponding advances in big data
  • The emergence of technology powerhouses like Google, Facebook, and Amazon
  • Mainstream recognition that data matters

In addition, the computing industry is developing a roadmap to address AI challenges relating to education and talent, ethical concerns, overall digital momentum, and the drive to apply AI and its sibling, machine learning, towards innovation in the customer experience.

Enterprises are aligned with AI

Optimism among business and IT leaders regarding AI and machine learning and their impact on digital transformation is stronger than ever. The Accenture Technology Vision 2016 survey of 3,100 business/IT execs in 11 countries found that 70% of organizations are investing significantly more in AI compared to three years earlier. In a recent Infosys poll of 1,600 senior business decision-makers, 76% said that AI is fundamental to the success of their organization’s strategy.

What’s driving these trends is that to compete in the cloud economy (and with the likes of the tech powers mentioned above), companies must deliver a customer experience (CX) that transcends channels and is fast, reliable, personalized, mobile, seamless, and secure. This demand reaches into virtually every industry with research by a myriad of analysts reporting a vast majority of organizations believe that CX will be their primary basis for competition in the next few years.

A looming bottleneck

Improving the customer experience for competitive advantage requires learning from oceans of data on the back end, while providing a seamless customer experience up front (something we’re doing ourselves to drive our own CX). All of this adds tremendous stress to the network, with specific implications regarding performance, reliability,  bandwidth, security, resiliency, visibility, and control.

And it’s only going to get worse, with a new generation of bandwidth-hungry customer/user experience-enhancing technologies and apps (AR, VR, etc.) about to crash the network party. When it comes to supporting enterprise AI with network infrastructure, it’s like when Chief Brody said to Captain Quint after his first up-close look at the Shark in Jaws: “You’re gonna need a bigger boat.”

When it comes to AI and enterprise networks, “you’re gonna need a bigger boat.”
JawsTM image ©Universal Studios

The essential problem is that traditional networks were developed for a vanishing enterprise technology landscape. Left unaddressed, this will at best lead to annoying bottlenecks. At worst, it could bring a swift end to AI and IT digital transformation initiatives that overpromised and under-delivered.

To run at AI speed, networks need to adapt

To deliver the promise of Machine Learning AI, networks must enable vast amounts of data to be instantaneously gathered, transferred to the cloud, analyzed, retrieved, and then applied wherever work is to be accomplished. All in a blink of the eye. This presents substantial challenges, as the solution may fail if the data is inaccurate or incomplete, or delayed.

This will require a new type of network infrastructure that provides:

  • Operational efficiency, with high value at lower total cost of ownership (TCO) than traditional networking
  • Exceptional performance, with high availability, redundancy and flexible bandwidth
  • New levels of visibility and control, including granular application QoS
  • Unprecedented agility and including analytics

In other words, it sounds like a job for SD-WAN.

This is why the growth profile and maturity/adoption curve for SD-WAN – which IDC estimates will see a compound annual growth rate of 69.6% and become an $8.05 billion market 2021.

WE’s SD-WAN architecture is designed to deliver the cloud performance and reliability that applying AI to CX in real time demands

Is your network AI ready?

If you have not already done so, it’s time to begin preparing your enterprise network for AI. The starting point is to answer four key questions:

  1. Is your network prepared to meet projected bandwidth needs in the next year/five years?
  2. Will it meet them across all locations?
  3. Do you have the access diversity to guarantee uptime needed for AI applications?
  4. Is your network optimized to prioritize these apps for the cloud?

These are tough ones to answer for a lot of organizations. To make sure you address them properly, and to be sure your network is ready for the data tsunami that will accompany the artificial intelligence era, it is essential that you step up your investigation soon. SD-WAN is a great place to start. A conversation with a cloud/AI ready network provider might be even better.

Business zip code

Enter your business location zip code below for business solutions in your area.

Find business zip code