Public sector wide-area networks (WANs) are undergoing a transformation. The pressing need to support remote workers and a surge in demand for video conferencing, secure remote access, and cloud applications has seen public sector IT teams shift gears away from traditional, often MPLS-based WANs.
In their place, agencies are increasingly exploring how smart WAN technology—specifically software-defined WAN, or SD-WAN—can simplify network management, improve network agility, and apply security everywhere.
Yet IT pros often argue SD-WAN has a long way to go before the technology matches the hype, creating unnecessary barriers to adoption.
Let’s look at what SD-WAN is and why network leaders should be more bullish about making the switch.
What Is SD-WAN?
SD-WAN is a software-based approach to managing the wide-area network. Offered “as a service,” SD-WAN is abstracted from the underlying hardware to create a virtualized network overlay designed to securely connect users to applications, even over large geographical distances.
This abstraction greatly simplifies the traditionally complex and time-consuming task of provisioning and managing wide-area networks. It’s also smarter. Unlike traditional network architectures, SD-WAN can intelligently route traffic around congestion based on the type of content being transferred, the endpoint, the time of day, the application’s security needs, latency sensitivity, or bandwidth costs.
These decisions together would be impossible to manage manually. With SD-WAN, however, IT teams can manage potentially thousands of network switches from a centralized controller over the internet, cloud topologies, and more. This gives them the agility to elastically scale the network as needed, ensure high performance, and make smarter use of budgets and resources.
How SD-WAN Increases Security Posture
Availability, quality of service, and scalability are all driving the adoption of SD-WAN, but it’s not all champagne and roses. Concerns linger in government circles about the security posture of SD-WAN technologies and their ability to support the most sensitive applications.
Unfortunately, these concerns often stall decision-making about SD-WAN adoption, but they really shouldn’t. Closing the gaps in an organization’s security is arguably the most important benefit of SD-WAN. In fact, many of today’s SD-WAN solutions have security built in.
Consider encryption. Traditional MPLS WAN networks may encapsulate traffic in data packets, but this data remains unprotected from interception as it moves from site to site. On the other hand, almost all SD-WAN solutions have some form of encryption, dramatically improving the security of data in transit.
SD-WAN also allows IT teams to bring advanced security services to the remotest edge of their network. This is critical in addressing the changing needs of a remote workforce, internet of things (IoT), mobility, and segmentation. Instead of network traffic being routed to the agency’s centralized security hub or data center where security inspections are applied, with SD-WAN, the intelligence and control typically housed in headquarters is pushed to the WAN edge. This saves bandwidth and brings more effective threat containment—including application-layer visibility, anti-malware, deep packet and SLL inspection, IDS/IPS, content and URL filtering, and more—to the edge. It also ensures cloud-destined traffic isn’t backhauled to the on-premises data center but transits seamlessly from the user to the cloud without delay or performance impact.
Making the Business Case for SD-WAN
While SD-WAN is gaining relevance in government, its perception as a relatively new technology means—in addition to security—other barriers to adoption must be understood and a business case must be made.
The first item for consideration is cost. Fortunately, this is an easy business case to make. One of the big advantages of SD-WAN for budget-constrained agencies is it can be acquired as a software as a service solution with little up-front capital expenditure (CapEx). Once adopted, cost savings continue to be realized in the form of improved network utilization and productivity of those tasked with managing the network.
The second area requiring attention is the perception of complexity. SD-WAN can involve a learning curve, but once provisioned, it removes a huge burden from the shoulders of network engineers because it automates the complexity of managing highly dynamic cloud and remote office environments. Where these teams will need help, however, is monitoring and managing network and application performance across this complex network stack. Only with a holistic view into the expanded WAN infrastructure can they gain insight into potential security threats. Although not necessarily a security solution in and of itself, SD-WAN performance monitoring can help detect traffic anomalies indicating malicious activity, discover compromised accounts, and reveal threats.
Making the case for SD-WAN also means preparing for a cultural change. Network engineers may worry SD-WAN will replace their jobs. On the contrary, the impetus to adopt stems from the need to automate decisions and reduce error in large network and cloud deployments where doing so manually is impossible. To prepare, IT leaders must learn from the experiences of their peers and develop a plan to educate and train staff on this transformative technology.
Living Up to the Hype
The hype around SD-WAN is getting loud, but it isn’t for everyone. If an organization is relatively small with only a handful of geographically distributed sites and few remote workers, traditional WANs may suffice. However, if the environment is highly distributed or a hybrid infrastructure, then the benefits and economies of scale of SD-WAN can be realized.
But these benefits are contingent on IT leaders making the right product selections based on bandwidth demands and access to cloud applications. They must also ensure their solutions’ capabilities extend the same security controls found at the core to the edge of the network and maintain those safeguards through the right centralized network management and monitoring strategy.
Only then will SD-WAN truly deliver on its transformation potential and win over the skeptics.
Brandon Shopp is Group Vice President, Product, at SolarWinds and a regular contributor to Government Technology Insider.
