SD-WAN security: Finding the automated migration comfort zone

SD-WAN will continue to be a vital service delivery platform and automation in a security context will be valuable on many levels, writes Heavy Reading's Jim Hodges.

Jim Hodges, Chief Analyst - Cloud and Security, Heavy Reading

April 15, 2020

4 Min Read
Light Reading logo in a gray background | Light Reading

Without question, software-defined wide area networks (SD-WANs) now represent a key part of an overall cloud service delivery transformation equation. But as with any transformation of this magnitude, success hinges on seamless execution on both a technical and business level.

In order to understand the associated SD-WAN security business drivers and technical requirements, Heavy Reading launched the SD-WAN Security Market Leadership Study (MLS) with collaboration partners Amdocs, Fortinet, Lavelle Networks and Nuage Networks in the fourth quarter of 2019. The survey attracted 90 qualified global respondents and documented SD-WAN security service use cases, implementation timelines, cloud service integration opportunities, the role of automation and policy as well as current and future technical requirements.

Measuring migration comfort level
Over the past few years, communications service providers (CSPs) have faced an unprecedented cadence of technological change encompassing cloud service migration, multi-access edge computing (MEC) and the rollout of 5G networks. Since SD-WAN has rapidly established itself as the access technology for all these technologies, it is apparent that it will need to continue evolving.

The key question is how well SD-WAN security services already deployed or soon to be deployed will be able to manage these technology-driven transitions. Overall, as shown in Figure 1, most respondents (39% to 51%) believe that they will face a "complex but manageable migration." A smaller but still significant group (16% to 25%) expects a "seamless software migration" path to support new technologies.

In contrast, only 15% to 23% expect a "very complex migration," with the 5G Next-Generation Core (NGC) implementation representing the technology of greatest concern. This range of "very complex migration" concerns should not be taken lightly. However, given the percentage of "seamless migration" and "complex but manageable migration" survey respondents, Heavy Reading believes most CSPs are comfortable that their SD-WAN security services can evolve to meet future networking technology requirements.

Figure 1: Evolving SD-WAN security services Question: How difficult will it be for your current commercial SD-WAN security services implementation to evolve to support the following advanced networking capabilities? (N=89) (Source: Heavy Reading) Question: How difficult will it be for your current commercial SD-WAN security services implementation to evolve to support the following advanced networking capabilities? (N=89)
(Source: Heavy Reading)

Assessing the impact of automation
Although not explicitly stated in any new technology development plan, there is an implicit assumption that any advanced technology will also be able to support some level of automation integration as it evolves to meet future service demands.

In this context, SD-WAN is no different, so a key focus of the SD-WAN Security MLS project was to assess the impact of automation on SD-WAN. Specifically, Heavy Reading sought to determine which SD-WAN functions would be most positively affected by the implementation of automated security policies and provisioning processes. As shown in Figure 2, based on "extremely positive impact" and "positive impact" response levels, the entire standard list of SD-WAN security functions is relevant. Of these, based on the top three "extremely positive impact" responses, the most important areas are vFirewall (33%), intrusion prevention (29%) and distributed denial-of-service (DDoS) mitigation (27%).

However, it is important to note that capabilities such as application control, web filtering and packet filtering are behind by only a few points (24% to 26%), emphasizing their overall strong value proposition. Given the range of positive responses, it is clear that CSPs believe automation in an SD-WAN security context will be valuable on many levels. SD-WAN will likely continue to be a vital service delivery platform as we evolve into the automated world of the future.

Figure 2: Impact of automated security policies and provisioning Question: What impact will the implementation of automated security policies and provisioning processes have on the performance of the following SD-WAN security services? (N=89) (Source: Heavy Reading) Question: What impact will the implementation of automated security policies and provisioning processes have on the performance of the following SD-WAN security services? (N=89)
(Source: Heavy Reading)

Looking for more info?

This blog is sponsored by Fortinet.

Read more about:

Omdia

About the Author

Jim Hodges

Chief Analyst - Cloud and Security, Heavy Reading

Jim leads Heavy Reading's research on the impact of NFV on the control plane and application layers at the core and edge. This includes the evolution path of SIP applications, unified communications (UC), IP Multimedia Subsystem (IMS), session border controllers (SBCs), Diameter signaling controllers (DSCs), policy controllers and WebRTC. Jim is also focused on the network and subscriber impact of Big Data and Analytics. He authors Heavy Reading's NFV and SDN Market Trackers. Other areas of research coverage include Subscriber Data Management (SDM) and fixed-line TDM replacement. Jim joined Heavy Reading from Nortel Networks, where he tracked the VoIP and application server market landscape and was a key contributor to the development of Wireless Intelligent Network (WIN) standards. Additional technical experience was gained with Bell Canada, where he performed IN and SS7 network planning, numbering administration, technical model forecast creation and definition of regulatory-based interconnection models. Jim is based in Ottawa, Canada.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like