Software-Defined Security – Natural Affinity with SD-WAN Integration

Virtualized WAN services are much like any other software application, in that SD-WAN services must be secure. Except in the case of SD-WAN, VNF software also has to secure the “payload” of the packet, which increasingly is a cloud – or SaaS-based application.

SD-Security is a crucial factor in the overall SD-WAN value equation in large part because telecoms and managed service providers are finding that their enterprise customers now expect it. In response, many MSPs are moving ahead with implementing a suite of security features with more to follow in the next 12 months, according to the SD-WAN Strategies Report recently published by Heavy Reading and Light Reading.

In the European market, several analyst research surveys show the consumption model preference for SD-WAN edge services are via a trusted third-party MSP. The Heavy/Light Reading research analyzes the steps service providers are adopting to address security, which service delivery models they will support, as well as detailed feature implementation timelines.

Here are the key takeaways:

  • Service providers believe that only 6% of their customers don’t expect SD-WAN to support integrated security services. In contrast, 94% believe that their customers do expect there will be some measure of security support.
  • Service providers are meeting these requirements by supporting two distinct models – a fully managed security service model and a Software-as-a-Service (SaaS) based model. Of these, the managed security model has a little more traction with enterprise customers (48%) compared to the SaaS model, which attained a score of (38%).
  • Already one-third (33%) of service providers believe that the adoption of automated policy tools and processes will significantly enhance the performance of SD-WAN security services, while the largest group (41%) also see positive impacts.

Fully integrated SD-WAN and security – same software, same image

The concept of SD-WAN first started to gain momentum because it represented a flexible and low-cost WAN network option with a simple value proposition: more bandwidth, aggregated, for less cost. However, more recently it has become a strategic imperative for enterprise SD-WANs to also integrate some measure of security features as well, a requirement that has only intensified and today SD-WAN with integrated security is considered a high-priority by many service providers and customers.

This point was strongly reinforced when Heavy/Light Reading asked service providers if they thought their enterprise customers expected true security feature integration. Nearly half – 49% of service providers – indicated that their customers expected some level of security feature support, while 45% felt that most but not all customers expected it.

In response to this market demand, many service providers – such as Virgin Business Media, Tata Communications and Verizon – have implemented a managed SD-WAN security model that simplifies security for their customers. Not surprisingly, SD-WAN managed security services have been adopted by many European enterprises utilizing either an outsourced or SaaS-based service.

This trend is validated by the 30% of service providers who indicated the vast majority of customers (more than 70%) and the 18% who indicated a majority of customers (50% to 70%) preferred outsourcing responsibility for implementing and managing security enforcement. On an aggregate level this translates into a 48% level of support.

Given the overwhelming level of support for the managed security service model successively in the research, both the business and technical drivers were evaluated. On the business side, service providers are seeing their customer adopt managed SD-WAN security for three key reasons. Based on critical driver input, these reasons include enhanced security performance, and lower administrative cost (both 39%) as well as access to centralized network security policies, which is core to SD-WAN/Security.

Extending the discussion of these same critical business drivers to the SaaS model captured that the drivers are somewhat similar in that they focus on cost optimization and enhancing security performance. Consequently, 42% of service providers indicated lower administrative cost was the most critical consideration, followed closely by preventing network disruption (40%) and driving down TCO in third place (32%).

Starting with the managed services model, a few capabilities were prominent. Of these, the top three capabilities that attained the highest score in the very high level of demand category were Web-filtering (40%), intrusion detection and prevention (39%).

Looking 12 months into the future, it’s clear that service providers are also taking steps to introduce more advanced managed security services to respond to changes in threat vectors.

While the alignment of current and near-future security capabilities with requirements is overall positive from a demand synergistics perspective, it’s also critical that service providers remain vigilant since the threat landscape is extremely fluid. Consequently, service providers will also need to consider how emerging technologies such as automation will impact their abilities to maintain a strong security posture.

Of these, one-third (33%) believe that the adoption of automated policy tools and processes will significantly enhance the performance of SD-WAN security services, while the largest group (41%) also see positive benefits with their views that they can leverage automation to enhance performance.

The study focuses specifically on managed SD-WAN services offered by network operators to enterprise customers. The report details the current state and likely future trajectory of SD-WANs, based on operators’ understanding and expectations (download a complimentary copy here).


Author's Bio

Atchison Frazer

CMO at Versa Networks