The evolution of the enterprise network in a hybrid, IoT and cloud world

Parag Thakore is Senior Vice President of the Borderless WAN Business Unit at Netskope, following the acquisition of Infiot by Netskope in May 2022. Prior to Netskope, Parag was the CEO and co-founder of Infiot, a Gartner “Cool Vendor™ in Cloud Networking” that developed a new networking model to cater for the emergence of hybrid workplaces, IoT and cloud. Parag was previously VP of Products and founding member of Velocloud Networks, a leader in the SD-WAN space, later acquired by VMware. Parag also spent time at Cisco, where he led product management for multi-billion dollar branch routing business and Cisco IWAN”.

In a conversation with Prisila, a correspondent in Asia Business Outlook Magazine. Parag discussed SD-WAN advantages, emphasized orchestration and automation's role, and addressed challenges in ensuring interoperability with existing networks.

What are the primary benefits of implementing SD-WAN in an enterprise network?

In the broader context, we've ushered in a new era driven by adaptable work demands. An overwhelming majority of Indian executives now agree that hybrid work is a source of productivity for their teams. This era is defined by an increased dispersion of endpoints, and a significant adoption in cloud applications to maintain productivity. Netskope Threat Labs researchers identified recently that workers across Asia now use an average of 20 cloud applications each month. In addition, growing IoT ecosystems, multi-cloud adoption, and various types of company locations are creating more complex network perimeters, where everything has to communicate with each other efficiently and securely.

SD-WAN emerged in 2013 as a new network model allowing enterprise sites to connect directly to distributed on-premise and SaaS applications and deliver consistent performance and security over commodity broadband links.

SD-WAN removes the need for traffic to transit over costly private networks or a centralized data center, and delivers visibility and control over those applications. It reduces the costs of operations by switching from expensive MPLS to inexpensive internet links, while improving overall network performance and user experience.

How does SD-WAN optimize network performance and improve user experience?

Before going into more details, it is important to highlight that the existing SD-WAN model is being challenged. The proliferation of cloud applications and acceleration of IoT adoption is creating networking and security challenges that the original SD-WAN architectures were not built to address. SD-WAN was designed to offer visibility and control over a few thousand applications, but not deliver high performance connectivity and security to every remote user, device, site and multi-cloud environment, or the huge SaaS applications and IoT ecosystems most large organizations have nowadays. And most of those legacy SD-WAN solutions were built for on-premise data center-hosted applications and don’t offer controls for cloud-hosted applications.

Anticipating these limitations, improved SD-WAN models have emerged. They are designed  to handle more distributed organizations and a larger number of applications, devices and users, the workload they generate, and better distribute network capacity where it is needed, leading to an improved user experience.

Some also allow for the convergence of networking and security based on context-aware zero trust principles. Context-aware means that organizations can define granular security policies that take user and user risks, device and device risks, and application and application risks into account. To say it simply, the network will automatically apply tighter security policies to staff working from a personal device, on a public wifi, vs an employee working from a company device in the office. It is this convergence of networking and security capabilities that is really driving demand for these new SD-WAN models today.

How does SD-WAN handle network traffic prioritization and Quality of Service

SD-WAN handles network traffic prioritization and Quality of Service (QoS) through automated mechanisms that involve identifying applications running on the network, dynamically distributing capacity where necessary, and making real-time decisions based on network conditions.

QoS policies specify the priority levels for various types of traffic, ensuring that important applications receive higher network resources and bandwidth. In a cloud era, with tens of thousands of applications used in enterprises, manually configuring those policies is an arduous task and a drain on network operations teams with existing SD-WAN deployments. The modern network models we discussed earlier have been designed to address this issue by allowing significant out-of-the-box configuration that can handle this process across large applications’ ecosystems, making network operations more efficient.

Crucially, in a modern SD-WAN, autonomous network monitoring takes center stage, gathering user Service Level Expectation (SLE) data. This can detect anomalies and even predict potential Service Level Agreement (SLA) violations. In this way SD-WAN is now beginning to be able to address policy violations through comprehensive network-wide flow analytics, to ensure a seamless and reliable user experience.

Finally, to ensure a consistent user experience, extending from users at any location to applications located anywhere, it's essential to go beyond the Quality of Service (QoS) capabilities offered by SD-WAN.

A modern SD-WAN network necessitates the integration of proactive Digital Experience Management (DEM) capabilities. These DEM tools actively monitor the network, including cloud and SaaS environments to identify potential user experience or bandwidth issues. When issues are spotted the network can solve them itself proactively, This automated remediation is made possible through processes driven by AI/ML-powered operations.

Can you discuss the role of orchestration and automation in SD-WAN deployments?

In modern SD-WANs, orchestration involves coordinating and managing the various components of the network to ensure they work efficiently. This includes defining policies, configuring devices, and optimising traffic flows automatically. A modern SD-WAN should also offer a cloud-native, multi-tenant orchestrator that allows organisations to separate the line of business networks and compliance resources, and manage all of them from a unified management console.

Automation in SD-WAN deployments simplifies and accelerates repetitive tasks related to network configuration and provisioning. For example, automated provisioning can deploy and configure new SD-WAN devices or adjust network parameters based on predefined policies. The modern SD-WAN should be able to offer automation across a very large scale network and across multi-cloud deployments.

"SD-WAN handles network traffic prioritization and Quality of Service (QoS) through automated mechanisms that involve identifying applications running on the network"

What are the potential challenges and solutions in ensuring interoperability with existing network infrastructure when implementing SD-WAN?

Currently, many organizations grapple with a networking infrastructure that comprises disparate, non-integrated solutions that operate in isolation. The integration of security solutions to counter cyber threats adds another layer of complexity, especially with the proliferation of IoT devices. We are hearing increasing concerns from Indian organisations about the potential consequences of data breaches arising from unsecured IoT devices. This lack of integration also drives up costs and complexity, leading to inconsistent and ineffective security across branches and remote users.

This complexity is particularly pronounced at the branch level, where incorporating new services often necessitates additional servers, further complicating branch security. Existing SD-WAN, once seen as crucial for enhancing branch efficiency, is now leading to complications.

Therefore, a modern SD-WAN must go beyond mere interoperability with existing networking and security infrastructure. It should possess the capability to consolidate SD-WAN with security functionalities that can be activated on-demand to safeguard against attacks on all types of vulnerable devices, including IoT. This consolidation eliminates the need for multiple point products and diverse cost centers.

Discuss the role of SD-WAN in supporting remote and mobile users in an enterprise environment.

Hybrid work is adding complexity to networking. There are more white-collars working remotely than ever before, and non-office workers increasingly use digital applications on the field, and require strong mobile connectivity. Nowadays, users are expecting the same connectivity performance and experience working from the office, home, a hotel, or a construction site, and a network that can’t provide this consistently will negatively impact the user experience and productivity.

In parallel, cyber criminals are trying to take advantage of the potential gaps in the network infrastructure, and the converging of networking and security capabilities - both on-premise and in the cloud - is the best way to protect the enterprise from internal and external threats.

Branches and remote locations should enjoy the same levels of network optimization, performance, and security everywhere. Modern SD-WANs should allow organisations to get rid of the complexity of traditional network architectures, and tackle the challenges of a remote and mobile workforce.