Applications, data, and other compute resources are no longer confined to the data center. Organizations have moved to a distributed model where critical resources are spread across multi-cloud, data center, and remote locations. This strategy provides a high degree of flexibility, combined with significant cost saving, that enable organizations to compete more effectively. However, this strategy has also resulted an evolving network edge that required organizations to rethink how critical traffic and resources are accessed, managed, and secured.
While some organizations have attempted to address this challenge on their own – redesigning their network infrastructure with solutions such as SD-WAN and SASE – this is not possible for a growing number of businesses. The complexity of deploying, managing, and securing critical resources across an increasingly distributed and dynamic organization is driving customers to seek out service providers to support new networking projects. In fact, almost 80% of IT infrastructure leaders in a recent survey indicated managing all of the elements of an SD-WAN solution is far too time-consuming and difficult.
This creates a significant opportunity for managed service providers (MSPs) and managed security service providers (MSSPs). But while the addition of SD-WAN and SD-Branch solutions to a managed services portfolio offers great potential, the wrong solution can add infrastructure complexity and increase the burden on limited operations staff, while exposing customers to new cyber risks.
Most SD-WAN Solutions Were Never Designed for the Realities of a Managed Services Environment
The reality is, far too many SD-WAN solutions are limited in the scope and scale of the capabilities and additional services they provide. Understanding this is critical, especially as service providers are considering selecting an SD-WAN solution to offer as a managed service. The wrong SD-WAN solution can negatively impact such things as deployment costs, complexity, and time to market on the front end, and increase ongoing management overhead post-deployment. These far-reaching repercussions include:
Higher costs. Most managed SD-WAN services do not include integrated security capabilities. SD-WAN solutions that lack robust, built-in security features require MSPs and MSSPs to purchase, integrate, deploy, and manage an overlay of complementary security devices and services. Time spent assembling and managing these different pieces, not only lowers annual revenue per user (ARPU), but a security system that is not fully integrated also places customers at a higher risk, resulting in increased liability and higher management overhead costs to resolve issues resulting from a security breach. When point security products are used in tandem with a stand-alone SD-WAN networking solution, SD-WAN solutions will experience fragmented and reactive defenses that will increase risk to customers and create further problems with SLAs – not to mention having to deal with the additional onboarding and operational complexity for the MSP.
Poor visibility and control. Managed SD-WAN services cobbled together using a combination of independent security and networking solutions will inevitably result in a disaggregated view of the WAN environment, and disconnected policy controls that expose devices, applications, and systems due to inconsistent configurations and policy enforcement. This additional investment in siloed products, and the associated increase in the need for skilled operations personnel, not only drives down ARPU, but it also ratchets up the risk from security gaps due to an overly complex infrastructure.
Low application awareness. Far too many SD-WAN solutions are not able to prioritize traffic based on user, devices, and applications. This lack of application-aware steering not only degrades end-user performance, but also can impact service-level agreements (SLAs). It may also result in the need to purchase WAN optimizers that increass capex costs and opex management overhead.
Decreased Performance. User experience is critical, and MSPs/MSSPs should not have to choose between performance and protection. One of the most common challenges is due to SD-WAN solutions being unable to scale when secure sockets layer (SSL)/transport layer security (TLS) inspection is turned on. The fact is, encryption inspection is absolutely necessary. But most SD-WAN solutions were never designed for such processor-intensive activity, so inspecting encrypted traffic almost always results in wide-ranging performance degradation. But disabling SSL/TLS inspection puts organizations are at a much higher risk since as much as 60% of encrypted traffic contains hidden malware. As a result, service providers are forced to acquire additional next-generation firewalls or purchase separate encryption inspection equipment, adding CapEx and OpEx costs that drive down ARPU.
Choosing the Right SD-WAN Solution is Critical
Choosing the right SD-WAN solution also enables a service provider to deliver more than just agile edge connectivity. It also enables them to add additional, revenue-generation services such as LAN access (wired and wireless), IoT visibility and control, on-ramp for multi-cloud, and (most importantly) security. An SD-WAN solution that can provide all of this is a single, integrated, VAS platform allows service providers to expand their services footprint and increase revenues while reducing onboarding efforts.
At the end of the day, managing TCO and maximizing profits all boils down to controlling SD-WAN capex and opex. And that requires selecting the right solution for the job. Effective services based on an SD-WAN that consolidates and integrates networking and security functions not only reduces upfront investment, but also enables the critical back-end overhead due to deep and broad visibility, seamless manageability, ease of deployment at scale, intelligence sharing, and automated cybersecurity responses.
— Satish Madiraju, Director, Products and Solutions, Fortinet
This content is sponsored by Fortinet.