Silver Peak Founder Predictions for 2021
By David Hughes, founder of Silver Peak and senior vice president of the WAN business at Aruba
Enterprises navigate new path to SASE
If enterprises are to realize the full promise of the cloud and digital transformation, while supporting a new work-from-anywhere normal, they must transform both their WAN and security architectures — not just one or the other. As the noise surrounding SASE subsides, the strategic imperative in 2021 will be to successfully navigate a path from legacy data center-centric, perimeter security architectures toward a cloud-centric SASE architecture. This will require an intelligent SD-WAN edge that unifies embedded security capabilities at the edge with automated orchestration and steering for leading cloud-delivered security services. Enterprises will value a neutral, non-captive edge as they simultaneously support their legacy security architecture, navigate towards SASE for an improved user experience, and to address security challenges associated with new IoT initiatives.
Enterprises tackle IoT security challenges
Digital transformation is driving a proliferation of IoT devices, which, in turn, is creating new security challenges. A zero-trust framework that limits device connectivity to just what is required will become essential to contain threats and prevent lateral movement following a breach. While end-point agents can be used to provide zero trust access for users and applications, agents cannot be installed on most connected devices such as printers, cash registers, cameras and sensors. The new WAN edge will have to implement granular segmentation based on device identification, enforce distinct security policies for each class of IoT endpoints and provide sufficient embedded security capabilities to support east-west inter-segment use cases.
The new Edge will evolve to bring together the principles of SD-WAN, SD-Branch and SASE
The edge is the pivot point for WAN and security transformation and is at the center of three architectural shifts. First, SD-WAN provides cloud-first connectivity and steering in accordance with business policy or intent. Second, SASE provides a better and more direct way to connect users to business applications. Finally, SD-Branch will become increasingly important to simplify the branch as IoT adoption accelerates. SD-Branch will enable enterprises to implement consistent role-based policies that tie together identity, device and application, extending control from the wired and wireless edge, to the WAN edge appliance and across the wide-area-network. The coupling of SD-WAN, SD-Branch and SASE will significantly enhance security posture and yield operational efficiencies.
Edge strategies will be reevaluated in light of a new normal
When COVID-19 struck, enterprises needed to quickly adapt and typically reacted by implementing the most expedient remote work options available. Generally, this involved a combination of VDI, remote VPN access and simple-to-deploy cloud managed devices like remote access points. It’s now commonly recognized that the global pandemic has forever changed the way we work and conduct business. In 2021, enterprises will step back and review what they learned in the past year and evolve their remote work strategies, applying a longer-term perspective of the workplace. This will include eliminating trade-offs between security and user-experience and providing more a consistent experience as users work from home, the road or the office.
LEO joins 5G in the race to become the preferred wireless WAN technology
Wireless WAN access technologies have the advantage of being ubiquitous and quick to deploy. However, the traditional option of 4G/LTE has been expensive and offered lower bandwidth in comparison to wired technologies. This has limited deployments to use cases where existing services are unavailable and time-to-deploy is critical, including construction sites and pop-up shops, and for backup where LTE connectivity is utilized as a last resort. As 5G is rolled out more broadly, improved performance and cost-competitiveness may see 5G adopted for primary connectivity. To support work-from-home, enterprises will extend their SD-WAN fabrics to the home, bonding 5G and consumer broadband services to deliver the highest quality of experience for latency-sensitive voice and video applications and significantly improving network and application availability and resiliency. We are also witnessing early trials of low earth orbit (LEO) satellite broadband service, and we expect that later in 2021 a new race will emerge between 5G and LEO broadband, with the latter promising blanket coverage to all parts of the globe. This will be a boon for businesses that require connectivity in remote locations, adding LEO broadband to the list of SD-WAN connectivity options.
IoT will drive the requirement for dynamic segmentation (David’s shortened version)
Network segmentation is critical to containing security breaches. To date, most enterprises have segmented traffic using VLANs and virtual routing and forwarding (VRF) technology. This enables them to separate guest Wi-Fi traffic from business application traffic from cash register transactions and IoT device traffic. With digital transformation driving a surge of IoT device deployment, and the potential for lateral movement from one class of compromised device to others, a new requirement for finer-grained segmentation by IoT device type is emerging. This will increase the number of segments required in a typical branch from single digits to fifty or more, multiplying the number VLANs, subnets and VRFs, in turn increasing complexity and administration overhead exponentially. In 2021, we will see a significant uptick in adoption of dynamic segmentation architectures that create virtual segments based on end-user role, device type and end-point security posture, allowing tens or even hundreds of segments to be created, as needs arise, without requiring VLAN or subnet allocation. This trend will start from the edge, in the branch and campus. This granular segmentation will be extended across the WAN by advanced SD-WAN and SD-Branch implementations, realizing the true potential of fully orchestrated, edge-to-edge dynamic segmentation.
Advances in automation and AI propel enterprises toward a self-driving wide area network
A growing number of enterprises are benefitting from advances in automation and the use of AI at the WAN edge to further streamline application management. Advanced SD-WAN edge platforms are business-driven, reflecting a top-down approach to aligning network resources to the changing needs of the business. Advances in areas like threat analysis and automated diagnostics are making the network more secure and resilient to disruptions in underlying network conditions and an ever-expanding threat landscape. Network engineers are becoming more confident in “letting the network drive itself”, acknowledging the benefits of being able to focus more attention on moving their businesses forward and less on day-to-day administration.
The software-defined enterprise will emerge
Much as we’ve witnessed with SD-WAN where automation and AI have created a much better way of implementing WANs, the same software-defined principles are being applied in other areas like the data center and campus LAN. In 2021, these software-defined silos will begin to come together into a broader software-defined enterprise architecture. We have seen early steps with SD-Branch, which unifies SD-LAN, SD-WAN and branch security together under one orchestration framework. With the help of VXLAN meta data dynamic security segmentation can be extended from the LAN across the WAN and into the data center or cloud. With end-to-end automation, AI and role-based policy control driven consistently across remote sites, campus, data center and cloud, enterprises will benefit from driving substantial gains in business efficiency and agility.