Edge to cloud security with choice
Estimated reading time: 5 minutes
During Aruba’s annual flagship conference, Atmosphere 2021, this journalist thought that the founders of both Silver Peak and Aruba exemplified during their respective keynotes, how their first meeting was a meeting of minds.
With Silver Peak now acquired and its solutions integrated into Aruba’s portfolio of solutions, Dean Vaughn, the Business Unit Lead at Aruba, a Hewlett Packard Enterprise (HPE) company said, “What Silver Peak now brings to the equation, is an enterprise-class wide area networking (WAN) technology built for the edge. And so that’s where the meeting of the minds come in.”
Table of contents
“Both companies recognised, independent of each other, the importance of the edge and how important the edge is becoming to customers.”
Senior Director for SEA, Taiwan and Hong Kong/Macau, Justin Chiah also added that Aruba had recognised the enterprise feature is one that is built on edge to the cloud. “There is a continuum from the edge-to-the-cloud that is data-driven.
“The reason for the agreement to come together is that both have same vision that the edge will be the most critical transformation for the IT industry, right now,” Justin emphasised.
Points of integration for synergy
There has been a unified infrastructure, comprised of the local area network (LAN) portion, and Wi-Fi with switching appliances. “But now increasingly, the unification of infrastructure goes beyond LAN and into WAN, which is where Silver Peak comes in with SD-WAN and SD-Branch,” Justin explained.
But he called out security, as the solution area where both companies created a lot of synergies.
Security is the solution area where both companies created a lot of synergies.
Zero Trust is a model both companies are adept at. It assumes that all users, devices, servers and network segments are inherently unsecured. Then along came the SASE (secure access service edge) paradigm, where the ability to segmentise (the network and traffic) according to available network information whether on LAN or WAN, becomes critical.
Edge to cloud security is something that both technologies can offer together now, but it also necessitated the need for automation. Automation is another area both companies have been working on with Aruba piloting AIOps that uses telemetry and data from devices to provide baseline information, and Silver Peak having business-intent overlay to enable self-driving networks.
When I met Keerti a year ago, I was excited to see the alignment with his vision, the idea of simplifying networks, being able to orchestrate everything, being able to bring it together in a top down way, and change decades-old way of doing things (which was device by device).
David Hughes, Head of WAN Business, Aruba
Best of breed technologies for edge to cloud security
Dean also pointed out a current trend that he thinks customers are challenged with – the convergence of SD-WAN vendors and security vendors.
The vendor with a SD-WAN solution or security solution that is deployed in the customer environment, would typically approach the customer to also add the other solution as a complementing technology.
Dean explained, “Now the problem with that is the following – you drop automatically to the lowest common denominator. So, generally, these companies may have a really strong and excellent security solution, but the SD-WAN portion (of their solution), was either acquired, or they’re trying to integrate it, or they are building it up.”
The same is also happening when the vendor is a SD-WAN provider, and is trying to get into the security space.
“Now, security is one of those spaces where the vendor you want to be working with, is an expert. You just can’t take the risk of having another me-too security solution.”
Another challenge is vendor lock-in which Dean observed many businesses want to avoid because of current uncertain and unpredictable times. He gave the example of a SEA conglomerate customer which wants a SD-WAN solution that encompasses all their existing security environments from an architectural point of view.
Supporting choice and flexibility
There are many legacy applications sitting in a data centre behind a firewall, but in recent times there is a growing number of applications that are cloud-based. These (new) apps need to be able to break out and not be put through a firewall, nor be backhauled over an expensive MPLS link.
Dean explained, “(Organisations) just want to break this software-as-a-service (SaaS) traffic out and send it to a cloud-based security provider.”
The point is, it is not a one-size-fits-all solution.
In contrast, a best-of-breed solution like the Aruba EdgeConnect SD-WAN platform, ensures that customers can have a SD-WAN solution that works together with their existing security vendor to protect their traffic.
If an organisation opts to go with the (converged) SD-WAN/security vendor, there would be lock-in and some application traffic being potentially unsecured.
In contrast, a best-of-breed solution like the Aruba EdgeConnect SD-WAN platform, ensures that customers can have a SD-WAN solution that works together with their existing security vendor to protect their traffic.
Dean described, “If they have legacy, on-premise firewalls and want to route traffic over a dedicated MPLS link, we are happy to work with those security vendors (and we do work with a majority of them).
“If they want to break their traffic out to a cloud-based security solution like ZScaler, CloudFlare, Check Point, Palo Alto and so on, we can do that too.
“Because we are independent.”
In conclusion, Aruba can help their customers decide what is the right approach for each segment of their traffic, and they will help the customer evolve (that approach) over time.