Edge, public cloud, security drive network transformation
Networking is starting to reflect innovations in compute and public cloud. A notable change will be how network teams view networking and security as a holistic platform.
The network edge isn't as straightforward as it used to be, thanks to the growth of public cloud, remote work and IoT, among other factors. As enterprises support these initiatives, many find their existing network strategies fall short of the connectivity, visibility and security they require.
Technologies like software-defined WAN (SD-WAN), AI, microsegmentation, Secure Access Service Edge (SASE) and 5G have all received their share of hype for how they're expected to revolutionize networking. While some of them haven't fully matured, others have developed solid use cases, said Jeremy Nelson, director of services, networking, at Insight Enterprises, an IT services company based in Tempe, Ariz.
Take, for example, SD-WAN, which was originally supposed to help enterprises save money on leased MPLS lines. While SD-WAN didn't quite meet expectations in cost savings, enterprises found SD-WAN improved connectivity and performance for applications in distributed locations. As more enterprises started hosting applications in SaaS and public cloud platforms, SD-WAN's capabilities became more valuable.
What's driving network transformation?
The old way of networking can't sustain the current nature of distributed users, applications and security. The global COVID-19 pandemic forced enterprises to enable network access to a large number of employees, whether remote, in office, mobile or in a warehouse. Now, network access is all about secure connectivity -- everywhere.
When we think about what we're seeing in the industry, what's really driving this [shift] is the concept of providing access to everything from anywhere.
Jeremy NelsonDirector of services, networking, Insight Enterprises
"When we think about what we're seeing in the industry, what's really driving this [shift] is the concept of providing access to everything from anywhere," Nelson said.
A common business goal drives this push for access everywhere: Namely, enterprises want to improve how quickly and securely they can make new services available to their end users, whether employees or customers.
Goodbye on-prem data centers, hello public cloud
One way enterprises can quickly set up and deliver services is with public cloud. Public cloud provides a cheap, scalable way for enterprises to host and distribute their resources. As a result, many enterprises have started shutting down their on-premises data centers in favor of cloud migration.
According to Aryaka Networks' 2022 "Global State of the WAN Report," 35% of 1,524 global IT decision-makers said they planned to eliminate all their data centers and move to the public cloud within the next 12 months. Another 27% said they would eliminate some of their data centers and move to the public cloud.
Enterprise Strategy Group (ESG), a division of TechTarget, found similar results in a survey of 613 networking, cybersecurity and IT professionals. ESG found 90% of respondents said they were moderate or extensive users of public cloud for business-critical applications.
Jeremy Nelson
This increased dependence on public cloud drives enterprises to find ways to reliably connect their users to those cloud resources in multiple locations, Nelson said.
"It is this continued evolution of the data center, where it's now centers of data, and it's not even single cloud, but multi-cloud," Nelson said. The supporting network architecture needs to ensure high quality, performance and availability for the applications that users consume, he added.
Network as a service
Even if enterprises don't completely abandon their data centers, many are capitalizing on the platform mentality supported by cloud services. Models like network as a service (NaaS) and cloud networking use software that runs at various edges, enabling teams to customize how they distribute networking services to their users without depending on physical appliances at those sites.
Nelson said these models were the next generation of networking, an evolution of software-defined concepts. Similar to computing innovations, NaaS supports a point-and-click approach that is more conducive to changing business needs.
"It allows you to visualize the end state and understand your objective, but it doesn't necessarily add in proprietary or incompatible infrastructure into the mix," Nelson said.
Security across the network
Another critical component of the shift from on-premises data centers to cloud and distributed users is security. Enterprises need to scale security throughout the whole network, reaching mobile users, remote employees and branch locations -- with each endpoint requiring its own security policies. But traditional security designs can't always meet those requirements.
For Nelson, that's where microsegmentation comes in.
"We're starting to see microsegmentation … that's able to do contextual identification of users and endpoints and push policy out to that interior edge," Nelson said. "It's no longer a guard just around the data center where all the key stuff lives."
Instead of approaching security configurations on a device-by-device level, network and security teams can design a "holistic framework" to apply specific security policies to certain user groups, applications and devices, he added. By viewing both networking and security as a platform, teams can distribute policies more reliably across all endpoints, with clear objectives and end goals.
Convergence of networking and security
Most network transformation won't succeed without increased collaboration between networking and security teams.
SASE is a good indicator of this convergence. Essentially, SASE delivers both networking and security services from a cloud-based platform -- instead of relying on disparate appliances deployed throughout the network.
When ESG surveyed 589 IT professionals about their SASE plans, 48% said they would first prioritize the security components of SASE, such as shifting tools to the cloud, converging multiple security controls and adding new security capabilities. Of those capabilities, zero-trust network access was the most common starting point for SASE implementation, followed by data loss prevention, secure web gateway and cloud access security broker.
In contrast, 31% said they would focus first on the networking side of SASE, such as implementing SD-WAN and optimizing bandwidth.
Regardless of which team makes the final technology decisions, continued collaboration will be necessary among network, security and IT operations teams. In Nelson's experience with clients, many enterprise teams aren't sure who is responsible for deployment, operations and event response.
In those cases, network and security pros should work together to understand the architecture, what they need to protect and how to secure the traffic when it connects into and throughout the network, he said. Monitoring tools with AI and machine learning can weed through the data and help teams inspect the traffic.
"You need to understand what's normal behavior and what's anomalous behavior in order to identify a threat," Nelson said. As for who's responsible for addressing flagged threats, Nelson said the most successful organizations designate event response to their security teams.
Jeremy Nelson
