The COVID-19 pandemic has opened enterprise eyes to a lot of things, including the broad viability of remote work, the power of collaboration tools and the need for something better than an old-style VPN. Enterprises have been forced to answer urgent questions of how to connect remote workers to resources and each other for the best UX.
Now, an increasing number of enterprises are also asking themselves a deeper, more difficult question: "Do I even need a WAN connection?"
This question is not the same as asking whether it's time to drop MPLS or shift to software-defined WAN (SD-WAN) running over the internet. Ditching the WAN means completely scrapping the idea of a private network interconnecting enterprise locations, including a private network tunneled over the internet.
The case for going WAN-free
When mulling the idea of ditching the WAN, consider the following:
- The revolution in remote work is leading companies to reassess their need for some or even all their branch offices. In many urban areas, it's cheaper to support workers in their homes than to pay to maintain different offices.
- For many companies, applications are mostly in the cloud now. Getting the best performance for them usually means sidestepping the WAN with some variety of direct-to-internet access from the branches, often via SD-WAN architectures.
- Users in branch offices can access cloud services -- as though they were still at home -- through a cloud access security broker (CASB).
- Users in branch offices can also reach applications still in their own data centers. They do this either through the CASB, zero-trust network access (ZTNA) or a traditional access stack built around firewalls and application delivery controllers.
In other words, in small branch offices that remain open, IT could plausibly replace the old-style WAN with simple, direct internet access via an ISP. Coupled with either a ZTNA cloud service or software-defined perimeter, some enterprises are finding scalable remote access that maintains or even improves their basic security posture.
Ditch the WAN to save money and time
IT can realize significant per-site cost savings by eliminating the WAN, including reductions in or elimination of connectivity service costs, hardware costs and licensing costs for things like SD-WAN software. Simplifying the role of any remaining hardware, such as an internet router, also reduces the cost of maintenance.
Of course, most large enterprises that have built a WAN will continue to need one for years to come. They have sites that mostly talk to inside resources, for example, or cannot accommodate internet-level variability in performance between the site and the resources in data centers or private clouds. Or they have compliance or security features that cannot be met with bare internet connectivity -- yet -- or that will take years to migrate.
Even companies that have to stick with WAN services, though, may soon find they can pull the WAN out of the majority of their smaller sites and still meet bandwidth and low-latency needs.
In fact, given the viability of remote work, it would not be unreasonable to see most companies invert the order of consideration when mulling branches and networking in the future. Instead of asking, "Does this branch require a WAN connection?" organizations might ask, "Do I have enough use cases requiring a WAN connection in this area to justify creating a branch here?"