How SD-WAN is converging network, security and AI

SD-WANs (software-defined wide-area networks) are often praised for uniting the network and security functions into one solution, but there is actually a bigger story of convergence. Recently, some vendors and solutions are converging the network, security and artificial intelligence under the SD-WAN umbrella, giving way for AI-powered insights, virtual assistants and augmented management. With these additions, SD-WAN is starting to look like autonomous networking.

As the new central hub for the multi-cloud enterprise, SD-WAN’s centralized control gives IT professionals flexible hybrid connectivity and bundled security features needed for cloud transformation. But we’re seeing SD-WAN move past the early years of connectivity, next-gen firewalls and secure internet breakouts. Now, it’s taking a deeper dive into cloud security and AI-based network automation.

SD-WAN yesterday: Solving SaaS challenges

Businesses of all sizes rely on software-as-a-service (SaaS) applications because they’re fast to implement, easy to upgrade and don’t require investment in infrastructure or additional staff. The growth of SaaS has had a profound impact on the network, particularly the WAN. Legacy WANs are no longer adequate to support SaaS-enabled businesses, which is why software-defined wide-area networking is now the preferred choice for cloud-centric companies.

More importantly, SD-WAN is paving the way for the convergence of network, security and artificial intelligence (AI) to help businesses address growing IT challenges as they shift to a cloud-first model.

SD-WAN today: Addressing more cloud security challenges

The increase in cloud usage has caused significant pain for IT professionals as they struggle to fill security gaps created by users, who have become comfortable with downloading and using apps without IT’s knowledge, also known as shadow IT. The adoption of SaaS by users or departments poses serious security risks as it’s difficult for IT departments to keep track of apps, with hundreds of them often in use at the same time.

While some are harmless, others can expose sensitive company data. In the majority of businesses, the IT department has no idea how many cloud services are being used. One company we interviewed thought there were about 60. After doing an audit, the IT organization discovered there were more than 500. This order-of-magnitude discrepancy is very common.

SD-WAN supports cloud-first businesses by equipping IT administrators with the tools to secure and control their data. ZK Research found that only 6% of companies have no plans to deploy a SD-WAN by 2023. Some of the SD-WAN vendors have continued to evolve their solutions past connectivity, enabling the SD-WAN to become the control hub for the cloud-driven enterprise. In particular, security tools and AI-based analytics are being incorporated into SD-WAN solutions to more easily tackle the problem of identifying unauthorized SaaS applications.

Recently, Masergy added a Shadow IT Discovery feature to its SD-WAN solution, enabling businesses to pinpoint apps that aren’t IT-approved. Instead of relying on guesswork, Masergy uses network visibility tools and an extensive app database to define and identify “known” and “unknown” apps.  This guides IT admins to understand the most used apps and their security risks; it then ranks them on a scale of one to five (from lowest to highest risk). The company also bundles Cloud Access Security Broker (CASB) and cloud workload protection capabilities with its SD-WAN offerings.

SD-WAN tomorrow: Autonomous networking

With more comprehensive cloud security coverage, the focus for SD-WAN can advance into AI-based analytics and automation. Shadow IT Discovery is possible thanks to AIOps, which Masergy launched in September 2019. AIOps is an SD-WAN-integrated digital assistant for network, security and application optimization. It’s embedded into Masergy’s Intelligent Service Control customer portal and acts as a virtual network engineer. The service uses AI to analyze how the network, application performance and security are affected by different events. Then, it creates intelligent alerts and recommendations for any network changes.

Masergy has positioned the launch of these two solutions as the beginning of autonomous wide area networking for the company. It plans to deliver fully autonomous networking for its business customers over the next few years.

SD-WAN: New, more intelligent approaches

The idea that there should be a more intelligent approach to operate and protect global software-defined networks is what’s driving a new tech category created by Gartner, called secure access service edge (SASE). SASE combines elements of SD-WAN and network security into a single cloud-based service. Managing and troubleshooting large WANs are two of the biggest headaches for IT departments, which SASE aims to tackle. It also aims to deliver the most optimal experience to anyone or anything connected to the network—whether it’s an individual user, a device, application or an internet of things (IoT) system—anywhere around the world. As for those unauthorized SaaS apps, protection policies within a SASE framework prevent misuse of sensitive data.

SASE is still in its infancy and isn’t likely to reach the mainstream for another five to 10 years. Many businesses are trying to tackle existing network complexities before they can even start thinking about SASE, much less adding on AIOps tools. Leading SD-WAN vendors like Masergy recognize that a security-driven approach to SD-WAN is only the first step and that more AI-based advancements are needed to lay the foundation for the self-driving networks of the future.