Few areas of the enterprise face as much churn as the edge of the network. Experts say a variety of challenges drive this change – from increased SD-WAN access demand to cloud interconnected resources and IoT, the traditional perimeter of the enterprise is shifting radically and will continue to do so throughout 2020.
One indicator: Gartner research that says by 2023, more than 50% of enterprise-generated data will be created and processed outside the data center or cloud, up from less than 10% in 2019.
Hand-in-hand with that change is a shift in what technologies are supported at the edge of the network – and that means information processing, content collection and delivery are placed closer to the sources, repositories and consumers of this information. Edge networking tries to keep the traffic and processing local to reduce latency, exploit the capabilities of the edge and enable greater autonomy at the edge, Gartner says.
The scope of enterprise WAN networks is broadening. No longer is it only from a branch edge to a data-center edge. Now the boundaries have shifted across the LAN from individual clients and devices on the one end and across the WAN to individual containers in data centers or clouds on the other, said Sanjay Uppal, vice president and general manager of VMware’s VeloCloud Business Unit. “This broadening of the WAN scope is a direct consequence of the democratization of data generation and the need to secure that data. So, we end up with edges at clients, servers, devices, branches, private data centers, public data centers, telco POP, RAN and the list goes on. Additionally, with IoT and mobility taking hold at the enterprise, the edge is moving out from the traditional ‘branch’ to the individual clients and devices.”
“The evolution of business applications from monolithic constructs to flexible containerized workloads necessitates the evolution of the edge itself to move closer to the application data,” Uppal said. “This, in turn, requires the enterprise network to adjust and meet and exceed the requirements of the modern enterprise.”
Such changes will ultimately make defining what constitutes the edge of the network more difficult.
“With increased adoption of cloud-delivered services, unmanaged mobile and IoT devices, and integration of networks outside the enterprise (particularly partners), the edge is more difficult to define. Each of these paradigms extend the boundaries of today’s organizations,” said Martin Kuppinger, principal analyst with KuppingerCole Analysts AG. “On the other hand, there is a common perception that there is no such perimeter anymore with statements such as “the device is the perimeter” or “identity is the new perimeter”. To some extent, all of this is true – and wrong. There still might be perimeters in defined micro-segments. But there is not that one, large perimeter anymore.”
The enterprise is not the only arena that will see continued change in 2020, there are big changes afoot on the WAN was well.
Analysts from IDC wrote earlier this year that traditional enterprise WANs are increasingly not meeting the needs of digital businesses, especially as it relates to supporting SaaS apps and multi- and hybrid-cloud usage. Enterprises are interested in easier management of multiple connection types across their WAN to improve application performance and end-user experience – hence the growth of SD-WAN technologies.
“The market for branch-office WAN-edge functionality continues to shift from dedicated routing, security and WAN optimization appliances to feature-rich software-defined WAN and, to a lesser extent, [universal customer-premises equipment] platforms,” Gartner wrote. “SD-WAN is replacing routing and adding application-aware path selection among multiple links, centralized orchestration and native security, as well as other functions. Consequently, it includes incumbent and emerging vendors from multiple markets (namely routing, security, WAN optimization and SD-WAN), each bringing its own differentiators and limitations.”
One of the biggest changes for 2020 could come around the SD-WAN. One of the drivers stems from the relationships that networking vendors such as Cisco, VMware, Juniper, Arista and others have with the likes of Amazon Web Services, Microsoft Azure, Google Anthos and IBM RedHat.
An indicator of those changes came this month when AWS announced a slew of services for its cloud offering that included new integration technologies such as AWS Transit Gateway, which lets customers connect their Amazon Virtual Private Clouds (VPCs) and their on-premises networks to a single gateway. Aruba, Aviatrix Cisco, Citrix Systems, Silver Peak and Versa already announced support for the technology which promises to simplify and enhance the performance of SD-WAN integration with AWS cloud resources.
The ecosystem around this type of cloud interconnection is likely one of the hottest areas of growth for 2020, experts say.
SD-WAN is critical for businesses adopting cloud services, acting as a connective tissue between the campus, branch, IoT, data center and cloud, said Sachin Gupta, senior vice president, product management, with Cisco Enterprise Networking in a recent Network World article. “It brings all the network domains together and delivers the outcomes business requires.”
“It must align user and device policies, and provide assurance to meet application service-level agreements. It must deliver robust security to every device and every cloud that the enterprise’s data touches.” The AWS Transit Gateway will let IT teams implement consistent network and data security rules, he said.
All of these edge transformations will most certainly bring with it security challenges. Kuppinger noted a few including:
- Has “shadow IT” subscribed to SaaS, which now contains important business data? How is it managed?
- Does the IT department use IaaS for dev/test or pre-production? Is it loaded with copies of production data? How is that controlled?
- Does IT use IaaS and PaaS for line-of-business applications? Is it managed centrally like legacy applications?
- Does the enterprise allow BYOD? Are unified endpoint-management or mobile anti-malware solutions mandated for such devices?
- Are IoT devices on the networks? Are they outside of your networks, but delivering critical services for customers?
- Are third-party risks enumerated and controlled?
“Each of these situations is beyond the traditional edge and can increase your enterprise attack surface and risk,” Kuppinger said. “Once identified, enterprises must figure out how to secure the edges and get more complete visibility to all risks and mitigations. New tools may be needed. Some organizations may choose to engage more managed security services,” he said.
The perimeter needs to be everywhere and hence the advent of the zero-trust architecture, VMware’s Uppal said. “This requires an end-to-end view where posture is checked at the edge, and based on that assessment network traffic is segmented both to reduce the attack surface and also the blast radius. i.e., first reduce the likelihood that something is going to go wrong, but if it does then minimize the impact,” Uppal said.
“As traffic traverses the network, security services, both letting through the good while blocking the bad are inserted based on policy. Here again the network of cloud services that dynamically sequences security based on business policy is critical,” Uppal said.
Going forward enterprise organizations might need to focus less on the network itself. “Protect the services, protect the communication between devices and services, protect the devices and the identities of the users accessing these devices. This is very much what the “zero trust” paradigm has in mind – notably, this is not primarily “zero-trust networks”, but zero trust at all levels,” Kuppinger said.
“The most important learning is: Protecting just the network at its edge is not sufficient anymore. If there is a defined network – either physical such as in OT or virtual such as in many data centers – this adds to protection,” Kuppinger said.
The mixture of cloud and security services at the edge will lead to another trend in 2020, one that Gartner calls secure access service edge (SASE) which is basically the melding of network and security-as-a-service capabilities into a cloud-delivered package. By 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018, Gartner says.
“SASE is in the early stages of development,” Gartner says. “Its evolution and demand are being driven by the needs of digital business transformation due to the adoption of SaaS and other cloud-based services accessed by increasingly distributed and mobile workforces, and to the adoption of edge computing.”
Early manifestations of SASE are in the form of SD-WAN vendors adding network security capabilities and cloud-based security vendors offering secure web gateways, zero-trust network access and cloud-access security broker services, Gartner says.
Regardless of what it’s called, it is clear the melding of cloud applications, security and new edge WAN services will be increasing in 2020.
“We are seeing the rise of microservices in application development, allowing applications to be built based upon a collection of discrete technology elements. Beyond new application architectures, there are demands for new applications to support IoT initiatives and to push compute closer to the user for lower latency and better application performance,” VMware’s Uppal said. “With the maturation of Kubernetes, what is needed is the next set of application-development and -deployment tools that work cooperatively with the underlying infrastructure, compute, network and storage to serve the needs of that distributed application.”