In today's fast-paced digital landscape, having a robust and efficient SD-WAN to connect your sites, data centers, Azure, AWS, and Google Cloud Platform is more than a luxury – it's a necessity. Many businesses deployed their first SD-WAN a decade ago and realized initial benefits. But as the years have passed, technology has continued to advance, and some vendors have been acquired or exited the market. How do you know when it's time to upgrade or replace your legacy SD-WAN solution?
SD-WAN factors to consider
Let’s explore the top 10 reasons to replace your existing SD-WAN:
1. Your SD-WAN vendor is no longer innovating. If your SD-WAN vendor was acquired in the past few years, you might be in for rough times. Most of the large technology acquirers in the industry focus on building a portfolio of solutions to maximize their “share of wallet," but they often struggle with product innovation, integration, and team retention. They operate like private equity firms, slashing costs and chasing payback and increased market value instead of continuing to invest in innovation for customers.
Even the best-intentioned acquirers still need to “rationalize” and reduce R&D costs, customer support, and channel programs to justify their acquisitions. These changes can disrupt the spirit of the company that built the products, and many teams lose their best people. Plus, as acquirers skimp on R&D or consolidate customer support, the focus on tech advancements, timely product updates, and skilled technical support diminishes.
2. You need more powerful security capabilities in your SD-WAN. Back in the day when SD-WAN was new, most of the vendors were focused on delivering a reliable, functional SD-WAN point product. That left customers scrambling to stitch together their own "bespoke” security stack, including stateful and next-gen firewalls, SSL proxy, IPS/IDS, antivirus/anti-malware, and sandboxing/advanced threat protection. Bolting these security products onto an SD-WAN deployment often created a complex network that required Internet-bound traffic to be hairpinned through a central firewall – impacting user experience.
Advanced SD-WANs today offer simplification through solution consolidation, including a robust perimeter security stack, robust routing, and unified policy management, all in a single integrated solution. If your SD-WAN vendor has not delivered natively integrated security and routing with your SD-WAN solution, it’s time to consider a change.
3. Your vendor is forcing you into expensive upgrades or extended support. There is a long history of vendor lock-in with forced hardware and software upgrades in the SD-WAN space. Customers get entangled in a web of proprietary technology that’s difficult and costly to escape, as they find themselves handcuffed to a single vendor's ecosystem with expensive network upgrades and expansions. Stories abound about forced upgrades, planned obsolescence, and additional fees for extending hardware or software support. And as the economy starts to slow and hardware-centric vendors see deals drop, be on the lookout for “exciting” new (proprietary) hardware announcements. If you see the next round of forced upgrades coming, it’s time to look at alternative vendors.
4. Your SD-WAN continues to get hit with security vulnerabilities. The business cost of security incidents and vulnerability remediation is significant. Over the past two years, vulnerabilities have been announced for SD-WAN products, including a number of flaws that could be chained for remote code execution, including directory traversal issues leading to SSH key extraction, shell injection vulnerabilities, privilege escalation bugs, authentication bypass issues, backdoor SQL injection, and file inclusion weaknesses.
These vulnerabilities highlight the ongoing security challenges in the SD-WAN market and reinforce the need for continuous vigilance and timely updates in network security management. If your SD-WAN vendor is experiencing vulnerabilities, it’s clear you need a more secure solution.
5. Your vendor gave you their SD-WAN product for “free.” A few large networking or security companies have historically given away their SD-WAN solution for “free” as part of their broader product suite. Threatened by competitors encroaching into their cash cow business, they use the SD-WAN as a “loss leader” by bundling it into the purchase/renewal of their core products, making the SD-WAN solution look free. BUT “free” is not always good and can eventually hurt the business. A sub-par SD-WAN solution can end up being less reliable, less flexible, and more expensive. You may need to cut corners in design, take a longer time to roll it out or hire more people to run it.
Unfortunately for those who need to deploy and operate these solutions, senior executives and procurement teams sometimes only look at the “free" message and don't understand the true lifecycle costs of running these simplistic or poorly designed products. If your network is built on the sub-par foundation of a “free” SD-WAN, more robust solutions are available.
6. Your vendor forgets about the ticking time bomb of expiring certs. When one vendor's cryptographic certificates expired, it was like a digital time bomb detonating across their customers’ networks. And turning the equipment off and back on again only made things worse. This oversight led to widespread outages, throwing businesses into chaos as critical network infrastructure suddenly became unresponsive. If your gateway was bricked by an expired hardware cert, it’s time for you to look for another SD-WAN solution.
7. Your SD-WAN has limited automation and observability and is way behind on AI. Without real-time information about the state of the network, administrators cannot address critical performance issues quickly, leading to network bottlenecks and downtime that can cripple business operations. Legacy SD-WAN solutions that lack automation and advanced AIOps capabilities leave network administrators in a constant firefight, reacting to critical issues at all hours and manually tweaking and troubleshooting the network, a process as time-consuming as it is error-prone. If your SD-WAN is missing network agility and intelligence are paramount, it’s clear you need a more advanced solution.
8. Your SD-WAN lacks support for IoT devices. With the rapid expansion of IoT in various sectors like healthcare, manufacturing, retail, and smart cities, the need to effectively manage and secure these devices has become crucial. IoT devices are often seen as vulnerable points in a network due to inconsistent security features and firmware updates. Networks can become highly complex due to the sheer number of connected IoT devices and the volume of data being transmitted. Because of these challenges, many organizations either bolt on external IoT security products or stand up completely separate IoT network infrastructure, which is expensive and resource-intensive. SD-WAN solutions should be able to help with this challenge, but not all SD-WANs are equal.
The level of integration, security, and management capabilities can differ significantly. Ask your vendor if they support advanced IoT capabilities such as IoT device discovery and SCADA protocol recognition; IoT device fingerprinting to identify and group devices; IoT-based traffic control, QoS, and analytics; AI-based behavioral analysis to identify anomalous behavior and compromised device; and the ability to run IoT networks on existing infrastructure using multi-tenancy and adaptive micro-segmentation. You should also require a single point of management and visibility across your entire network, including OT and IoT networks. If your current vendor can’t provide you with these capabilities, it’s time to look at alternative vendors.
9. Your SD-WAN struggles to support high latency/low bandwidth media such as 5G and satellite. New network connectivity alternatives, including 5G wireless and LEO/MEO/GEO satellite networks, are becoming more available, performant, and cost effective. They promise to deliver high bandwidth connectivity in remote areas where traditional alternatives are scarce, ensuring global coverage and essential redundancy, serving as backups to terrestrial links, and offering high-performance primary connectivity.
SD-WAN offers a tremendous opportunity for organizations to take advantage of these cost and performance benefits. To do this, new tools and innovations are needed, so ensure your SD-WAN offers advanced connectivity-enabling capabilities such as SIM-based granular SASE services, tunnelless SD-WAN for bandwidth optimization, and links bonding multiple different satellite paths together. If it does not, you should explore your options.
10. Your SD-WAN vendor doesn’t offer a path to convergence and Unified SASE. Enterprise network and security teams are worn out from “bolting together” multiple point products into a complete solution that securely connects users and sites to apps and data. Integrating and maintaining SD-WAN, firewall, and SSE products can be challenging, involving sophisticated API-level integrations, firewall gymnastics, different application identification engines, multiple management consoles and data lakes, different policy engines and policy languages, and tons of IPSec tunnels between solutions.
A Unified SASE solution promises a single platform for SD-WAN, routing, firewall, SSE, and data lake, where these elements are all managed through a single pane of glass. Security and network policies are centrally defined and consistently applied at the SSE gateway, WAN edge, and cloud. Multi-tenancy is easy, and connectivity to Azure, AWS, and GCP is easily supported. Rather than building IPSec tunnels, cloud resources, and SSE gateways participate in the SD-WAN overlay and multi-tenancy.
A final word on evaluating your SD-WAN
If your goal is to evolve to a converged networking and security infrastructure, follow these guidelines and consider upgrading your SD-WAN.
Dan Maier is CMO of Versa Networks.