It’s no secret that financial firms, the big banks, and Wall Street firms are driving forces behind an explosion and compulsory desire in the market for network connectivity that delivers accessibility and flexibility into a secure hybrid-cloud environment. A return to the office following COVID-19 has fueled massive bandwidth and cloud connectivity challenges that are driving significant change in how we build networks.
In response, over the past few years, many large organizations have moved their branch and remote connectivity to SD-WAN-based technologies to capitalize on an efficient and more resilient way of connecting.
Using inexpensive internet connectivity, rather than private circuits, to link remote sites to the corporate network, SD-WAN is compelling for many enterprise businesses, and the IDC estimates that the global SD-WAN infrastructure market will grow from $3 billion (2020) to $7 billion in 2025.
However, with these deployments now in the rear-view mirror and with employees now returning to the workplace, cracks in the armor are beginning to manifest themselves in the market.
If you can’t monitor it, you can’t manage it
One of the compelling reasons for deploying SD-WAN is to have a crisper, clearer view of applications and their performance across the network. Additionally, SD-WAN constantly works to establish new connections to applications, and services, deciding in real-time which network path to take based on availability, latency, and jitter.
But is it better than using telco network A or telco network B right now? Hypothetically, SD-WAN works well when you’re dealing with just one vendor and simple internet traffic, but for a large enterprise's network, where there are multiple vendors, a mix of public and private cloud, multiprotocol label switching (MPLS), as well as private circuits, adding SD-WAN into the mix creates yet another control plane in the network and yet another thing to be managed.
Paradoxically, visibility to application performance can actually be lost with the addition of SD-WAN, as you now have hundreds, or even thousands, of individual branch devices making their own network decisions.
Do you have a policy for that?
While we were all working from home, we became strangely addicted to video calls. How odd, then, to return to the office to find an old-fashioned teleconference phone sitting in the middle of the boardroom, like an artifact from a past life.
It turns out that with the return to the office, we’ve still decided to jump on video calls on our laptops. This has driven the network management teams mad because it turns out that the video traffic from just 3-4 users is often more than a bank branch consumed for all its other services.
This video traffic often ends up in the same data center as all other applications (thanks to encrypted tunnels), where latency is now introduced as it clogs up all the firewalls. For a financial institution, it makes sense to extract this video call traffic locally and route it somewhere else – while still monitoring for exfiltration of data.
Therefore, you’re going to need some good, distributed policy management to dictate what traffic is allowed to go where. And by the way, while you were out, that nice new smart coffee machine for your customers was installed – that’s going to need a policy too.
So, take me to the cloud?
Speaking of encrypted tunnels – how are enterprises now connecting your branch to the applications that were moved to the cloud? Did they hand over the keys of your cloud infrastructure partner to your telecommunications provider so that they could provision it for you?
Managing a corporate network that extends in and between cloud providers is beyond the capabilities of SD-WAN and is becoming more complex day-by-day. Because most organizations now deploy applications in more than one cloud, these applications will now need to communicate with each other and often with the branch network too.
Let’s Look Ahead
So, let's recap. SD-WAN has provided a lot of connectivity benefits and has saved businesses money, but in the process also created its own sets of challenges – especially at scale. Application performance is hard to understand and harder to control in an SD-WAN setting; the complexity of traffic patterns is not simplistic and requires policy management; and the move to cloud breaks SD-WAN connectivity paradigms.
Moving forward, it's critical for financial institutions to work with vendors and partners that deliver intent-based networking, with distributed policy management, as well as application visibility to the scale necessary for a large enterprise or telco scale. This partner’s role is to bring connectivity, automation, orchestration, closed-loop networking, and visibility to the infrastructure and network vendors you've already deployed.
In our role as network automation providers, we should strive to remove complexities for our financial partners and clients, helping them manage and secure their networks dynamically across both public and private clouds.
Andrew Coward is GM of Software Defined Networking at IBM.