17 Feb SD-WAN security: The impact of orchestrated services multiplicity | Light Reading
The pace of software-defined wide-area network (SD-WAN) deployments has
experienced strong growth over the past four years. As a result, the SD-WAN has
already become a strategic component of many communications service provider
One reason for SD-WAN growth is that the service richness of SD-WANs continues
to evolve, such as with the integration of security services into those
deployments. Increasingly, SD-WAN security services are becoming an important
differentiator, playing a major role in the managed SD-WAN service provider
selection process. As the SD-WAN security service portfolio continues to evolve,
CSPs will continue to commercialize 5G networks that utilize an
application-centric services model. Thus, SD-WAN security services will only
expand in value and relevance.
In order to understand the business drivers and technical requirements, Heavy
Reading launched the SD-WAN Security Market Leadership Study (MLS) with
collaboration partners Amdocs, Fortinet, Lavelle Networks and Nuage Networks in
Q4 2019. The survey attracted 90 qualified global respondents and documented
SD-WAN security service use cases, implementation timelines, the impact of
virtualization, automation and analytics, as well as technical requirements,
including orchestration strategies.
Virtualization and the security bundle
A key opportunity associated with applying virtualization (via virtualized
network functions [VNFs]) to managed SD-WAN security services is the ability to
bundle them into flexible configurations to enhance service differentiation.
As captured in Figure 1, there is substantial interest in adopting this
approach, in large part because it helps CSPs differentiate on many levels. It
enables the delivery of tailored security services with multiple appearances
supported by flexible security service bundles.
Examples of this broad services multiplicity approach can be seen in the range
of “we have implemented” (10%-32%) responses, which provides a view of the
number of security-based VNFs that have already been deployed. The “plan to
implement in 12 months” (27%-40%) responses also indicate substantial interest.
Based on these inputs, it is readily apparent that CSPs are strongly in favor of
bundling VNFs. Of all the possibilities, the top three priorities are vFirewall
(32% + 27%), intrusion prevention (25% + 30%), and DDoS detection & mitigation
(24% + 33%).
However, there is considerable support for other services such as web filtering
(40%), packet filtering (35%) and application control (30%) based on “plan to
implement in 12 months” inputs. This support confirms that SD-WAN security
service portfolio richness and multiplicity will drive strong services growth in
the next 12 months.
Orchestrating security services: farewell to the status quo
A significant number of service providers are focused on introducing
best-of-breed security services into their SD-WAN portfolio. One important
consideration that must be addressed is how to orchestrate these security VNFs
and bundle managed SD-WANs with value-added network and security services.
A key finding from the research in this regard is that CSPs’ focus on
integrating security services into their SD-WAN portfolio will also affect their
network functions virtualization (NFV) orchestrator vendor selection strategies.
For example, as shown in Figure 2, more than a third of the respondents (34%)
prefer to utilize a third-party open source orchestrator that is SD-WAN
vendor-agnostic and can be deployed in multiple service environments. In second
place (30%) is support for a third-party but proprietary NFV orchestrator. In
third place is the “status quo” option of utilizing the SD-WAN orchestrator
supplied by the SD-WAN vendor (25%).
In a multivendor environment of SD-WANs and various VNFs, the orchestration
function is essential to the agility and flexibility of CSPs’ service
deployments. Heavy Reading believes that the number one ranking of the
open source vendor-agnostic orchestration option versus the status quo
vendor-supplied approach is significant. It confirms that CSPs have sharpened
their focus on open solutions to minimize vendor lock-in and enable them to
seamlessly orchestrate the rich security services portfolio their enterprise
customers now demand.
Looking for more information?
This blog is sponsored by Amdocs.
— Jim Hodges, Chief Analyst Cloud and Security, Heavy Reading