Written by: Ghassan Abdo, Research Vice President, Worldwide Telecom, Virtualization, and CDN; and Martha Vazquez, Senior Research Analyst, Security Services
Four primary market developments have influenced the enterprise digital journey and demand for a secure and resilient network:
n = 1,500
Source: IDC's Security ServicesView 2020, November 2020
Adoption of SD-WAN brings many benefits to enterprises. Key among them are the following:
The wide adoption of SD-WAN among enterprise branch offices pushed the need for an integrated security approach to protect the network from being another attack vector for adversaries. The role of security within SD-WAN has evolved rapidly in the past several years to address the shifts that are occurring in combining networking, security, and the remote workforce. As organizations began utilizing SD-WAN to resolve network and latency issues, they were not initially prepared to address the security issues that would arise with a distributed enterprise.
Along with the increase in digital transformation, there is a drive to converge networking where security and IT teams are realizing the challenges of managing and protecting increasingly complex network across a wide scope of endpoints. As security has become a focus of conversation and less of an afterthought, organizations have reached an inflection point on the need to adopt new security frameworks to address the modern workforce. Traditional security controls deployed to secure the walled perimeter have expired, widening the perimeter to exist outside the datacenter to the edge and making any access point a potential attack vector.
That said, the attack surface has grown exponentially, leaving organizations even more susceptible to attacks. Integration of advanced security has become crucial as organizations need to take a more holistic view of security versus implementing more security point products such as firewalls, intrusion prevention systems, and secure web gateways. Organizations are faced with having to understand that if they are going to bring new digital capabilities into their infrastructure, they must anticipate the need to integrate security functionalities and controls that will help protect different IT architectures and environments, applications, and data. As a result, tight integration of advanced security tools into the SD-WAN has become even more important for organizations to reduce complexity and to assist in expanding security to any user access point.
For organizations struggling with managing multiple IT environments, utilizing a managed service provider to provide the management and monitoring for both the SD-WAN and security can help deliver a simplified experience. Security is complicated, and legacy security architectures tend to sprawl, including tens — if not hundreds — of security vendor products in the larger environments. In fact, IDC has found that organizations' top drivers for working with a managed security service provider include improved performance and efficiencies and the need for detection and response capabilities. Organizations are also likely to seek a service provider that can help gain access to emerging security functionality in which they could not invest on their own.
From a security perspective, there are several benefits for organizations to adopt security into their SD-WAN distributed networking model. A unified security approach for SD-WAN provides a simpler means to minimize the security risk by layering on additional security services that address the evolving security landscape. With changes constantly occurring with the modern workforce, SD-WAN with integrated advanced security functions can provide a more streamlined approach to managing policies by having consistent implementation of various security controls and configurations. In addition, organizations will minimize the complexity of implementing and managing separate security point products from different types of vendors.
At IDC, we expect two major trends to impact the future of SD-WAN. These trends will increase the adoption of SD-WAN as the foundation for a secure agile network:
Organizations must take a "security first" mindset and view security as an enabler to improving the business itself. Making security a priority will drive internal conversations at the early stage of a project. In addition, organizations taking a holistic approach to security can help secure complex IT environments. Security investments should be focused on the specific needs of the business, and risks and should be fully considered at the outset of any project. SD-WAN solutions are in a state of continuous evolution, and security tools are increasingly being embedded natively into these network platforms. Modern SD-WAN can deliver robust security capabilities across the enterprise without requiring the expansion of an on-premises security ecosystem, which can drastically decrease time to deployment, complexity, and both capex and opex while ensuring functional consistency. In addition, SD-WAN complements the added bandwidth from high-speed 4G and 5G networks.
Highly distributed organizations are migrating more workloads into a multicloud environment, creating more complexity for IT teams to manage data and applications from multiple devices and locations. Security controls, such as authentication, have become even more important because organizations need to give controlled access to end users. As organizations turn to adding in more security functionalities, many are considering new approaches such as those defined by IDC as pervasive application edge defense (PAED) and other frameworks such as Secure Access Service Edge (SASE). These approaches recognize that applications are a key control point for security and that keeping sets of applications secure all the way to the edge requires organizations to move what may have been just a collection of loosely affiliated point products to a fully integrated security framework that can recognize and integrate application-centric security into the digitally transformed enterprise.
The convergence of these tightly integrated security components, which include cloud security gateway functionality, data loss prevention platforms, and secure web gateways, enables the ability to unify user or group policies across the entire security stack and provide a single reporting mechanism. These emerging frameworks can also include areas of authentication to facilitate secure network access across on-premises and distributed cloud application environments. This converged security infrastructure shows promise in reducing the complexity of managing data governance policies across hybrid and multicloud environments.
Comcast Business offers secure network solutions, which combine connectivity, network management, and integrated advanced security, powered by its ActiveCore software-defined networking platform. Secure network solutions from Comcast Business provide an efficient way to manage your network across multiple locations and platforms without sacrificing your network security options.
From a managed security services perspective, Comcast Business is up against a wide number of providers in the market. With organizations needing greater assistance to fight against the most current threats, offering advanced capabilities is now a crucial necessity. Keeping up with needs of the buyers for advanced security is difficult and takes a large number of resources to maintain a competitive position against other providers in the managed security services market.
Another challenge facing Comcast Business and the industry in general is interoperability. Enterprises expect their applications to operate in a multivendor environment and execute seamlessly across network boundaries. While efforts in orchestration and interoperability standards are ongoing, execution challenges remain. It behooves Comcast to address these issues in a collaborative approach with the wider ecosystem.
The industry is at an inflection point as it addresses the emerging demands for hybrid cloud connectivity, support of a widely distributed enterprise, and customer preferences for a rich media experience. Underlying these trends is a focus on security as vulnerabilities expand in the new normal. The convergence of SD-WAN and security is becoming a strategic imperative for organizations of all sizes because it optimizes the remote work environment, enhances connectivity to hybrid cloud, and facilitates access to applications from anywhere in a secure fashion.Download PDF
Ghassan Abdo, Research Vice President, Worldwide Telecom, Virtualization, and CDN
Ghassan covers the evolution of the Telco Cloud Ecosystem as well as the emerging Virtualized Enterprise Networking services. His primary focus areas include Service Provider SD-WAN and Managed Services, and emerging NFV-based Virtual Networking Services as well as other Managed WAN Services. In the Hosting and Cloud segment, Ghassan covers Service Provider Managed Hosting Services, including Hybrid Managed Private/Public Cloud Services, Colocation Services, Secure Cloud Connect and CDN Services.
Martha Vazquez, Senior Research Analyst, Security Services
Martha is responsible for IDC's worldwide research and analysis on enterprise and service provider security consulting, integration, and managed services as well as hardware and software support and deployment needs. She provides insightful market analysis and research to vendors, service providers, and end-user clients worldwide. Martha brings a breadth of knowledge and expert advice to assist vendors in developing marketing strategies, research, strategic alliances, and partners in this ever-evolving complex market.
Learn more about secure network solutions from Comcast Business: https://business.comcast.com/enterprise/products-services/secure-network-solutions
140 Kendrick Street
Needham, MA 02494, USA
IDC Custom Solutions
The content in this paper was adapted from existing IDC research published on www.idc.com.
This publication was produced by IDC Custom Solutions. The opinion, analysis, and research results presented herein are drawn from more detailed research and analysis independently conducted and published by IDC, unless specific vendor sponsorship is noted. IDC Custom Solutions makes IDC content available in a wide range of formats for distribution by various companies. A license to distribute IDC content does not imply endorsement of or opinion about the licensee.
External Publication of IDC Information and Data — Any IDC information that is to be used in advertising, press releases, or promotional materials requires prior written approval from the appropriate IDC Vice President or Country Manager. A draft of the proposed document should accompany any such request. IDC reserves the right to deny approval of external usage for any reason.
Copyright 2021 IDC. Reproduction without written permission is completely forbidden.