Many organizations have implemented SD-WAN and secure access service edge (SASE) technologies in recent years and many more intend to do so in the near future. But plans to add or expand these networks often run into resource constraints. There aren’t enough skilled people inside the organization or hirable resources externally (that are affordable) to carry out the project. Enter outsourcing of SD-WAN and SASE initiatives to partners and managed service providers (MSPs).
“In today’s world with skill set and labor shortage, it’s inevitable that enterprises are having to consider outsourcing, which has been steadily increasing in the SD-WAN landscape,” said Mauricio Sanchez, an analyst at Dell’Oro Group. “For those businesses lacking the right people and skill sets, a managed SD-WAN service makes perfect sense.”
Five years ago, most teams wanted to implement SD-WAN completely on their own. However, there’s been a shift from do-it-yourself SD-WAN implementations to leveraging a partner, according to Forrester Research.
“Today, around 70% of organizations look for outside help to comanage their SD-WAN implementation,” said Andre Kindness, principal analyst at Forrester Research.
Implementing sensible SD-WAN outsourcingWhat steps should organizations take that are looking to offload SD-WAN and SASE duties? Here are some tips from the experts:
Define your needsKindness said outsourcing needs vary widely. Some organizations only require partners that can help them physically deploy hardware, as they feel competent enough to manage operations internally. But there is also the opposite extreme: those that need someone to operate the SD-WAN on a daily basis, and who also need MSP help to design and deploy a completely managed SD-WAN.
Pay attention to your application requirementsIn the early days of SD-WAN, it was positioned as a cloud-based solution that was easy to implement and manage. While that had some merit, two factors forced organizations to look for outside help. In the old hub-and-spoke WAN architecture, networking organizations just increased the size of the connection when faced with more traffic. Kindness noted that a modern SD-WAN requires deeper conversations with the business about the importance of each application being used.
“From there, teams can decide which link will be the primary one and the metrics to be used to shift over to other links,” said Kindness.
Collaborate with security professionalsNetworking can no longer be viewed in isolation. SD-WAN also requires input from security professionals about application traffic and how to best implement initiatives such as zero trust, which is becoming an integral facet of SASE.
“Spend time aligning network and security value to the business as a whole and to ongoing digital initiatives at remote sites,” said Kindness.
Take a holistic, software-defined viewThe initial belief was that by separating the data and control planes, an SD-WAN would lower WAN costs by leveraging internet access solutions instead of MPLS links. That hasn’t quite panned out due to the complexity inherent in software-defined networking (SDN), of which SD-WAN is just one segment. After all, SDN should be viewed as a multitenant, programmable networking solution that automatically orchestrates the right set of services by “service chaining” certain network hardware, virtual functions, and services based on user, device, application and/or business need. Thus, organizations need to look beyond a software-defined WAN to include all aspects of the network and tie into other software-defined projects related to security, storage, compute and data center.
“SD-WAN is only a subsegment of SDN, though it is an important element in creating virtual network infrastructure,” said Kindness.
Understand SD-WAN limitationsIn some ways, cloud, remote work and digital transformation use cases have broken existing edge technologies such as MPLS and SD-WAN. While MPLS is slow to deploy and change and can be expensive, SD-WAN struggles to handle a large number of tunnels.
Part of the reason behind more outsourcing of network security functions, then, is enterprises have begun to realize that legacy networks and security architectures are inadequate. They cannot provide the necessary security and performance in application environments that have become distributed, interactive and mobile. Managed services give them a way to tap into the latest technologies without having to engage in yet another major IT overhaul.
SASE and network-as-a-service are emerging to take the network to the next level, fulfill the needs of demanding applications that sit at the network edge, and offer integrated security capabilities. Network modernization is fueling heavy demand for SASE services as opposed to narrower SD-WAN implementations.
“We expect growth in SASE to continue unabated and double again by 2027,” said Sanchez.
Convergence is inevitableBy 2025, Gartner forecasts that 80% of enterprises will have adopted a strategy to unify web and cloud services and private application access using a SASE/secure service edge architecture. This is up from 20% in 2021. Those with the necessary internal resources and IT skill sets to operate their own network security infrastructure should either select a single vendor for SASE or find two explicitly partnered networking and security vendors with deep integration. For everyone else, a managed SASE offering is the best option to reduce complexity.
“In the past 18 months, many notable SASE announcements [have been] made, many around managed SASE offerings,” said Neil MacDonald, an analyst at Gartner.
As managed service providers come in all shapes and sizes, Sanchez recommends thoroughness in qualifying prospective MSPs. This entails validating that they A) have a track record with SD-WAN and security, B) work with leading technology vendors, and C) can provide solid customer references.
Options to consider for SD-WAN/SASE services include:
- IBM Security Services (utilizing Zscaler SASE)
- BT (partnering with VMware and Palo Alto Networks)
- AT&T (using Fortinet, Cisco and Palo Alto Networks SASE)
- Comcast (partnering with Versa Networks)
- NTT (using Palo Alto Networks Prisma Access)
- Broadcom (partnering with HPE Aruba Silver Peak, VMware, Cisco Meraki, Nokia Nuage, and 128 Technology)
- Verizon, which has launched its own managed SASE service