Blog – Transforming the WAN: what to consider? Ferran Van den Berg 23 November 2021

Blog – Transforming the WAN: what to consider?

MPLS is said to be costly and inflexible, but above all: it’s not suitable for supporting the journey to the multicloud or Work From Home initiatives. But companies have been using it for so long, they find it hard to say goodbye. Workarounds are created, which are sub-optimal at best. So, what now? Do you need a WAN transformation? And if so, how do you ensure performance and security?  

 In the nineties, when the internet was just making its grand entrance, implementing MPLS was common practice. Secure, reliable, and dedicated to you. It was like having your own secret tunnel to your branches. You connected your offices to your applications, which resided in your central infrastructure and datacenter. Back then, nothing was more secure or reliable.  

Secrets tunnels a thing of the past? 

Fast-forward to 2021: the internet is the new corporate backbone. Companies are moving their datacenters to the cloud, applications reside with hyperscalers. and Work From Home (WFH) or Work From Anywhere (WFA) has become common practice. The pandemic might have speeded things up, but the move to the internet was inevitable. Connecting to any user, device, and location, without digging secret tunnels, has become reality. 

 The biggest challenge with MPLS is the inability to connect to remote workers or the cloud. Therefore, workarounds are created, bolt-on solutions on the top of MPLS. Local internet breakouts are implemented, and central remote access gateways are set up. In turn creating new problems, such as performance and security issues. All in all, MPLS isn’t great for companies in the 21st century.  

Patchwork blanket of security solutions 

The issues with security arise when companies are dealing with a vast array of separate solutions for endpoints, network, cloud, and datacenter. There is no overall view: instead, multiple dashboards and policies make managing your security a total drama. But on top of that, a mix and match of security solutions leaves gaps – and ample opportunity for the increasingly advanced hackers to break in and steal all you’ve got.  

 Secondly, the performance of these workarounds isn’t great either. Data will move as smoothly over your MPLS lines as you’ve agreed upon with your telco. But the moment the traffic hits the internet, you’ll have no control over the performance. It’s like having a car and thinking it will get you from A to B in the fastest possible way, but then you get caught in traffic. It can be slow, it can be fast, but you’ll have no control whatsoever.  

 Several dashboards devour all your time and money 

As well as these bottlenecks with MPLS workarounds, you’ll also have trouble managing the array of your point solutions, like MPLS, internet lines, routers, firewalls, and VPN gateways. You’ll probably have multiple tools to manage all these, devouring your time and money. And talking about money: MPLS is extremely inflexible and costly to roll out and maintain, let alone trying to scale it to your growth. 

 In other words: MPLS and its workarounds aren’t the best way to keep your data and users safe. Nor will it help you to protect the assets in your company. So what will hold down the fort? Allow us to introduce SASE, the Secure Access Service Edge architecture. An overlay solution which helps you deal with these security and performance challenges. And if you want, you can even hold on to your MPLS (without the workarounds), if that’s what you prefer. 

 Performance and security for all 

SASE ensures that, on the one hand, performance is stable. This is thanks to the SD-WAN technology that is part of SASE. This routes traffic over the best-performing digital highways, even if that’s your own secret tunnel. On the other hand, SASE ensures high-end security, by implementing solutions such as ZTNA, CASB, SWG and FWaaS. We’ll explain the acronyms later, but the main promise is this:  

 With SASE, you can apply a single, consistent security policy for all users, locations, datacenters, clouds, and SaaS and manage it all centrally. It’s also the embodiment of Zero Trust, the principle that says no one is to be trusted until they can prove otherwise, based on their context. Also, once a user is in, he or she can only see the application or data that they wanted access to, making the rest of the network invisible and leveraging your security to the next level. 

 Make this assessment first 

However, we advise you to not blindly jump onto this new trend, however valuable it sounds, without being aware of a few things first. Assess the situation, so you’ll know what you want to achieve, which solutions will help you get there, and what role MPLS plays in all this. Start the assessment by asking yourself these questions:  

  • What do we want to achieve with SASE, what are our key objectives?  
  • What role does MPLS play in our new SASE strategy? Do we want to continue to use it with SASE? And how can the internet fulfill the role MPLS has played? 
  • What’s the best time and strategy to start with SASE?  
  • What solution is best for our situation?  
  • Where is the solution located? Is it in the edge or the cloud? Or both? 
  • What’s our current security posture and do we know what vulnerabilities we have in your network? How does SASE fit into our current and future security strategy? 
  • Last but certainly not least: do we have enough knowledge and experience in-house to manage our SASE solution on a day-to-day basis?  

Some of our customers came to us after they made the assessment and were clear about their journey. However, other customers had heard of SASE and understand the benefit, but don’t have the in-house knowledge to seriously tackle network performance and security questions. We’ll help them with the assessment, ensure that they know how to value SASE for their specific situation, and establish what design can bring them the benefits they’re seeking.  

How can we help? 

If you’re unsure about your next move to increase security and performance for all your users, regardless of where they work and where your data sits, talk to us. We make secure connectivity extremely simple not only by helping you set up the assessment, but also by offering you modular services which match your specific situation and maturity. Rolling into next level network performance and security has never been this worry-free.