To reduce corporate footprint and make the most of your network purchases, find hardware or software that does wide area network (WAN)
WAN security and optimization
The enterprise, small or large, swims in a sea of constantly evolving predators and parasites. There are criminals looking to break in and steal, blackmail or otherwise extract money from you; and pests looking to slip in unsolicited ads, malware, scareware and spyware. The nature of the compromises have also evolved: The biggest cyberattacks right now are adaptive and persistent; low and slow; and multimode and targeted.
At the same time, company environments of all sizes continue to evolve to support a growing mobile population and a new network of suppliers, partners and customers. Staff and contractors bring computers, smartphones and tablets into and out of company LANs, and reach in to work from anywhere. Partners and suppliers develop webs of interoperating systems requiring deeper reach into the data center to support an evolving collaborative and just-in-time ecosystem.
Faced with all these challenges, traditional address-port-protocol firewalls are overmatched. They are certainly still necessary, but they cannot be flexible, subtle or agile enough to sufficiently protect enterprise data. IT staff needs to figure out how to secure the increasingly porous and negotiable boundary between what's "inside" and "outside" the corporate network.
Meanwhile, companies are changing what's going on inside the corporate LAN and WAN by eliciting one or all of the following:
- Spreading their operations to more locations, but continuing to keep internal applications centralized in data centers;
- Deploying more applications that are latency-sensitive (such as VDI sessions, which 52% of companies now use, and Voice over IP, which 95% of companies now use for at least some sites and staff); and
- Adopting more Software as a Service solutions (more than 70% of companies use at least one).
In the branch -- which nowadays is likely smaller than it would have been a few years ago and devoid of on-site tech support -- users are completely reliant on remotely provided solutions and remote support. Less than a third of companies are increasing IT staff in 2013, and only 7% are increasing IT staff in remote locations.
WAN optimization management
Consequently, in addition to needing a new security strategy, many find themselves in need of WAN optimization solutions that can compress, prioritize and accelerate network traffic. And whatever solutions IT finds to mitigate latency, it needs those solutions to have low capital cost (to optimize every branch office) and be robustly manageable from the network operations center (NOC) (since IT staffs continue to be in short supply).
IT can't properly optimize or secure what it cannot see and understand. They need tools that can help manage the network itself to provide an accurate, detailed and real-time picture of what is actually happening on the network. So, they need solutions that can show network utilization and performance (including loss, latency and jitter), track traffic flows and applications in use, and show which users and devices are present and active.
More on combining WAN optimization, management and security
Eliminate Web backhaul by combining WAN optimization and security
Improve user experience with all-in-one app delivery APM solutions
Use WAN optimization for bandwidth management and monitoring
Understand how network virtualization simplifies WAN management
The ideal solution, then, would combine the following optimization, management and security functions:
- Full visibility of packets, flows and entities on the network;
- Next-generation firewall capabilities, data loss prevention, and intrusion detection and prevention; and
- Compression, acceleration, traffic shaping and latency mitigation.
Under robust, policy-driven central management -- through the NOC or a cloud service -- and from a single appliance in each location, the ideal solution would provide essential operational visibility, protect the branch from threats crossing WAN or Internet links, and make sanctioned applications perform more LAN-like.
Where performance allows, such a solution should be available as a virtual appliance that can be run on existing in-branch hardware (such as a router with a hosting card or a print server with little to do) to further reduce the capital cost and deployment time to a new branch. Such a solution could even be provided as a service by a WAN/ISP, in-line, and thus require no premises equipment at all, providing the ultimate in footprint reduction.
However delivered, providing WAN optimization, management and security with a single solution offers a chance of minimizing cost, complexity and risk while maximizing performance and understanding.
This was first published in May 2013