By Stephan Tallent

Stephan Tallent

SD-WAN continues to grow, driven by digital transformation and the need to provide new web applications and cloud services to remote business locations. While WAN connectivity has been around for decades, interest in software-defined wide area network (SD-WAN) is growing because traditional WANs weren’t built for the cloud or today’s digital business. Instead, branch offices, school campuses and remote retail locations tend to be connected to a central data center hub using static multiprotocol label switching (MPLS) routing or an Internet Protocol Security (IPSec) network protocol suite connection.

Extending the value of digital transformation to remote offices represents the biggest motivation for organizations (large and small) to upgrade their WAN infrastructure to SD-WAN. If nothing else, it enables them to compete more effectively in today’s digital marketplace. As a result, according to IDC, SD-WAN transformation is growing to become a $4.5 billion dollar market opportunity between now and 2021.

The Opportunity for MSSPs

This disruption presents a massive opportunity for MSSPs. Almost overnight, the entire WAN market is being transformed into a greenfield opportunity. Even better, SD-WAN provides a unique opportunity for MSSPs to provide managed WAN services both on and off their network. That’s because much of the key value of any SD-WAN solution lies in the services attached to it – making it an enabler and facilitator for additional value-added services.

The main drivers for SD-WAN services are agility and efficient WAN resource utilization, increased application reliability and the improved user experience it should deliver. Cost reduction, while valuable in some markets, is generally a secondary consideration. Depending on its configuration, the services it needs to support, and the market in which it is being implemented, SD-WAN isn’t necessarily more cost-attractive than an MPLS service. In fact, in many cases, MPLS circuits will continue to form some portion of the SD-WAN underlay used by enterprises. SD-WAN is an evolution of the wide area network that matches organizations’ digital transformation and includes increasing reliance on cloud-hosted resources and real-time applications.

The challenge from an MSSP perspective is in selecting the SD-WAN solution they want to wrap their services around. The reality is, most SD-WAN solutions provide similar connectivity capabilities. But delivering connectivity-only SD-WAN services isn’t sustainable in the long term. Using SD-WAN to leverage broadband internet for delivering business services may seem like low-hanging fruit, but doing so without also being able to provide comprehensive visibility and security significantly increases risk and exposure to the enterprise. As a result, MSSPs should differentiate their SD-WAN services on capabilities beyond basic SD-WAN, such as security. In short, SD-WAN shouldn’t be the objective. SD-WAN should be the means to deliver an entire value-added services engine that increases revenue per user along with sustained customer loyalty.

Approaching SD-WAN as a Value-Added Services Platform

Building and delivering an SD-WAN solution for your customers is simply the first step is creating a connectivity platform that enables the delivery of new services. Adding services such as advanced security, networking and application management can not only provide a significant revenue stream, but also serve as a real competitive advantage in a landscape dominated by too many SD-WAN offerings.

As a result, MSSPs need to carefully select an SD-WAN solution by considering its ability to deliver additional integrated and automated high-value services. As a result, the ability to provide, in addition to typical SD-WAN connectivity, such additional services as …

… security, application SLAs and traffic management, and integrated network and security management tools need to be table-stakes for any solution under consideration. Additional considerations should include:

Security is an Essential SD-WAN Service

All SD-WAN research points to security as a top customer requirement for SD-WAN. And most SD-WAN solutions only provide a nominal level of security as part of the package. Of course, this may seem like an ideal opportunity to build in a security service. But the complexities of trying to install and manage security that has to be applied as a complete overlay solution can seriously impact the bottom line and average revenue per user.

Instead, an SD-WAN solution that integrates an effective and proven next-generation firewall (NGFW security) becomes an important and obvious requirement to immediately establish a value-added service. A preintegrated security service significantly reduces onboarding efforts, speeds time to market and enables a host of additional security opportunities – from monitoring and management to ongoing operating and optimization services.

Springboarding Beyond SD-WAN

At its core, SD-WAN is essentially a sophisticated connectivity service designed to provide application-aware prioritization between multiple sites and data and applications in the public cloud, software-as-a-service or data center. However, behind each of those connections is a local LAN that also needs additional services and support, and SD-WAN becomes the perfect conduit for delivering those.

Adding access control to local switches and wireless access points, combined with Network Access Control, enables SD-WAN to drive security services deep into the remote network. This creates another commercially viable services opportunity, referred to as SD-Branch. It enables you to provide SD-WAN, NGFW security, fixed and wireless access control and Internet of Things (IoT) and end-user device security to remote locations, whether branch offices, school satellite campuses or remote retail locations. From a customer point of view, the added value of such services is significant as they allow them to gain visibility and control over their entire branch environments from a single point of visibility, management, and reporting – all hosted and managed by the MSSP.

Getting SD-WAN Right on Day One Means Significant Opportunities Later

By leveraging SD-WAN as a services-delivery platform, rather than simply another service offering, MSSPs are opening the door to significant benefits for their customers and significant new revenue streams for themselves. SD-WAN can be much more than just a new connectivity service – it can redefine the depth and range of managed networking and security value-added services, extending beyond SD-WAN and all its opportunities and into the SD-Branch itself. However, this requires planning and preparation long before the first solution is deployed. It requires selecting the right service, with an eye toward how easily and cost-effectively you can add value.

Stephan Tallent, CISSP, is senior director, managed security service providers, at Fortinet. He brings more than 17 years of managed services and information security experience to Fortinet, having spent the last 13 years building managed security service practices within several different types of service provider businesses. He focuses on developing best-practice based MSSP programs that encompass architecture, product development, training, go-to-market strategies and sales operations. He founded Fortinet’s program for veterans and actively promotes veterans’ transition into the cybersecurity industry. Follow him on LinkedIn or @Fortinet on Twitter.