Over the past two decades we have seen a major shift in working patterns and models at organisations around the world. Intertwined—driven by those workforce changes as well as enabling them—we have also seen a complete rearchitecting of the IT systems that underpin our corporations. Both of these change agents have driven spiralling network costs in the name of maintaining and improving the performance of the essential applications for hybrid workforces.

Let’s be explicit about the changes to which we are alluding.

Firstly, software-as-a-service (SaaS) applications now completely dominate the digital stack for businesses of all sizes, a change driven by vendors removing support for native on-premise applications in favour of cloud delivered services. And it isn’t just the applications that pivoted to an on demand service model.  Platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) are both considered the “new” norm for data centre requirements. Like SaaS, these services have enabled businesses to migrate workloads away from private IT architectures sitting in corporate data centres to a pay-as-you-go platform for cloud compute, storage, and network virtualisation.

Alongside these tech changes we have witnessed wider changes in workforce behaviours, the principal of which has been the rise of hybrid work. 

In short, our apps are no longer residing in easily ring-fenced data environments and our employees who are accessing these apps are no longer working from predictable “known” locations. So where does this leave our existing corporate wide area networks? Is it time to reassess their relevance for today’s data connectivity?

These dual transformations (tech and user) are huge, and with both of these in mind, it is important for organisations to re-evaluate their reliance on traditional network architectures for optimised application performance. Why? 

  1. Commodity networks (home broadband, 5G) are now considered “good enough” for the vast majority of users. With some notable exceptions, we no longer need to plough money into hugely fat pipes connecting users to resources, but for many organisations these pipes between corporate locations are still being funded and, in some cases, sitting empty. Gartner predicts that by 2026, 45% of enterprise locations will use only internet services for their WAN connectivity1.  We need to build enterprise infrastructures that enable a positive user experience and a secure connection, using ubiquitous and cost effective WAN connections.
  1. While many employees don’t need super fast and ultra resilient network connectivity, some always will. In fact, the popularity of hybrid work for knowledge workers will challenge these requirements for all users through the need to provide real-time communications over non-corporate and uncontrolled network connections.  We need to rethink the economics and operational models of our high performing network connections.
  1. Having grown and adapted throughout the most recent period of change (did someone mention a pandemic?), today’s enterprise networks often look like something a mad scientist would build. They are riddled with hairpins to reach legacy security and in order to make use of legacy access technologies, like VPNs, to ensure remote users are secured using the same on-premise tools.  There will always be economic or operational constraints that drive organisations to adapt what they currently have to make it work a little longer, but there comes a time to recognise when such shortcuts actually cost more – in productivity as well as dollars – than a long overdue bold transformation.

Organisations continue to spend vast amounts of money on dedicated network connections like MPLS, even when the destinations that these expensive paths once ran between are no longer populated. A big posh motorway connecting an empty data centre and an empty office is nothing but a waste.  

road image for netskope article

TeWeBs, CC BY-SA 4.0 https://creativecommons.org/licenses/by-sa/4.0, via Wikimedia Commons

VPNs are another illogical approach in the modern environment, because they backhaul traffic to a third location, rather than providing security functions inline as the traffic goes about its business between remote user and cloud hosted applications. There is also a growing body of evidence confirming that many VPN configurations are insecure due to the overprovisioning of client access to corporate assets. This provides false reassurance in a world where we know a zero trust model is a much more practical and secure approach. 

There is another way in the quest for application performance 

Organisations can benefit from taking a pause and analysing their evolved network traffic patterns.  This knowledge is power, in terms of both improved user experience and significant cost savings. Network technologies don’t stand still and advances like our recently announced integrated endpoint SD-WAN client can make a huge difference to the costs of enabling remote workforces.

Enhancements in SD-WAN are an important part of the mix, but they are not the only lever to pull when looking for better value or a better fit networking architecture for application performance.  SASE (secure access service edge) takes the benefits of evolving SD-WAN one step further.

SASE is a concept for the coming together of SD-WAN services with SSE (security service edge), and the key benefit pertinent to this blog’s theme is that as well as being cloud native security (so it does a significantly better job of securing the modern cloud application stack than legacy technologies), SSE does this inline, without unnecessary hairpinning or backhauling—both of which cost money and severely impact user experience. 

Architecting a network design that favours a framework like SASE can help sever the link between network costs and application performance. SASE enables a cloud-native approach to security and networking that has less reliance on traditional, hardware-based platforms and expensive underlay networks such as MPLS. SASE allows organisations to pivot towards a cloud-delivered platform using lower-cost broadband connections. It simply does not make sense to send internet-bound traffic over expensive network links back to head office for on-premise employees, or over Internet VPNs for remote employees, just so it can be security checked before being forwarded to the internet where our applications reside. It makes more sense to implement security checks “as-a-service” in the cloud.

Getting this right will result in the realisation of cost savings for network links, hardware, software, and support contracts with no detrimental effect on application performance for employees. The result is networking nirvana. 

1Gartner: changes in WAN requirements, SD-WAN/SASE assumptions and magic quadrant for network services, February 2023.