We are operating in an environment that we have never known before. Business models that were proven to be successful in the past are now being challenged. Organisations need to innovate and disrupt themselves to survive, let alone stay relevant.
Oreta’s Director of Operations, Rajitha Rajasingham, shares her insights on managed services in today’s world:
Why organisations need managed services now more than ever?
What are the pitfalls of a managed services relationship?
What to look for in a managed services provider?
Question 1 – Why organisations need managed services now more than ever?
Historically organisations that have leveraged managed services have typically benefitted from expertise, scalability and optimised operations. In today’s world managed services isn’t just a good business model it is a necessity. Organisations are operating in an environment that they have never known before. In the wake of COVID-19, the growing challenges to business resilience such as unpredictable revenue, operational changes and cashflow pressures will force organisations to innovate and disrupt themselves to not only stay relevant but to survive. In addition, a massive shift to mass remote working has led to an increase in security vulnerabilities. This means organisations will need to focus all their resources on differentiating their business leaving IT security and operations to the experts.
Question 2 – What are the pitfalls of a managed services relationship?
It is vital that organisations have a robust governance framework in place to ensure that they and the MSP benefit from the relationship. Both parties must have a shared understanding of the organisation’s strategy and vision and work together to achieve successful results. If both parties do not clearly outline their expectations and responsibilities from conception, it could potentially lead to the misalignment of objectives, lack of control, and inflexibility in scope.
Question 3 – What to look for in a managed services provider?
When looking for a managed services provider it is important to understand the value the MSP will bring to the table.
Do they understand your organisation’s strategic direction, and do they have the capability to support it? Is security and automation bolted on as an afterthought or built into their processes to support scalability, growth, resilience and optimised operations.?
Do they have the governance and controls in place to execute operations in a disciplined manner yet with continuous improvement in mind? Do they provide the required business intelligence?
And finally, they may tick the box on their technical capability, but are their values aligned to your organisation’s? Can they work with your team and your systems and be the partner that you need and want?
About Rajitha Rajasingham, Co-Founder and Director of Operations, Oreta
Rajitha Rajasingham is the co-founder and Director of Operations at Oreta. Rajitha’s determination to start up Oreta 5 years ago was influenced by her passion to create a conduit for small to medium enterprises to compete on the big stage through the power of cloud computing. Her career spans over 25+ years in the IT industry, including 13 years at Accenture where she worked with fortune 500 companies across the globe to transform their business to be more effective, efficient and relevant to their customers.
About Oreta
Oreta excels in providing Managed Services to its valued clients. Our clients have the confidence that they can focus on their core business, knowing they have the best IT services at hand. We bridge the gap in your organisation’s IT skill, process, and tooling. We automate to drive scalability, we adopt a bimodal approach of maintenance and innovation, and adopt a security first approach. Our experienced team of technical engineers are available to support you and your team in providing a broad range of Managed Services in cloud, network and security.
SASE – It’s revolutionising network and security architecture. It’s shaking up how we connect. But what exactly is all the talk about? What does it mean for your organisation? Is your organisation sassy enough to conquer a SASE makeover?
Focus Points
The future of our network and security infrastructures being cloud-centric is imminent.
SASE has several advantages over traditional architectures, not the least of which include greater scalability and flexibility for your organisation
Now is the perfect time to assess where on the SASE journey your organisation is at and what this means for your existing networking infrastructure.
What’s sassy about SASE?
Disruptive and transformational are just a few words that come to mind. Gartner defines SASE – pronounced “sassy” and shortened for ‘Secure Access Service Edge’ – as ‘an emerging cybersecurity concept combining comprehensive WAN capabilities with comprehensive network security functions…to support the dynamic secure access needs of digital enterprises’.
Unlike the legacy WAN, SASE shifts the focus from a network where each branch connects to a central office to access data and security services to the concept where an entity (e.g. user, group of people (branch), a single device, IoT system or edge computing location) is connected directly from the edge to cloud-based services bypassing the need for a centralised WAN.
SASE has several advantages over traditional architectures, not the least of which include greater scalability and flexibility for your organisation, potentially reduced network costs, and better performance for the end-user. SASE done right will open the door to enhanced security features, moving the management of your security to a cloud access security broker (CASB) whilst:
protecting your users, regardless of where the device or user is located, from threats through secure web gateways (SWG) and remote browser isolation,
securing your applications and data through zero-trust network access (ZTNA), firewall as a service (FWaaS) and protecting your web API’s (WAAPaaS).
Why is it the trend?
The era of centralised network and security architectures is fading. Today’s enterprises are hyper-distributed. More and more businesses are moving to a Software-as-a-Service (SaaS), cloud-based services and edge compute platforms, where there is an increased reliance on SDWAN connectivity, and remote user access is the new normal. As a result, the traditional reliance on enterprise data centres for routing and security is becoming obsolete.
We are at the forefront of a new transformation. We are shifting from relying on location as the core of networking and security to the end-user. With 2020 being a tumultuous year, with a massive exodus of users working from home, the need for such change has never been so evident. Whilst 81% of the population is now working from home, Gartner has predicted post-COVID that 41% of employees will remain working from home. The question is – is your security prepared for this – are you getting sassy with SASE?
The future of our network and security infrastructures being cloud-centric is imminent. Users need to have more confidence in a consistent and secure experience everywhere, anywhere.
If you are ready to get sassy with SASE, now is the perfect time to assess where on the SASE journey your organisation is at and what this means for your existing networking infrastructure.
Are you the sassy-type?
Ask yourself – Are you ready to revolutionise your network? Are you willing to embrace disruption to stay relevant? If so, you are ready to get sassy with SASE.
Enterprises of all sizes are discovering their reasons for needing to transform to SASE, including;
Corporate services are changing to cloud-based providers
The move from centralised MPLS networks to the Internet at the edge
More user traffic from branches directed to public clouds, detouring the data centre
The need to protect remote users as they perform work outside of the enterprise network and on their own devices
Consolidating network and security
Optimising cloud-based applications that are being accessed from the edge
If you tick any of the boxes above your organisation is also ready to embrace the change.
Get your SASE-on?
Adopting SASE should be part of your organisation’s IT journey. It is not something that has to be deployed all in one go. The goal is to ensure that you integrate it seamlessly, and you provide an optimal experience for the user.
The first step should be to identify the journey and the different phases within. Determine what is already in place and are already performing well, and what needs transforming.
Once you have done this, you will need to consider how to;
Position the adoption of SASE as a digital business enabler to ensure speed and agility.
Change focus from managing security boxes to delivering policy-based security services.
Engage with network architects to discover your SASE capabilities. Use SD-WAN, and MPLS offload projects to evaluate integrated network security services.
Identify ways to reduce the complexity on your network security
To help your organisation map out its journey to SASE contact Oreta today.
Securing important resources and applications is now vital, particularly with the continued rise in cyberattacks. But, how can you manage critical new levels of security without interruptions to your business operations, creating havoc with your employees and defiling your current defenses? More and more enterprises are leveraging Zero Trust to enhance their security posture, shift their reliance from infrastructure to the cloud, and have greater access control through granular policy enforcement. So what is ZTNA and how does it differ from the traditional VPN?
What is ZTNA?
ZTNA stands for Zero Trust Network Access, a type of security model that provides secure remote access to applications and services regardless of where they are hosted. The model considers all traffic as hostile. In the context of remote user access, the model does not trust any user until verification of their identities is complete. A software-defined perimeter (SDP) between users and applications completes the ZNTA model. SDP will consider the correct user credentials and multiple contextual factors before it grants a user access.
With COVID-19, the mobile workforce has grown exponentially, which will remain that way for the foreseeable future. Remote workers are working from insecure networks or using their own devices, making them more vulnerable to cyberattacks. A CAIC report indicates that between January and June 2020, 67% of cyber breaches were the result of compromised or stolen credentials. Statistics such as these show the growing importance of adopting security models like ZTNA to protect corporate application and data.
How is ZTNA different to VPN?
ZTNA and VPN serve a similar purpose of providing secure remote access. However, there are critical differences between the two types of technologies.
1. Network Access vs Identity-based and Application access
Most VPN solutions use IP-based access control (i.e. source, destination IP address and protocol) to create access policies. An issue with these solutions is that the IP address does not provide much information about a user and frequently changes, making it difficult to tell all the users apart and track them, and often requires complex configuration such as separate IP allocation for different user groups. Access policies based on protocols also provides minimal granularity with regards to what applications users can access as many modern applications share the same sets of protocols and ports.
On the other hand, ZTNA uses SDP to control access based on the user’s identity and application. ZTNA enables the development of more granular policies and gives users access only to sanctioned applications. Furthermore, the level of access provided depends on a risk assessment of contextual information, such as a device’s security posture and location.
2. Appliance-based v Cloud-delivered
Another common issue coming from an appliance-based solution like VPN is scalability and management overheads.
Typically, datacentres and head offices often require the deployment of VPN appliances. Users connect their VPN clients to the applicances to access corporate resources. Users may need to switch between VPN connection points, depending on the location of the resources or what the core network needs to support a single VPN entry point for resources across multiple sites. As the underlyinginfrastructure for VPN is often under or over-provisioned, this can result in businesses failing to meet their goals, poor user experience and excessive overheads.
Unlike VPN, ZTNA is not bound by infrastructure or a location. It is a cloud-based service whereby you can have the flexibility of scaling up and down on a needs-by-needs basis. Behind the scene, your service provider will take care of the underlying infrastructure and maintenance. Your IT team will be relieved from capacity planning, hardware/software ordering, deployment and ongoing maintenance.
How does ZTNA relate to SASE?
The SASE architecture aims to address network and security issues relating to the increasing reliance on the Cloud and mobility adoption. SASE enables applications and services to reside in the Cloud and on-prem, and permit users to work anywhere. The two critical elements of SASEtecture are identity-driven and securing all edges, including the mobile workforce. As part of the core features of SASE, ZTNA provides identity-based authentication, context-based access control and secure remote access from a mobile workforce.
Taking you further…
Whether you are looking at a standalone ZTNA solution or a full SASE architecture, you should also consider inspection capability. A ZTNA solution should not just play the role of granting user access, but also continuously monitor user traffic for any abnormal or malicious activity. Another aspect to look at is how well you can integrate your existing solutions and minimise complexity and silos. ZTNA will not cover every security aspect, but it should form part of your collective solutions to achieve better cybersecurity.
Software-Defined Wide Area Network (SD-WAN) is changing the way we think of networking today. SD-WAN’s networking infrastructure is bridging the gap between the needs of today and the requirements of the future. But, how much do we know about it, how can it transform an organisation’s IT ecosystem, and what are the benefits? Here our Network Architects share their insights and answer some of these commonly asked questions.
What is SD-WAN?
SD-WAN is a new approach to deploying and managing enterprise WAN. It is entirely software managed (software-defined). It is an overlay technology which makes the customer network agnostic of the underlying infrastructure. It allows customers to manage their network independently of a service provider, which is unlike the existing MPLS.
What makes up SD-WAN?
There are three critical components in SD-WAN. First, the orchestrator or online portal, where all setup configurations and policies are defined. Secondly, there are branch or site gateways, which could be hardware or software appliances. Thirdly, depending on how agnostic the vendor is, there are cloud gateways or a gateway serviced by a selected vendor.
Why SD-WAN?
There are five key reasons why organisations should invest in SD-WAN, including:
It can replace enterprises existing WAN or supplement it with additional capacity and resiliency levels.
It can reduce the need for a WAN service and OPEX costs for enterprises, thereby allowing them to use inexpensive Internet circuits.
It allows enterprises to become ISP independent. In other words, enterprises can choose any internet service provider, even a mix of multiple providers.
Enterprises can quickly roll out new branches using standard policy and self-managed setup of SD-WAN.
There is no tromboning of traffic in the network, and all SaaS and Internet traffic egress locally, while an enterprises security posture remains the same.
What are the benefits of deploying SD-WAN?
If organisations have the right architecture, SD-WAN can be seamlessly integrated, regardless of the service or configuration of it’s supporting network vendor, and reap many benefits including;
Service provider Independence.
Low operational and recurring costs.
Reduced roll out time for any add move changes.
Application-aware network.
How can SD-WAN integrate into an existing IT environment?
To achieve a smooth transition to SD-WAN without it affecting the performance of its current IT environment, there are several pre-engagement activities which need to be completed. Below is the checklist which all organisations should follow;
Audit the current setup topology and bandwidths of individual links.
Understand the current routing design.
List the critical applications and their traffic flow, delay tolerance and other network parameters. Also, it involves application to application traffic. Benchmarking of current metrics would be needed.
Tabulate user-profiles and users at each branch location.
Lastly, a physical audit may be needed to understand the cabling setup, rack layouts and other physical aspects.
How can Oreta help?
As a service provider, Oreta can complement an organisation’s smooth deployment of SD-WAN by
Conducting a workshop, which focuses on;
conducting a Network Audit
Developing an IT strategy and
Outline increased usage of cloud infrastructure and other SaaS applications
Providing an independent options paper for vendor selection.
Planning migration, building and deployment of your SD-WAN roadmap.
Designing a validation test for excellent tuning parameters and as a proof of concept.
Our skillset includes;
LAN / WAN understanding.
Incumbent routing protocol knowledge like OSPF and BGP.
Understanding of the cloud-based infrastructure.
Managed services team with experience of SDWAN deployment management.
Resources
For more information for the layman, one of our major partners, VeloCloud, has recently published a book ‘SD-WAN for Dummies’. It’s a great read and makes SD-WAN sound like a breeze. Here’s the link which can answer more of your pressing questions – Software Defined WAN eBook
Are you looking to migrate to cloud? Are you experiencing bandwidth constraint with your existing wide area network (WAN) infrastructure? Is your organisation’s IT landscape evolving rapidly? If so, have you considered transforming to a software-defined WAN (SD-WAN) solution? In this blog, we highlight why the industry is seeing an increased interest in SD-WAN over MPLS and why your organisation should consider shifting today.
What is the difference between MPLS and SD-WAN?
Before we get ahead of ourselves, let’s have a look at MPLS, a traditional WAN technique, and SD-WAN, a new way organisations are managing their network at the edge.
Multiprotocol Label Switching (MPLS) has been a popular WAN technology used traditionally in telecommunications environments. Organisations are provided with private connections between their data centres and offices. The technique carries data across the network via fixed competent routes. It is ideal for time-sensitive traffic from voice to video to email-based applications.
SD-WAN reduces the dependency on MPLS by leveraging local break out points to the internet and utilising cloud technology to manage WAN infrastructure. Network traffic is logically and efficiently routed over ISPs of the customers’ choice from each endpoint. It provides secure connections between an organisation’s data centre and offices over various network technologies, such as NBN and 4G, instead of requiring a purpose-built network.
What are the pros and cons of both?
SD-WAN – The Advantages
Many businesses have replaced their MPLS network with SD-WAN. The areas of difference relate to cost, security, and performance. Some of the following advantages are very clear, others less apparent depending on the situation:
More Cost-Effective. SD-WAN offers optimal user experience while eliminating the need for expensive VPNs. SD-WAN provides higher-speed options for multi-point connectivity. By using distributed, private data traffic exchange and control points, such as broadband, DSL and 4G LTE, at lower cost users have more secure, local access to the services that they need – whether from the network or the cloud.
Improve SaaS application performance. SD-WAN can recognise applications and adapt bandwidth and other services accordingly. It can initiate multiple parallel connections and balance the data flow between them. SD-WAN can also create new connections should there be a need to increase the bandwidth and ensure time-sensitive applications are not compromised, For example, SaaS application traffic can be routed directly via local internet breakout to reduce bandwidth drainage issues and hefty costs relating to contention and backhauling to a data centre for processing and redistribution.
Simplified QoS. SD-WAN provides real-time traffic monitoring. Organisations can prioritise essential applications, such a video conferencing and focused emails, across the WAN and divert business-critical traffic during periods of network disruption at every location. SD-WAN can also be upgraded by adding new links – generally without changes to the WAN infrastructure or network.
Central Management. SD-WAN orchestration allows the organisation’s network to be managed and monitored via a centralised dashboard. It reduces management overhead and simplifies network operations while providing complete visibility and control over traffic routing.
Unified security. It is deceptive to think that MPLS provides a secured and managed link between branch offices and data centre through the ISP’s internal backbone. Traffic still needs to be inspected for malware and other exploits, which requires deploying a firewall and additional security functions. SD-WAN can unify secure connectivity by integrating security, policy and orchestration via a single management platform. Organisations can benefit from end-to-end encryption across the entire network. By embedding a wide array of security tools – including firewall, anti-virus and anti-malware, SD-WAN enables data to be secure during transit and provides in-depth inspection of the traffic.
More protection. MPLS is an option available to any SD-WAN solution. When there are cases where MPLS is much less expensive, or when concerns about security or reliability are more important than cost differences, SD-WAN can run over an MPLS connection to provide more protection and functionality than an MPLS solution alone. SD-WAN provides a more significant amount of flexibility, more granular traffic control, integrated security, and the ability to leverage multiple connection strategies – such as MPLS and public internet -using the same SD-WAN deployment.
SD-WAN – The Drawbacks
Not suitable for all organisations. It’s not great for organisations where all business applications are located on premise as there is limited benefit to channel all traffic from the edge out to the internet and then back down from the internet to the Head Office.
Possible Local Site Outage. Occasionally, when using SD-WAN, there is a chance of data packet loss and internet uplinks failing. However, this can be offset by organisations choosing an ISP which can offer consistent reliability in their internet connections and ensure that there are multiple services connected e.g. NBN and 4G to ensure reliability.
MPLS – The Advantages
Although we have listed the many advantages of deploying SD-WAN, MPLS could be considered a better choice, for reasons stated below:
High QoS. MPLS excels at keeping a business’s most crucial traffic flowing. It is ideal for businesses which use virtual applications such as VoIP, video conferencing or virtual desktops. This technique works without compromising the quality or signal.
It is reliable. MPLS uses packet-forwarding technology and labels to make data forwarding decisions. The traffic is specially labelled to assist with identifying what data is critical and enabling data forwarding rules to be established, which is particularly important when there are many users on the shared network.
MPLS – The Drawbacks
The advantages of MPLS include scalability, improved performance, reduced congestion. However; it also comes with several drawbacks, including:
Its bandwidth is expensive. An MPLS service must be purchased from and configured by a telco provider which is far more expensive than running data over the internet. We are in a world where organisations are churning through content that requires a high level of bandwidth, from videos to virtual reality. It can also become very costly when organisations need to increase the bandwidth for their MPLS network when compared to other technologies such as public internet connections.
It is inflexible. It can take up to a few months to provision new services. MPLS connections tend to be rigid, fixed connections that can’t easily adapt to the sort of interconnectivity between branch offices that today’s dynamic networks require. They also don’t provide support for things like application recognition or sophisticated bandwidth management for latency-sensitive applications.
It is complex to deploy and manage. Although an ISP manages MPLS, organisations still need skillsets and resources to maintain the integration of their internal network with MPLS and ensure consistent policies apply across the MPLS network as new sites come online and new services are requested.
Visibility is limited. MPLS offers limited visibility about the network. A separate solution is often required to achieve that level of visibility required.
Poor performance. From a performance perspective, MPLS provides a reliable, fixed level of bandwidth. With a continuously expanding volume of data being generated by modern networks and devices, many organisations are leasing MPLS connections to manage increased workloads. However, the organisations are encountering the risk of constrained connectivity, particularly as the connection cannot understand the nature of the traffic and adjust accordingly. Also, while all traffic needs bandwidth to function, some applications – such as voice and video – have latency requirements that require continuous monitoring. When several applications are running through the same connection tunnel, latency-sensitive traffic needs to be prioritised, which requires application recognition, traffic shaping, load-balancing and prioritisation of different connections. MPLS is not capable of doing this.
SD-WAN Pros Cost effective Improved SaaS performance Simplified QoS Centralised SaaS service for administration Carrier agnostic Unified security Not dependent wholly on MPLS More protection
MPLS Pros Guaranteed performance for real-time traffic Reliable connection when deploy with redundant paths.
SD-WAN Cons Relies on the public internet Requires the right skillset
MPLS Cons Predetermined routes need to be configured by Telco. Bandwidth can become expensive Complex to manage Visibility is limited Performance degradation with increased traffic Difficult to source single global provider Doesn’t support direct access to the cloud from the edge.
What’s best for my business?
What’s best for my business- is a difficult question to answer. Selecting the right solution depends on what environment you’re working in, where your business applications are hosted, where your users are connecting from and what the specific needs of your business are. Each technology has a different role to play; finding the balance is key. MPLS functions in a predictable way, thus guaranteeing time-sensitive traffic is delivered on time at the trade off to lack of flexibility and increased costs. From cost and agility to the ease of use and scalability, an organisation cannot underestimate the benefits of SD-WAN. If organisations are using more advanced cloud-based applications and workflows become more complex, the more flexible and dynamic connectivity they require. SD-WAN is the clear winner.
When should organisations shift from MPLS to SD-WAN?
Organisations should consider deploying SD-WAN when;
They want to upgrade their bandwidth.
They are looking after a more flexible arrangement as they come out of contract with their ISP
They are looking at using more cloud-based services
They want to improve their security, agility and visibility within their network
They are looking at improving application performance
