A Conversation with Bernard Breton, CEO of Adaptiv Networks
As we head into 2023, we present you with excerpts from a recent discussion, Ashish Jain – Alynment Podcast Host & Producer and Adaptiv Networks CEO – Bernard Breton had about the SD-WAN market and several related trends. Here are the highlights of their conversation.
Talk to us about some of the top trends you expect to see in the SD-WAN market next year.
I do believe we will see further market consolidation. Security and network vendors will continue to acquire SD-WAN vendors. Smaller players will struggle to remain in the race. We will, in essence, see three market segments: small office solutions, which will be sold by small-scale MSPs; mid-market solutions, which will be sold through larger MSPs and CSPs; and finally, solutions for large enterprises, which will be sold directly to the enterprise, sometimes with an SI being involved.
We’ll start to see a little bit more with 5G and its increased capacity, as well as satellite technologies like Starlink, which will open the door for SD-WAN to be used in places where SD-WAN is potentially neglected. We’ll see 5G plus Starlink in areas where fiber is not available, increasing the use of wireless space for years to come.
Will SD-WANs with security (i.e., SASE) dominate sales compared to traditional SD-WAN offerings?
Standalone SD-WAN will continue to dominate, but SASE capabilities will be considered in the decision making process when selecting an SD-WAN vendor. I would expect 80% of the sales to be stand-alone in 2023.
What vertical do you see as likely to expand take-up of SD-WAN significantly in 2023?
No specific verticals will focus (or not) on SD-WAN. It’s more about the network topology than the vertical market. That being said, I think that some regions, such as Latin America and Africa, will start to see increased SD-WAN activities.
What’s leading you to believe these regions will see a surge in SD-WAN?
In places like the US, Canada, and Europe, where SD-WAN is flourishing, it’s less about reliability and quality as those are already inherent in the networks. With other regions, the quality of the network is not always so high.
That said, there are three reasons why I expect to see SD-WAN begin to flourish in Latin America, Africa, and parts of Asia. One, the existing network quality is less reliable, of lower quality. Two, the infrastructure is outdated and more in need of an upgrade. Three, there is very little SD-WAN penetration in these markets to date.
Will we see many companies finally curtailing their use of MPLS?
No, I do not see that happening in most cases. The price of MPLS has gone down, and it does serve a purpose for businesses with private networking requirements, as nothing beats MPLS from an inter-site latency perspective. It will therefore continue to play a role. Where it will disappear is when a business does not host any internal services and relies 100% on the cloud.
Where do you see the market going for managed vs. do-it-yourself (DIY) SASE?
I see no market for DIY SASE. If you are large enough to “DIY,” then you have data centers, and you will deploy security solutions there.
What do you foresee happening with the work-from-home market?
I think that this market is largely nonexistent when it comes to SD-WAN with devices. There is a need for “better VPN” for the remote workers, and this market will continue to grow, especially with SASE becoming a reality.
Will AIOps play a more significant role in increasing SD-WAN automation?
Not for the market we address. For the enterprise market, I can see this happening. Personally, I see SIEM and/ Automated Response as being rather important topics that are nicely coupled with SASE. I also see more and more telcos & large MSPs having a need for service orchestration.
What kind of role will SD-WANs and SASE need with the growth of the IoT market?
The four major tenets of SD-WAN are reliability, security, quality, and manageability, those are also true for SASE. However, there are challenges for security with IoT. With SASE, there’s an implied notion that ZTNA is built into the model. With the IoT market, that can be quite difficult to do as you don’t have a mechanism for authentication built into the model, especially for older devices. It’s tough to build ZTNA with IoT devices.
We might have to rely on other technologies like MAC addresses as a proxy for authentication and/or use changes in baseline patterns of transmission to isolate devices that are changing their kind of behavior because that might represent a compromised device.
I think the IoT market is going to drive some key capabilities that are not yet in SASE, such as traffic baselining, analysis and deviation, and AI-based traffic analysis to identify potentially suspicious devices.
You mentioned ZTNA – Zero Trust Network Access. What other security features do you see as critical to cloud-security adoption? What are table stakes?
ZTNA is not the most important one.
Malware detection and protection provides a shield between the internet, where the malware lives, and the office, where the malware wants to be. In my view, malware detection and protection is the most important capability in any SASE solution.
Malware detection has to be divided into known malware and unknown, the famous zero-day attack. Malware detection from known threats is reasonably easy. Where it gets harder is for unknown threats. SASE brings a unique proportionality to do full-content detection and apply AI to it, providing a robust zero-day coverage for malware, which is something that’s really hard to do in firewalls because that requires a lot of compute. In general, I would say SD-WAN and SASE because it brings security to the cloud, and you can mutualize across multiple customers; you are able to do things at a price you wouldn’t be able to do in an on-prem firewall at a given price point. So there’s a price advantage, and let’s not forget the simplicity it brings—the whole notion of not having to change your devices because you need more bandwidth. The added service model also brings a lot of value for both SD-WAN and SASE. Probably more so in the context of SASE. Let me give you an example. Let’s say you bought firewalls with full UTM (Unified Threat Management) capability for 1 Gbps. Then suddenly, you have an application that needs double the throughput. You have to throw your firewalls in the garbage and buy new firewalls. On average, a business doubles its bandwidth every 24 months. Does that mean you buy a new firewall every 24 months? If that’s the case, it’s going to be pretty darn expensive, or you’re going to suffer the limitations of your firewall. The beauty of cloud-based is that it doesn’t matter. If you go from one Gbps to two Gbps, you just flip a switch somewhere. That’s it. There’s nothing to be done in terms of your firewall.
I would put ZTNA in the next tier.
It can also depend on which market you’re discussing. For a large enterprise, browser isolation is a very interesting capability. For smaller markets, it’s not very relevant.
URL filtering is very important, as is application visibility for shadow IT management – more on the SD-WAN than SASE but kind of in-between. Also, analysis of variation of data patterns because that can definitely represent suspicious attacks.
These are lower priorities than malware detection because if you’ve blocked the malware well, then you have already done a big part of the job.
Are VPNs being replaced by SD-WANs, or will they co-exist in the future?
ZTNA replaces the need for VPNs, which is a component oF SASE. If you deploy SASE with ZTNA, which is table stakes, that effectively replaces the need for VPNs.
Do you look with optimism on the future of SD-WAN technology?
SD-WAN is here to stay. The notion of correlating the data plane and the control plane makes a ton of sense. It enables an organization to manage the network irrespective of where the underlying network is. The four tenets of SD-WAN, again, are reliability, security, quality, and manageability, and it is simply making networks better. If I were to draw a parallel, I would say… does it make sense to have computers on board cars? Maybe 20 years ago, people were debating whether that made sense. Nowadays, you can’t buy a car without an onboard computer. It will be the same for SD-WAN. It just becomes so logical that you have a platform to manage, in a virtual manner, your network. The days of configuring routers through CLI and hardcoding stuff – that doesn’t make sense in the context of the future.
For me, SD-WAN is here to stay. Now, it will evolve, it will have more and more capabilities, it will bring additional capabilities. SD-WAN and security will become one. In fact, largely, SD-WAN is becoming that Edge intelligence point that is providing the enterprise with a number of value-added services, which will either be cloud-delivered or delivered at the edge, depending on the nature of the service. Now whether that continues to be called SD-WAN in the future – that remains to be seen. I see SD-WAN effectively as additional services on top of bare-bone networks. For example, we talked about network trends, baselining and analysis of that. That’s not something that any SD-WAN vendor offers today. I believe that will become somewhat of a de facto capability. I do believe that more and more of the SD-WAN vendors will embed network performance management capabilities in their platforms.