The vendor last month unveiled a technology partner program designed to deliver a “security ecosystem” for SD-WAN. Fortinet, IBM Security, Check Point Software and Zscaler are among the initial participants.
Channel Partners spoke to Mike Wood, VeloCloud’s vice president of marketing, to get his insight on his company’s security strategy and the activities in the SD-WAN industry.
The Q&A transcript has been edited for length and clarity.
Channel Partners: This has been a project that was in the works for a long time. What kind of feedback led to this program?
Mike Wood: On the API side, the feedback we were getting early on was very positive in terms of, “Hey, you’ve got this full suite of APIs. Anything that you can do on your own orchestrator, we can do with our system also.” For example, Windstream and MetTel and a few others have designed against this. Part of that feedback was, “It would be nice if there were packages that we could leverage instead of having to go through and decipher the entire API and sift through that.” It was through that feedback that we created the SDK [software development kit], to be honest. Having many APIs is great, but the SDK gives these modules that these vendors and channel partners can use to develop … that was one piece of feedback.
Another piece on the VNF side — is that I would say there probably isn’t a security vendor out there that isn’t talking about or at least has a road map for getting to a VNF. Some of the feedback that we got early on from the folks that we’ve been working with is — there [are] a couple of different models that they would like to be able to entertain. One model is where they run with our environments and our framework. But also most of them would like to have a model where they can bring together the VeloCloud SD-WAN into their framework as a VNF. That was something that we definitely needed and worked to create an extensible framework that could be applied not just to our environment but also to other environments, in addition to the ability to port this to third-party virtual CPEs. It’s no secret Juniper has their own virtual CPE model, and AT&T is at least in part standardizing on that. We’re running on the FlexWare model for AT&T, so therefore we must be running within that Juniper framework, so that’s a good example of that.
On the cloud side, one of the drivers there has been, Zscaler and VeloCloud, for example, both work very closely with AT&T. And AT&T – one of the drivers for them was seamless integration of the two solutions and offers to the point where – ideally within their dashboard, you can go in and activate SD-WAN and light up secure web gateway services, and it will look like a single solution from one vendor. That was another piece that we really had to focus on; how do we create that seamless integration?
CP: Could you take me through some of the main concerns that surround security as far as it pertains to SD-WAN?
MW: One concern is the idea of protecting data, and having the ability to selectively decide whether or not data should be encrypted or not. That’s been one of the concerns that surfaces. For example, in a hybrid model, businesses are sometimes still comfortable with the level of security that’s available with MPLS. Even though there’s no encryption that happens with MPLS and MPLS is considered to be a VPN, businesses oftentimes will decide they don’t necessarily want to encrypt the data that goes across MPLS, but they do want to encrypt the data that goes across the public Internet. The second issue around security in SD-WAN has been the idea that SD-WAN has got phenomenal, compelling value propositions to IT and to the business (decreasing the cost, decreasing the complexity, leveraging broadband Internet as a reliable transport option and interfacing and taking that control of cloud services and performance), but in almost all of these businesses, there is already a security profile, if you will, where the SecOps team has gone in and already done an extensive amount of work on what the security profile needs to look like for the business. Oftentimes when you go into these environments, you discover that you can have the greatest SD-WAN solution in the world, but if it doesn’t have the ability to marry with the existing security profile that the business has with limited or few changes, it becomes very difficult for the IT network operations team to move forward and have SD-WAN implemented.
In addition to that, oftentimes we’ve seen there’s a tendency for the SecOps team to standardize on certain vendors or certain products or certain attributes. Universal threat management might be Fortinet and data-leak protection might be another vendor altogether, and they also want to use secure web gateway from, maybe, Zscaler. Oftentimes, there’s a mixed, best-of-breed model that they using to deliver that, and they’ve chosen specific vendors, because of specific capabilities or requirements.
CP: There have been many reactions to Cisco’s acquisition of Viptela. What trends does that signal, and where does VeloCloud fit into those trends?
MW: As recognized by industry analysts, VeloCloud is the market leader by number of revenue-paying customers in the SD-WAN market because of our unique architecture and success with both enterprise and service-provider customers. We continue to grow strongly and remain independent by choice in a market that is expected to reach $6 billion in three years.
In the short-term, this acquisition will create a market opportunity for VeloCloud and our service provider and channel partners as Cisco sorts out three competing product lines and five unique management systems. In the long term, we firmly believe that our architecture, our business model which enables the “unboxing” of the network, and the movement of on-premises functions to the cloud will prevail.