Can Cloud native WAN deliver the same levels of security and application performance as MPLS?
By Gavin Smith
MPLS is a $27 Billion industry that has been around since the early 2000’s and whilst new technology has brought us the increased bandwidths demanded, the twenty year old technology has not evolved and carries with it a few myths that help it survive the onslaught of cloud computing and high speed Internet connectivity of today.
Telcos will continue to utilise MPLS across their backbones for years to come, likewise, customers will continue to use MPLS as datacentre or critical office interconnects to tackle the high levels of data processing, but even the number of in-house datacentres will start to be questioned as the dominance of cloud computing continues.
Security is frequently quoted as a reason to continue using MPLS as it is assumed that the private non-IP based VPN architecture is more secure and resistant to the IP based denial-of-service and intrusion attacks regularly seen on the public Internet.
Rather than more secure, MPLS should be seen as a routed network that creates the feeling of private by directing data through a labelled path assigned to each client, but while it does not utilise IP, the edges of an MPLS network will almost always incorporate IP services. Couple this with a client’s current needs to deliver central access to cloud & web services, and we begin to see a similar exposure to the same dangers as the Internet, albeit security is not managed by the customer and potentially presenting an increased risk.
Today, data visibility, analytics and control are key prerequisites for an organisation to transform and secure the changing geography of the accessible IT services that it needs to deliver to its users. MPLS, the terminating technology associated with it and the Telcos managing the environments, have disappointed in that they have not been able to deliver what is fundamental to making informed decisions about how users are accessing applications.
To provide an effective WAN strategy over MPLS, technology needs to bring together all network and security functions as one, into a centralised service model that can incorporate better data, access visibility and security protections than MPLS can offer us today.
So now we have established that MPLS is only classified as more secure until it is exposed to public services, it is now possible to consider SASE (Secure Access Service Edge) as a WAN infrastructure, that is able to respond to the needs of today’s digital business and converge enterprise security and networking into a more secure identity-driven cloud service.