Finance and healthcare technology organizations must connect to remote (or “edge”) data to drive value in their applications. This data resides in private networks, usually owned by third parties, and is subject to rigorous compliance requirements.
The traditional solutions, VPN and MPLS, present substantial challenges to a modern SaaS provider. For companies who have scaled these solutions from dozens to thousands of connections – or have considered doing so – the challenges below are all too familiar:
New customer setup is an ongoing battle. Integration to customer networks is difficult and expensive. Client on-site technical skills and requirements vary widely. Weeks or months are required to buy, ship, configure, and test devices and connections.
Target’s well known breach was a failure of similar technology.
Implementing and managing security on a fleet of devices is time consuming and requires advanced skill sets, especially at scale, and especially when trying to implement a unified, clear, and enforceable security policy and posture across the connections. Too often ACLs go unapplied, and it is difficult to understand and control traffic types and permissions at any level of granularity.
Federal, State, and private regulations mandate labor intensive tasks and expensive tools in order to comply. This is difficult enough by itself, but when that compliance posure must be extended to hundreds or thousands of data sets at the edge of the network, it becomes daunting. Often, there is limited visibility and control for compliance purposes at the “edge”.
Many hardware providers require replacement of VPN devices through “end-of-life” programs on approximately 5 year cycles. These refresh cycles drive not only capital costs, but implementation, configuration, and management cost increases, especially at scale
Hardware Defect and Warranty Issues
It is not uncommon that hardware components suffer manufacturing defects which require costly replacement of units in the field. While many costs are covered by manufacturers, the burden of replacement and re-configuration rests with the customer. Unanticipated hardware failures at remote sites degrade service and result in missed SLAs.
Building a network that can accommodate SLAs common to modern cloud deployments and demanded by customers is very complex. High availability solutions at the edge become constrained by hardware device redundancy and configuration management. Ensuring predictable SLAs all the way to the edge is difficult.
Capital and Operating Cost
Secure and highly available networks are expensive. Hardware, licenses, warranties and ongoing labor costs for management and administration comprise a very significant part of IT budgets. These costs, whether borne by the provider or by the end customer, are direct detriments to bottom line performance. Diverting highly paid staff to implement and manage these networks represent an opportunity cost of lost time that could be spent on higher value technical activities such as innovation.
Time To Market
It can take weeks or months to stand up new sites. Time spent in this phase of the deployment can slow new customer turn-up and revenue recognition. At rapid scale, this impact can be significant.
Cloud migration and application modernization can be inhibited by legacy infrastructure. It becomes difficult to realize the efficiencies of modern cloud deployments when the connectivity to the edge of those networks is burdened by 20 year old technology. Expensive and cumbersome workarounds are temporary band-aids that provide limited benefit.
Continued growth is at risk when operational tasks of a large scale network grow into operational problems. Skilled staff become fire-fighters. Uneven configuration management, uptime, and performance across the network drive up operating costs and result in almost constant hassles for support and engineering teams.