SD-WAN was the breakout technology of 2016 with several venture-backed providers hitting the marketplace. As IT organizations move increasingly more information into the cloud, CIOs are still concerned with securing and accessing sensitive company data.

What is SD-WAN?

Image courtesy Cato Networks

A software-defined wide area network (SD-WAN) is a use of software-defined networking (SDN) to direct, filter, and monitor activity for wide area network (WAN) connections and link enterprise networks over large physical distances. WAN connections are traditionally handled using hardware such as routers configured using command-line interfaces, but SD-WAN works as a substitute for this hardware. The goal of an SD-WAN solution is to reduce WAN costs, increase performance, and work naturally with cloud-based applications for remote users on the network.

Many IT organizations use Multiprotocol Label Switching (MPLS) as their network protocol, and some might be hesitant to adopt SD-WAN when their current system seems to be acceptable. However, traditional WAN and internet setups were never designed to work with the cloud technologies commonly used by organizations today. If you are debating whether the transition to SD-WAN is the right move for your organization, here are some points to consider.


A standard internet connection frequently deals with data packet loss and is able to compensate for it at the expense of speed. This works for loading information from outside websites and sources, but it can cause noticeable performance loss for employees accessing cloud applications. If an employee has issues making an application work or is unable to get access to it, they can lose work time and your organization can lose revenue.

An MPLS protocol has its own issues with server access. If a connection fails, the MPLS will use a built-in fault tolerance protocol to attempt access on another line. If the databases working behind your application are not notified that a new connection has been made, it can result in the database falling out of sync. An SD-WAN solution can prevent this by routing traffic through different network links based on their level of performance and choosing the connection based on the priority of the application in use. It can also redirect traffic through other links automatically if a connection fails without causing the databases to fall out of sync.


An SD-WAN solution is only worth using if it maintains security as well as a known MPLS protocol. SD-WAN solutions typically provide very detailed policies based on which applications and/or users are requesting access, allowing for the implementation of very sophisticated access control tools. They can also allow traffic to some trusted sites to go unchecked while inspecting traffic to unknown sites. This approach ensures inspection is performed when needed but keeps performance high on any traffic that doesn’t need inspection.

Taking the first steps

It is possible to structure your network to use a hybrid between SD-WAN and MPLS. This means you can make a partial transition or roll it out in phases rather than needing to convert your network all at once. Before replacing existing hardware that performs acceptably, you can set up an SD-WAN solution to operate on part of your network or to interact with select servers and implement the policies necessary for that interaction. You can then test the new implementation for a time and work through any issues that come up before continuing to the roll out across the rest of your network.