Wrangling WAN Costs

After two years of keeping up, WAN managers take audit

For most of the past two years corporate wide area networks have been put through the wringer. Hybrid and remote work and the acceleration of digital transformations pushed applications to the cloud and performance to the edge at rates no one could have predicted. Vulnerabilities to bad actors suddenly altered and expanded.

All things considered, those corporate WANs seems to have held up pretty well. Rather than showing any signs of collapses, findings from Aryaka’s latest Global State of the WAN report suggests issues pertinent to hybrid working and edge accessibility and performance have remained steady or improved since the world changed in early 2020. But that has come at significant costs, and after what seems to be the brunt of the COVID storm, businesses might be ready to take closer looks at where they can regain some control of those costs and reallocate budgets to address more immediate priorities.

“A renewed interest in ROI was reflected in this year’s report,” said Aryaka researchers.

In the two prior State of the WAN reports, when IT and network decision makers were asked to consider the biggest challenges their organizations faced with their WANs, the top answers included the difficulties of managing new levels of complexity, slow performance of on-premises applications and poor access to cloud- and SaaS-based applications. The biggest drain on IT help desk and support teams were issues involving slow application performance leading to poor user experiences for remote workers and in branch locations.

What are the biggest challenges your organization is facing with your WAN?

  2022 2021 2020
High Costs 36% 20% 16%
High complexity/difficult to manage or maintain 30% 37% 37%
Slow performance of on-premises applications 26% 32% 32%
Slow access to cloud services and SaaS applications 26% 33% 32%
Long deployment times to bring up new sites 23% 29% 30%
Lack of adequate security 22% 28% 31%
Inability to properly support remote workforce 21%
Lack of visibility 18% 20% 26%
Poor voice or video quality 16% 23% 23%

Source: Aryaka

For the 2022 report, the percentages of respondents who cited such sentiments declined, at least somewhat, across the board. Even the number of respondents who cited “a lack of adequate security” remained even to declining during the past few years. Jumping ahead to the number one WAN challenge, meanwhile, was “high costs,” named by 36 percent of respondents to the 2022 survey compared to a mere 16 percent who cited high cost as a challenge in 2020.

That’s not to suggest WAN budgets are expected to be slashed in 2022. Rather, “enterprises are generally bullish on their budgets,” said Aryaka researchers. For networking, almost three-quarters of responding CTOs and IT and network managers and administrators expect budgets to grow by 10 percent or more, including a quarter which expect it to grow by 25 percent or more. The same applies for network security investment, with 72 percent expecting a greater than 10 percent growth, and 28 percent looking at 25 percent gowth or more.

And when asked about their top infrastructure priority for the year, six in 10 respondents cited a “compete WAN refresh,” suggesting a need for further investment in visibility and control after a few years of adding in new technologies, said the research report.

“Though budgets are expected to increase by 25 percent, both for networking and security,” said Aryaka researchers, “the focus on ROI implies that these increases must be spent judiciously.”

What are the biggest resource-consuming /time-consuming issues faced by your IT help desk or support teams?

  2022 2021 2020
Slow application performance leading to poor user

experience for remote and mobile users

42% 44% 47%
Slow application performance leading to poor user

experience in branch offices

37% 44% 43%
Accessing/integrating cloud and SaaS application origins security breaches 34% 36% 42%
Security breaches 31% 38% 38%
Issues caused by shadow IT 28% 14% 12%
Managing telcos/service providers 27% 34% 34%

Source: Aryaka

Cost issues, it turns out, were named among the biggest potential barriers to SD-WAN adoption, named by 29 percent of respondents. A lack of internal knowledge or skill sets was the top barrier at 31 percent. And for the first time in the annual survey, cost overtook complexity as the primary motivator pushing SD-WAN deployments.

One area that could be on the chopping block as part of WAN transformations could be on-site data centers. According to respondents of Aryaka’s survey, more than a third plan to eliminate all data centers and move to the public cloud within 12 months. Just more than half expect full elimination of data centers and a move to the public cloud within 24 months, and more than three-quarters of respondents have plans to eliminate at least some DCs and move to the public cloud.

MPLS could be another area eyed for cost reductions. Among respondents with MPLS currently in place, 46 percent expect to terminate some of their contracts in favor of a broadband internet or other technologies. About two in 10 have plans to terminate all MPLS contracts.

“Cost savings” also currently are viewed as the “biggest benefit” gained from a SASE deployment,

show survey figures, tied with “time savings” with 37 percent of respondents citing each. This despite the fact that only 7 percent of SASE adopters said cost savings was a primary reason for deploying or considering deploying SASE.

The expectation to reduce costs might become more common going forward. An analysis by Forrester Consulting on behalf of Cato Networks suggests the total economic impact of a Cato SASE deployment can lead to a substantial return on investment, largely due to the convergence of network functions and security capabilities and the ability to retire costly legacy systems.

For the analysis, Forrester combined the results into a composite organization based on the experiences and interviews of five Cato SASE Cloud customers. The decision-maker interviews and financial analysis found that a composite organization experienced qualified and unqualified benefits totally $6.09 million over three years versus costs of $1.76 million, adding up to a net present value (NPV) of $4.33 million and an ROI of 246 percent.

Prior to using Cato, the interviewees noted how their organizations struggled with managing security and network services, with dedicated teams for VPN, internet, WAN, etc., said Forrester. Managing those systems was time-consuming and costly, requiring individually managed updates at each site on the network.

After the investment in Cato, the interviewees managed the unified enterprise-wide network and security oversight from a single dashboard. Key results from the investment include reduced costs associated with maintenance allowing resources to be redirected to more value-adding activities such as system optimization, faster deployment of new sites and onboarding of new acquisitions and reduced costs from retiring legacy systems.

Which of these infrastructure initiatives will your company implement in 2022?

Network management and monitoring 69%
Cloud-based network management 67%
Complete WAN refresh 61%
SD-WAN 56%
SASE 48%

Source: Aryaka

The composite organization is headquarters in the United States, with 20 additional sites in the U.S., 15 sites in Europe, and five in the Asia Pacific region. Additionally, the composite maintains four data centers (two on-premises and two cloud-based) in the U.S.; three data centers (one on-premises and two cloud-based) in Europe, and two cloud-based data centers in Asia Pacific. There are 1,500 remote users in Year 1, growing to a total of 61 offices and 2,100 remote users by Year 3.

The brunt of the positive return comes via reduced operation and maintenance costs. The composite organization was able to redirect 10 full-time data engineers (FTEs) dedicated to operations and maintenance to more value-adding activities in Year 1. By Year 3, the organization avoids needing 12 more FTEs who would have had to manage the previous solution. The average fully loaded annual compensation for a full-time data engineer is $148,500.

“With our previous system, every time they released a firmware update, we had to go one by one to all the routers around the company and push the update to it. Afterwards, [we’d] make sure it’s back up and running because sometimes it causes issues,” said one IT team manager interviewed by Forrester. “There was a lot of work involved for each device, and it was quarterly at a minimum. With Cato, because it’s a hosted solution, it’s all in one place. Our time to maintain and update the system and everything was reduced to almost nothing.”

All of the interviewees continued to expand the number of sites deployed on Cato, and all reported that the reduced time to configure was an important benefit. According to the director of technology for an advisory, tax and assurance organization – assuming his network and security had the gear they needed to deploy – what was once a 20-hour investment per site “now is probably less than an hour.”

Total Benefits, Composite Organization, Cato SASE Cloud

Benefit Year 1 Year 2 Year 3 Total Present Value
Reduced operation and maintenance cost $1,410,750 $1,551,825 $1,692,900 $4,655,475 $3,836,901
Reduced time to configure $0 $27,702 $27,702 $55,404 $43,707
Savings from retired systems $769,500 $894,900 $1,020,300 $2,684,700 $2,205,699
Total benefits (risk-adjusted) $2,180,250 $2,474,427 $2,740,902 $7,395,579 $6,086,307

Source: Forrester, Cato Networks

Forrester estimates that the existing solutions, on average, required network engineers approximately 40 hours to complete a deployment. The average fully loaded compensation for a data engineer is $74 per hour.

Further cost containment came from the ability to retire expensive systems and hardware in favor of SASE components. Commonly retired systems included traditional edge routers, perimeter next-generation firewall (NGFW) appliances, intrusion detection system (IDS), intrusion protection system (IPS), and multiprotocol label switching (MPLS) systems that can cost as much as $1,100 per site per month.

“We don’t need to go invest in those other solutions because the Cato transport with the intelligence and the security layer does everything we need it to do,” said one responding director or technology.

“I think the biggest cost saving was the internet lines, the T1 voice lines,” added an IT team manager. “We disconnected all of those because we don’t need [them] anymore. It’s about $1,100 per site times 80 a month.”

For WAN executives who have spent the last two years investing in the resources to keep up with office shutdowns, digital transformations and shifts to the edge, these stories of saving money through SASE surely must sound like music to their ears.

By Martin Vilaboy