Shangri La.

In the performance and cost driven world of secure SME networking and connectivity, perfect solutions delivering desirable technical options at a realistic price, without obstacles like unrealistic set up or management overhead – are thin on the ground. The ability for SMEs to connect networks and devices securely and efficiently across multiple locations, however, is a challenge in need of just such a solution.

This is not simply a matter of facilitating agile working and remote connectivity, or meeting high bandwidth demands. It also encompasses the critical issues of network security and data integrity, too. The rapid expansion of the IoT, along with the proliferation of mobile devices and increased reliance on cloud-based applications, adds further layers of complexity. Traditional solutions like VPNs have served their purpose, but are now limited by scalability and flexibility, and by the complexity (or infeasibility in the case of IoT) of integrating a diverse range of devices and services.

Data sovereignty and security loom large, too. When breaches are not just inconvenient but potentially catastrophic, the integration into a secure network framework of devices such as IoT sensors and security cameras, that inherently lack VPN support, and the secure connection to cloud-based applications, are pivotal concerns.

“We’re good”, I hear some of you saying, however. “We’ve bought SDWAN. I can move on.”

Well… not so fast, would be my suggestion. SDWAN comes with its own limitations, and we’ll get to those in a moment… along with looking at the revolutionary approach to seamless, secure, and efficient connectivity that truly addresses the needs of today’s SME business.

Let’s start with some background.

VPNs have been a cornerstone of connectivity since the early days of the public internet. Designed to bridge disparate networks across cyberspace, they’ve served dual functions: establishing secure network routes using tunnels that also encrypted traffic to ensure data privacy and protection against interception.

This dual capability did address a fundamental need for security in an increasingly interconnected world. However, as the digital domain expanded, the limitations of traditional VPNs became clear. VPNs require either software or hardware to create the encrypted tunnels. Their setup is likely to incur additional work, as well as potentially requiring more complex, VPN supporting, devices. In the case of a large IoT estate, it may also create the need for extremely low cost devices, making minimal power consumption demands. In addition, as the need for network connectivity scales, the management overhead associated with maintaining VPNs escalates exponentially.

Enter SDWAN, a more up to date response to the cumbersome VPN management overhead. SDWAN simplifies the management of network connections and improves efficiency. However, this advancement comes with its own challenges. SDWAN solutions usually involve significant costs, including vendor-specific hardware, software subscriptions, and the need for dedicated hardware. Furthermore, SDWAN’s reliance on proprietary software introduces compatibility issues with devices on remote networks, such as IoT sensors and gateways, that cannot run these applications. This raises doubts about the inclusivity of SDWAN, particularly when one needs to consider access to cloud-based applications and the integration of increasingly prevalent IoT devices within a secure network framework.

It’s this backdrop of not wholly satisfactory network connectivity solutions that frames today’s pressing need: a comprehensive, scalable, and secure networking solution that addresses the limitations of both VPNs and SDWAN. A solution that reduces the setup and ongoing management overhead for IT teams, minimises costs, and embraces the full spectrum of devices and applications integral to SME business now and moving forward, as IoT becomes ever more ubiquitous.

Debunking the cost and complexity myths surrounding Private WAN.

The concept of Private WANs for SMEs has generally met with scepticism, primarily due to high costs, management complexity and a lack of flexibility, especially when considering the integration of cloud platforms and mobile devices. But the UK’s connectivity landscape actually challenges these chestnuts.

• Cost efficiency: The notion that Private WANs, specifically for SMEs operating on a national scale within the UK, are prohibitively expensive is false. During the setup phase, while VPNs may indeed involve lengthy and costly setup by an organisation’s own IT resource, MPLS networks, set up and configured entirely by the ISP, do not. And where global networks may incur significant costs because of interstate or intercontinental connections, the price of circuits within the UK is relatively uniform, whether for internet access or integration into a private network – such as MPLS. In fact, as MPLS eliminates the need for specialist on-site hardware and ongoing subscription licenses, too, it offers an extremely cost-effective solution for SME businesses.
• Management simplicity: A key drawback of Private WANs has been the management overhead, requiring significant in-house expertise. However, with an MPLS network, businesses no longer need to invest heavily in internal resources for network management, as the ISP takes on responsibility not only for set up, but also for ensuring operational performance and security.
• Unprecedented flexibility: Contrary to the idea that Private WANs offer little or no flexibility, any circuit type can be integrated into the network, including Ethernet, broadband, and mobile connections. Leveraging our status as an MVNO (Mobile Virtual Network Operator), my colleagues at Spitfire can directly connect mobile devices into our MPLS network. This extends its reach, incorporating a wide range of devices and sites effortlessly.

The process for expanding the network or adding devices has been streamlined to a remarkable degree. With no configuration work whatsoever required from an end user company’s (or reseller’s) IT staff, the system is essentially plug-and-play. This not only results in massive time and cost savings on setup, but also for ongoing maintenance and expansion. Adding a new site or device is as simple as ordering the connectivity service, which is then seamlessly integrated into the network by our engineers at Spitfire.

The security and integrity of the network are uncompromised at any stage, with all communications private and not traversing the internet. This setup, coupled with a resilient and feature-rich firewall solution, ensures a secure perimeter for the network, addressing the security needs of today’s SME business without the burdens of traditional network management.

Affordable and easy to manage. The new age of Private WAN.

In addressing the challenge of establishing a robust, Private WAN without the traditional barriers of cost and complexity, MPLS networks are the way forward. The core of the approach, exemplified by our ‘Spitfire One Network’ solution, is an MPLS network designed for today’s SME business landscape. Agile, scalable, and most importantly, accessible, the MPLS solution dispels all those myths of the complexity and expense of private networking, and offers a streamlined and cost-effective pathway to secure, reliable, and private connectivity.

How the ‘Spitfire One Network’ MPLS Private WAN works.

At the heart of Spitfire One Network, sophisticated use of MPLS technology creates a unified private network. This enables seamless connection of all of a company’s sites and mobile devices within a singular, secure network environment, effectively making geographical distance irrelevant. With every aspect of the set up and configuration taken care of by Spitfire, the effect is as if every device, regardless of its physical location, were situated within the same building, operating under the same secure network umbrella, without any data traversing the public internet.

Key to this solution is its ability to integrate fixed lines, such as Broadband or DFE, with mobile connectivity. This ensures that mobile devices are as much a part of the network as fixed-site locations, providing a level of integration and security traditional networks cannot match. On top of this, the direct connectivity capability extends the network to encompass cloud platforms like AWS and Azure. By establishing direct links, these platforms essentially become additional sites on the private network, extending its scope and functionality without compromising security.

To add internet access, Spitfire One Network simply uses FWaaS, ensuring all traffic, regardless of origin or destination, is screened and protected. This eliminates the need for open internet ports between sites, significantly reducing the network’s vulnerability to external threats and breaches. Office users, mobile users, and devices can securely connect to cloud services, with the assurance that communications remain private and protected.

As well as maximising security by eliminating internet exposure the FWaaS architecture, providing a single pane of glass for all perimeter security, streamlines the management of network security, delivering a comprehensive, secure networking solution every bit as cohesive as that offered by SDWAN.

Picturing the One Network solution in action.

For an illustration of the value of an MPLS Private network solution like Spitfire One Network, imagine the challenges of integrating CCTV and smart building systems across diverse environments.

Within a typical office setting, all components are LAN-based, securely monitored and managed via a platform that may be located within a public cloud such as AWS. In our set up, all of this, from cameras to door entry systems to the AWS based management application, connects through Spitfire One Network, ensuring private and secure communication without exposure to the public internet.

Now let’s expand this scenario to a third party providing security monitoring services to their customer. To maintain the integrity of the customer’s LAN and ringfence the security network, these services operate on an isolated network and through separate circuits or mobile gateways, ensuring the customer’s core network remains uncompromised.

The full versatility of Spitfire One Network becomes apparent in scenarios like managing security for a construction site’s gate. Here, a SIM-enabled camera or mobile gateway directly connects to the MPLS network, streaming video to AWS without data traversing the public internet. This not only simplifies the deployment and management of remote security devices, but also significantly enhances security.

This example illustrates how Spitfire One Network provides complete control over the data path from device to cloud. All information remains within a controlled, secure network environment, showcasing the solution’s unparalleled security and simplicity.

The way ahead for SMEs and private networking.

The perception of Private WANs as cumbersome and financially impractical is laid to rest by MPLS solutions like Spitfire One Network, which make private networks cost-effective and highly flexible, and so perfect for SME business.

Add to  this the transformative potential of introducing mobile connectivity into the mix. This greatly expands the practical applications of the network. For example, in sectors requiring mobile surveillance, adding body cams to this kind of solution is seamless. The devices can securely transmit real-time video directly into the private network, ensuring data remains protected while offering real-time operational insights. This not only extends the network’s utility but also solidifies its role as a versatile tool for a multitude of business applications.

With the Spitfire One Network, we have been able to address all conceivable data security concerns through robust, MPLS-based architecture. This is testament to the evolution of Private WANs, embodying a solution that is not only accessible but indispensable for businesses aiming to secure their communications and data in an increasingly interconnected world. With its unparalleled flexibility and security, and setup carried out entirely by Spitfire, Spitfire One Network points the way for any SME needing to navigate the complexities of today’s networking.

As published in Security Matters, April 2024