In comedy, unexpected actions make for good fun. The pratfalls. The eye pokes. But in networking, the unexpected is hardly funny. And yet it was the antics of the Three Stooges that came to mind as I reviewed the results of Cato Networks\u2019 latest networking survey.\nThe survey canvassed more than 700 enterprise IT buyers from around the globe about the drivers and challenges facing their networking and security deployments. What we observed serves as a promise and warning for anyone considering SD-WAN.\nSD-WAN is supposed to be the answer to network complexity. And like any good slapstick setup, we can almost see how SD-WAN meets that objective. As an overlay aggregating traffic from MPLS, broadband and any other underlying data transport, SD-WAN hides the complexity of a building a network from multiple data transports. Policies provide the intelligence for SD-WAN to select the optimum network for each application freeing IT from making those calculations and changes manually, if that was even possible.\nBut here\u2019s the thing, SD-WAN only simplifies networks if we don\u2019t consider the rest of today\u2019s enterprise. Add in threat protection for securing branch offices and private backbones for ensuring predictable application delivery, and complexity becomes a major challenge for today\u2019s SD-WANs.\nWho we surveyed\nThe survey asked 1601 respondents about the drivers and challenges facing their networking and security deployments. Of those 1606 respondents, we focused on 713 respondents whose organizations ran MPLS backbones. A range of industries were represented with telecommunications, computers & electronics, and manufacturing being the most popular sectors. More than three-quarters of respondents came from organizations with at least 11 locations, and more than half (57 percent) indicated their organizations had between two and four physical datacenters. Respondents were asked a variety of questions relating to the drivers and challenges they faced with in it today with an emphasis on networking and security.\nComplexity: the real problem facing IT\nWhat we found was the complexity of today\u2019s networks to be a common complaint. It wasn\u2019t necessarily called out that way. Respondents often pointed to the symptoms underlying cause of complexity.\nAs we looked at the primary networking challenges for 2018, for example, 39% of respondents ranked "equipment maintenance and updates" as the number two challenge and 35% of respondents made \u201cmanaging the network\u201d the number four challenge.\nThe same was true in the security domain. More than a third (39%) pointed to the \u201ccost of buying and maintaining security appliances and software\u201d as their primary security challenge in 2018. The same is true for \u201cenforcing corporate security policy on mobile users,\u201d which was made a primary security challenge by 34 percent of respondents.\nYears of tactical decisions have led to the deployment of discrete management and connectivity tools. The result is a \u201ctechnical debt\u201d that complicates everything from provisioning new users to delivering new services. Additional tool for managing and connecting to the cloud, and others for managing mobile users, have further complicated our networks.\nAll of which has a level of complexity that we often take for granted. Think about it. Adding a new application to enterprise networks requires numerous configurations just to deliver the service. More bandwidth might be needed from the underlying MPLS network. WAN optimizers, if installed, need to be configured properly, often checked to be sure they won\u2019t interfere with the application. Depending on how you handle security, ports might need to be opened and with open ports, comes the need for threat protection requiring changes to your NGFW and IPS.\nAnd that\u2019s with just one application on one network. Many enterprises have a mix of MPLS and Internet-based VPNs, security appliances and more. Complexity truly is the enemy of good engineering.\nEnterprise are looking at SD-WAN for help with managing that network complexity. Half of the respondents indicated simplifying the network or their security infrastructure will be primary use cases for SD-WAN in 2018.\nAt the same time, and here\u2019s the slapstick trip, SD-WAN implementations are hardly simple enough. SD-WAN introduces an abstraction layer that needs to be managed along with the underlying data service. Done right that can make networks simpler, more agile. But it raises concerns for enterprise buyers. A quarter of respondents planning to deploy SD-WAN indicated \u201cadditional complexity\u201d as a primary barrier to further investment.\nIn fact, as we looked at the enterprises who deployed SD-WAN complexity continues to be a challenge. Respondents also had complexity concerns with SD-WAN vendors and providers. Overall, 30% say SD-WAN appliances are too complex followed by SD-WAN services (23%).\nSD-WAN\u2019s complexity crutch\nTo some extent, that\u2019s understandable. Deploying an appliance, yourself (do-it-yourself or DIY) is always more complicated than purchasing a managed services. But any complexity isn\u2019t a requirement for SD-WAN. The real problem comes when SD-WAN is taken in context with the rest of the network.\nSo much of SD-WAN\u2019s benefits \u2014 cost savings, shorter deployment times, and better cloud performance \u2014 stem from leveraging direct Internet access. But to connect branch offices directly to the Internet, they must be protected from Internet-borne threats. And while traditional SD-WAN architectures claimed to be secure that was only in the sense that they established encrypted tunnels between locations. They lack the next-generation firewall, security web gateway or IPS\/IDS capabilities to protect the perimeter.\nFactoring security into SD-WAN complicates network configuration and troubleshooting significantly. Additional security appliances or cloud-based services are needed at branch locations. Operations teams must jump between SD-WAN and security management interfaces to configure users. Troubleshooting is made more difficult. And with data fragmented across multiple domains, spotting the indicators of potential threats is made more difficult.\nSecurity and SD-WAN belong together. And while integrating external security appliances doesn\u2019t address the full problems, the plethora of partnerships between SD-WAN and security vendors attest to the importance the market places on converging the two domains.\nRespondents would agree. The vast majority (81 percent) of respondents deploying SD-WAN in the next 12 months, identify \u201cprotecting locations and the site-to-site connections from malware and other threats\u201d as a \u201ccritical\u201d or \u201cvery important\u201d priority in their SD-WAN decision making.\nFocusing only on the simplicity engendered by SD-WAN tells half the story. Security agility must be considered as well. By tackling both \u2014 network and security agility together \u2014 organizations will reduce the complexity that constrains today\u2019s networks. And that\u2019s no joke.