7 min read

How a software-defined branch network (SD-Branch) helps retailers innovate without business interruption.

The retail industry has come a long way during the last decade in its efforts to overcome the challenges of generational and technological shifts that have been disruptive to the business. In order to stay competitive while catering to new generations of hyper-connected shoppers, retailers are being pressured to constantly innovate. Online ordering, in-store beacon technology, cloud POS, omnichannel retail platforms, and digital menus and signage, are part of the evidence of those innovations taking place. We’ve seen the advent of self check-out, RFID technology, and digital wallets, plus we’ve got accustomed to guest Wi-Fi at pretty much every retail shop.

Those risks are not to be underestimated by the tech-savvy retailer. A heavily leveraged store network that is increasingly reliant on optimal network performance and uptime is a disaster waiting to happen if it is not properly secured and monitored. The impact of complacency can seriously damage short-term revenue but also brand reputation and therefore, long-term revenue.

Four key challenges facing retail digital transformation

Security challenges

POS Systems, payment kiosks, cloud-connected security cameras, Voice-over-IP (VOIP) communications, vending machines, digital signage, office desktops, laptops, guest’s smartphones, wireless access points, firewalls, and other IT appliances, are all connected to the store’s network via Ethernet and Wi-Fi. IT sprawl at the store adds complexity to security management, and that complexity means increased risks of a breach.

Business continuity challenges

Network performance and resilience also suffer from the increase of connected devices and apps and subsequent growth of bandwidth demand that comes along with the digital transformation of the business. Quality of Service (QoS) is now a major concern. Also, in order to avoid store-and-forward of payments and prevent revenue loss, retailers find themselves with the need to preserve optimal uptime. Blackouts and brownouts not only affect short term revenue but may also impact long term one when the customer experience goes negative during business downtime.

Agility and versatility challenges

Digital transformation of the retail business can drive an increase in IT complexity and hardware sprawl at the store. It would not be surprising these days to find a closet full of appliances, cables and blinking LED lights at any given retail store. The reality is that most of that hardware goes under-utilized and is expensive to manage and provision. Frequent truck rolls are the norm and capital and operation expenses go up with each new gadget.

Stores connecting via broadband using Virtual Private Network (VPN) tunnels to other stores, to headquarters, or to a colocation, face the difficulties of managing those hub-to-spoke and spoke-to-spoke WAN configurations. Hybrid networks are complex to manage and secure.

Compliance management challenges

Payment Card Industry Data Security Standard (PCI DSS) compliance, although a basis where to start when building a sound cybersecurity strategy, gets challenged when new types of devices connect to the store’s network, such as IoT devices and innovative POS systems. PCI DSS is not a checklist, it is a minimum practice to manage. But the risk of exposure to vulnerabilities increases with every new type of device that connects from within the LAN. “Fear the hacker, not the auditor”, it’s been said.

SD-Branch helps overcome those challenges

What is SD-Branch?

SD-Branch, software-defined branch networking, is the next step in the evolution of branch technology and can be defined as a single hardware platform that supports SD-WAN, routing, integrated security and LAN/Wi-Fi functions that can all be configured and managed centrally via the cloud. The hardware platform is called by the industry as the “universal Customer Premise Equipment” (uCPE) and it is essentially a multi-functional edge appliance that delivers all-in-one connectivity and security services to a branch location. The uCPE is managed via an orchestrator, a portable web-based console, that runs in the cloud and enables the SD-WAN functionalities.

SD-Branch vs security challenges

The big advantage of a robust SD-Branch is the capability to deliver multiple security functions using a single device, the uCPE, installed at the branch. By connecting the uCPE between the ISP modem and the LAN, it is possible to see and control all the traffic that comes in and out of the network (note: not all SD-Branch solutions can deliver this capability). Deep Packet Inspection of all encrypted data, including first packet detection at layer 7 (app level), enables detection and response at the edge. A robust SD-Branch can see all the applications communicating within the LAN to the internet, and who they are communicating with.

Although an SD-Branch appliance can replace an on-premise firewall or Universal Threat Management (UTM) box at the store, it does not necessarily have to. It represents a new paradigm on how to secure the branch network and for certain types of businesses such as highly distributed ones with multiple small-sized locations, it enables consolidating functions into a single piece of hardware, reducing IT sprawl at the branch, and consequently reducing the exposure to cyberthreats.

SD-Branch vs business continuity challenges

The multicarrier cellular failover capabilities of a robust SD-Branch solution delivered via integrated modem is central to deliver the resilience and business continuity essential to a retail operation. When broadband connectivity fails, it becomes imperative to stay in business not just for the sake of avoiding revenue loss but also to keep delivering a positive experience to the customer. Cellular failover kicks in only when needed, whether during a blackout or when overall Quality of Service (QoS) drops below a pre-established threshold. The goal is to move from 99.9% uptime standard to the “four nines”: 99.99%. A positive by-product of instant cellular failover is avoiding store-and-forward transactions and potentially losing revenue: after all, who remembers that purchase from over a month ago?

The ideal uCPE for a retail use case includes an integrated modem and dual SIM for dual carriers. By integrating the cellular modem into the uCPE box and managing it via the cloud-based orchestrator, SD-Branch again reduces hardware sprawl at the branch and simplifies business continuity management. External modems are no longer needed and there is one less management console to learn and work with.

SD-Branch vs agility and versatility challenges

By consolidating multiple network and security functions into an all-in-one multi-functional device, SD-Branch reduces complexity and cost. It enables rapid service deployment and zero-touch provisioning, reducing the number of truck rolls to the location and calls to helps desk. By adding managed services delivered through the appliance, SD-Branch facilitates transitioning from a CapEx model to an OpEx model where services can be scaled up and down based on needs at the time. The total cost of ownership (TCO) is vastly reduced and retailers can focus on selling rather than troubleshooting expensive, and often under-utilized, network security appliances.

The ease and speed of deployment are one of the most valued benefits of SD-Branch by highly distributed businesses such as Quick Service Restaurants, C-Stores, and other types of franchises.

SD-Branch vs compliance challenges

SD-Branch solutions check many boxes when it comes to PCI DSS compliance. The ability to segment traffic is essential to ensure that credit card transactions are protected from untrusted traffic. Other features that go beyond PCI DSS compliance is the possibility to switch LAN ports in the uCPE to WAN and vice versa, and to close the unused ones to prevent rogue devices to be connected to the network via ethernet. An SD-Branch solution that caters to Retail, must offer the necessary add-ons to help retailers not just to demonstrate compliance but to go beyond the minimum and comprehensively protect their brands.

The future of Retail networks

SD-Branch is the future of retail network management. SD-Branch delivers the scalability and versatility needed to keep innovating and transforming the business to stay competitive but without affecting security and business continuity. As hybrid networks become more complex, prevention, detection, response and prediction of threats becomes more demanding intellectually and financially. SD-Branch responds to those challenges by reducing complexity and cost and by improving security and resilience. A managed SD-Branch service is the way to go for SMB and highly distributed businesses and, for those large retailers with an in-house network security team, it delivers a powerful and affordable solution that can keep up with the pace of the digital transformation while avoiding digital disruption and self-inflicted damage.