In this article

Digital banking has changed the role of the physical bank branch. For the most part, opening accounts and banking transactions are done through digital channels. With decreases in staffing and real estate footprint of new branches, banks have to find ways to do more with less. Still, the branch serves vital purposes, such as providing face-to-face contact, acquiring new customers, and generating brand engagement and consumer loyalty. Because customers still desire personalized, proactive financial conversations, branches are a major competitive advantage to banking institutions. 

Recently, however, the COVID-19 pandemic has accelerated a repurposing of branches to a more hybrid, physical-digital branch experience. Branches are transforming to become more digitally integrated, adopting automated services that improve front-end customer experience and back-office efficiencies. By blending human and digital services, the branch can offer consistent services, timely issue resolution and greater responsiveness to customer needs.

Branch IT transformation

With digital transformation underway, legacy systems are being replaced with modern, customer-centric platforms that often utilize cloud-based technologies. This has allowed banks to deliver better omnichannel experiences with seamless transitions between physical and digital services, including: 

  • Staging a credit card replacement or printing a certified check utilizing a mobile application, CRM, location services or secure lockers.
  • Finding/consulting with an expert by online appointment, wayfinding or video chat.
  • Performing self-service transactions with virtual agents, need assessments and kiosks.

For a bank to be able to deliver these next-generation branch services it will need an IT infrastructure that can support:

  • High performing, always-on connectivity.
  • Computing power to handle advanced AI/ML models and large data sets.
  • Computer vision and location services to enable personalized experiences.
  • A 360-degree view of the customer to provide proactive financial advice.

Next-generation branch network

Introducing next-generation hybrid services will have an impact on a bank's underlying branch network infrastructure. To provide adequate digital experiences for branch customers and employees, the following network architecture tenants must be addressed:

  • Network performance and reliability.
  • Seamless wireless experience for both employees and guests.
  • Optimized cloud connectivity.
  • Integration of Internet of Things (IoT) devices.
  • Analytics and location services.
  • Ease of deployment and manageability.

The new concept of "Software Defined Branch" (or SD-Branch) consists of several key technologies that make the next-generation branch possible, if not optimal; they are: 

  • High speed flexible WAN access, such as Direct Internet Access (DIA) and 5G/LTE cellular.
  • Edge-to-Cloud connectivity solutions, including Software-Define WAN (SD-WAN).
  • LAN/WLAN Edge infrastructure (high-speed wireless and switching).
  • Embedded advanced security, such as adopting a Security Service Edge (SSE) solution, Zero Trust, NAC, etc.
  • Automation including visibility and analytics.

Foundational to next-generation network architecture, these solutions are to be bundled, deployed with automation and delivered with visibility/analytics for operational efficiency. Below we look at how these solutions are instrumental in building a next-generation branch network.

High-speed WAN access

As applications start shifting to a cloud-delivered model (SaaS, Public Cloud), being able to leverage transport systems that can offer more directed paths to these resources with less latency is key to performance.  For access to SaaS and cloud application, some viable options include Direct Internet Access (DIA), 5G/LTE (or private wireless services), multi-service provider options (for shared internet and private connectivity), and even some Network as a Service (NaaS) offerings.


User experience is transforming the way users connect to workloads, and therefore transforming the security perimeter. Optimize the WAN Edge connectivity for cloud access is going to be critical to a branch's performance, resiliency and security. This can be achieved by coupling transport options like Direct Internet Access and 5G/LTE with SDWAN and SASE/SSE services.

SD-WAN can utilize flexible transport offerings (both internet and private networks) with features that offer traffic steering based on application and/or network characteristics such as bandwidth utilization, packet loss and latency. 


To improve service coverage and performance for both customers and branch employees, WiFi6/6E standards can deliver a better experience through increased bandwidth, more consistent data rates and lower latencies. Paired with guest services, this allows for a seamless experience for customers to access digital banking services while at the branch. At the same time, new Wi-Fi networks can enable a more mobile workforce within the branch, allowing them to better service customers.  Location services on the Wi-Fi networks provide analytics to the business for things like customer dwell time, targeted digital signage and physical to online mapping.

The LAN switching capabilities of a branch network need to be able to support the new Wi-Fi infrastructure. Two key considerations for meeting performance requirements of WiFi6/6E APs are Power over Ethernet (for APs and IoT devices) and Multi-Gigabit Ethernet support (1G, 2.5G, 5G and 10G). In addition, Network Access Control (NAC) systems must be put in place to identify, authenticate, and segment customers from branch employees and IoT devices, and ultimately secure the branch network.

Embedded advanced security

SASE/SSE services use cloud delivered security services, and when coupled with NaaS, are an effective way to build trusted internet connectivity with consistent policies. SASE/SSE services also promote a secure and agile distributed edge-to-cloud environment that can scale while maintaining a Zero Trust approach.

Automation, visibility & operations 

Software-defined capabilities for automation and operations are core to the SD-Branch concept. Infrastructure automation allows for agile deployment at scale while mitigating risk of configuration errors and compliance/standards drift. SD-Branch solutions offer automation integration through APIs, external programmability options and vendor-provider workflows.

The SD-Branch solution set can significantly reduce OpEx if able to provide rapid issue detection and response mechanisms. To do this, operators need to be able to gain visibility into the network infrastructure. The right SD-WAN and SASE/SSE solutions will provide insights on traffic flow paths and detect any impairments from the branch to either cloud or private services. Analytics also need to be applied to proactively change network paths to meet application performance requirements. 

On the LAN Edge, operators need to be able to monitor RF usage and performance at the branch, with analytics that can rapidly determine and mitigate client connectivity issues and their root causes. In addition, for customer, employee and IoT network access and segmentation policies, secure visibility needs to be provided cross the SD-Branch stack.

Final thoughts

The SD-Branch architecture approach will help banks transform their branch offices into a space where customers can have a secure and seamless hybrid digital-human experience. Optimizing cloud connectivity will deliver a better branch employee experience, as well, albeit for corporate training or providing more efficient back-office application capabilities. 

From a technological perspective, the SD-WAN will provide traffic steering capabilities to facilitate optimized access over the WAN for either cloud access or internal data center resources. WiFi6/6E performance with additional location services will lend itself to customer recognition and improved access to platforms and new products for digital users in the branch. Deploying new security solutions for identifying and securing IoT devices in the branches, like SSE, will lower the risk of breaches, improve overall security posture and free up security teams to focus on greater tasks.

With the right combination of automation, observability and analytics tools, SD-Branch offers a more secure, operationally efficient and digitally forward branch office network, improving the employee and customer experience and ultimately the business of the bank.

Get started with a next-generation network architecture workshop
Request one today!