Skip to content

1.9 Risk Assessment

Document Information

Field Value
Document ID SDWAN-CH1-009
Version 1.0
Last Updated December 2025
Author Network Architecture Team
Status Final
Classification Internal Use

1.9.1 Executive Risk Summary

Overall Risk Profile

┌─────────────────────────────────────────────────────────────────────────────┐
│                    SD-WAN MIGRATION RISK PROFILE                            │
│                         Abhavtech.com Assessment                            │
├─────────────────────────────────────────────────────────────────────────────┤
│                                                                             │
│  Risk Category          Current    Mitigated   Impact    Likelihood        │
│  ─────────────────────  ─────────  ─────────   ────────  ──────────        │
│  Technical              HIGH       MEDIUM      Critical  Probable          │
│  Operational            MEDIUM     LOW         Major     Possible          │
│  Financial              MEDIUM     LOW         Moderate  Unlikely          │
│  Organizational         MEDIUM     LOW         Moderate  Possible          │
│  Vendor/Supply          LOW        LOW         Minor     Unlikely          │
│  Compliance             MEDIUM     LOW         Critical  Unlikely          │
│  ─────────────────────  ─────────  ─────────   ────────  ──────────        │
│  OVERALL SCORE          MEDIUM     LOW         Major     Possible          │
│                                                                             │
│  Risk Score: 47/100 (Acceptable with mitigation)                           │
│  Confidence Level: 85%                                                      │
│                                                                             │
└─────────────────────────────────────────────────────────────────────────────┘

Risk Score Summary

Risk Category Inherent Risk Mitigated Risk Control Effectiveness
Technical 72/100 45/100 62%
Operational 58/100 32/100 55%
Financial 52/100 28/100 54%
Organizational 55/100 30/100 45%
Vendor/Supply 35/100 20/100 57%
Compliance 60/100 25/100 58%
Weighted Average 57/100 32/100 55%

1.9.2 Technical Risk Assessment

T-001: Controller Infrastructure Failure

Attribute Details
Risk ID T-001
Category Technical - Infrastructure
Description SD-WAN Manager/Controller failure causing network-wide impact
Inherent Risk Critical (90/100)
Probability Medium (40%)
Impact Complete overlay failure, no new tunnel formation, policy updates fail
Affected Sites All 9 sites (19,000 endpoints)

Mitigation Strategies:

Strategy Implementation Residual Risk
3-node vManage cluster Deploy cluster in Mumbai DC 45/100
Geo-redundant DR Chennai DR with 3-node standby 35/100
Controller redundancy 4 vSmart (2 Mumbai + 2 Chennai) 30/100
Graceful restart WAN edges maintain tunnels 24hrs 25/100
Monitoring Real-time controller health alerts 20/100

Control Implementation:

! WAN Edge graceful restart timer
system
 graceful-restart
  timer restart-timer 1440    ! 24 hours
  timer stalepath-time 300    ! 5 minutes


T-002: SD-Access Integration Failure

Attribute Details
Risk ID T-002
Category Technical - Integration
Description VRF-Lite/BGP handoff failure between SD-Access borders and WAN Edge
Inherent Risk High (75/100)
Probability Medium (35%)
Impact Campus-to-WAN connectivity loss, VN isolation broken
Affected Sites All hub sites with fabric borders

Root Causes:

Cause Likelihood Detection
BGP peering failure 25% BGP neighbor alerts
VRF mismatch 15% Route table verification
SGT propagation break 20% TrustSec logging
MTU issues 20% Path MTU discovery
Routing loops 10% Traceroute analysis

Mitigation Matrix:

Mitigation Owner Timeline Status
Dual border nodes per site Network Team Pre-deployment Planned
BFD for fast failover Network Team Implementation Planned
SGT inline tagging validation Security Team Testing Pending
Lab validation before production Project Team Week 4-5 Planned
Comprehensive test cases QA Team Ongoing In Progress

BFD Configuration for Fast Failover:

! SD-Access Border Node
router bgp 65001
 neighbor 10.254.1.2 remote-as 65501
 neighbor 10.254.1.2 fall-over bfd
!
bfd-template single-hop WAN-EDGE
 interval min-tx 100 min-rx 100 multiplier 3
!
interface GigabitEthernet1/0/49
 bfd template WAN-EDGE


T-003: Tunnel Formation/Stability Issues

Attribute Details
Risk ID T-003
Category Technical - Connectivity
Description IPsec/DTLS tunnel flapping or failure to establish
Inherent Risk High (70/100)
Probability Medium (30%)
Impact Site isolation, traffic blackhole, application degradation
Trigger Events NAT issues, firewall blocks, certificate expiry, MTU problems

Tunnel Health Requirements:

Metric Threshold Alert Escalation
Tunnel flaps >5/hour Warning P2 ticket
Tunnel down >1 minute Critical P1 escalation
BFD timeout >3 consecutive Warning Investigation
Control connection loss Any Critical P1 immediate

Mitigation Controls:

┌────────────────────────────────────────────────────────────────────┐
│                   TUNNEL STABILITY CONTROLS                        │
├────────────────────────────────────────────────────────────────────┤
│                                                                    │
│  1. Pre-deployment Validation                                      │
│     ├── NAT traversal testing (UDP 12346/12446)                   │
│     ├── Firewall rule verification                                 │
│     ├── MTU path discovery (1400-1500 bytes)                      │
│     └── Certificate chain validation                               │
│                                                                    │
│  2. Runtime Monitoring                                             │
│     ├── BFD liveness detection (100ms timers)                     │
│     ├── Control connection keepalives                              │
│     ├── OMP route convergence tracking                            │
│     └── Tunnel statistics trending                                 │
│                                                                    │
│  3. Recovery Procedures                                            │
│     ├── Automatic tunnel re-establishment                          │
│     ├── Graceful restart preservation                              │
│     ├── Alternate path selection (AAR)                            │
│     └── Manual intervention runbook                                │
│                                                                    │
└────────────────────────────────────────────────────────────────────┘

T-004: Application Performance Degradation

Attribute Details
Risk ID T-004
Category Technical - Performance
Description Critical applications fail SLA after SD-WAN migration
Inherent Risk High (68/100)
Probability Medium (35%)
Impact Business impact, user complaints, productivity loss
Applications at Risk Voice (MOS), SAP (response time), Video (quality)

Application SLA Risk Assessment:

Application Current SLA Risk Level Mitigation
Voice/Unified Comms MOS >4.0 Medium AAR Real-Time class, FEC
SAP S/4HANA <2s response Medium Direct MPLS path initially
Video Conferencing 1080p quality Low Dedicated bandwidth class
Office 365 <50ms latency Low Cloud OnRamp SaaS
Database Replication <25ms local High MPLS backup during migration

AAR SLA Monitoring:

! AAR Policy for Voice Protection
policy
 app-route-policy VOICE-SLA
  vpn-list VOICE-VPN
   sequence 10
    match
     dscp 46
    action
     sla-class REAL-TIME strict
     backup-sla-preferred-color mpls


T-005: Security Vulnerability Exposure

Attribute Details
Risk ID T-005
Category Technical - Security
Description Security gaps during migration exposing network to threats
Inherent Risk High (72/100)
Probability Low (20%)
Impact Data breach, compliance violation, reputation damage
Exposure Window Migration phases 2-4 (parallel operation)

Security Risk Factors:

Factor Risk Mitigation
Dual control planes Medium Unified policy enforcement
Internet exposure High Enterprise firewall + UTD
Certificate management Medium Automated renewal, 180-day validity
SGT propagation gaps Medium Inline tagging validation
Admin access expansion Low RBAC, MFA enforcement

Security Control Checklist:

Control Required Status Owner
AES-256-GCM encryption Yes Planned Security
TLS 1.3 control plane Yes Planned Network
Enterprise firewall at DIA Yes Planned Security
UTD with Snort 3.0 Yes Planned Security
Umbrella DNS security Yes Planned Security
CTS inline tagging Yes Pending Network
MFA for all admin access Yes Planned IAM

1.9.3 Operational Risk Assessment

O-001: Skills Gap and Training Deficiency

Attribute Details
Risk ID O-001
Category Operational - Human Resources
Description Team lacks SD-WAN expertise causing deployment/operations errors
Inherent Risk High (65/100)
Probability High (60%)
Impact Deployment delays, configuration errors, extended outages
Current Gap SD-WAN Architecture: Basic, vManage Admin: None

Skills Gap Analysis:

Skill Area Current Required Gap Training Need
SD-WAN Architecture Basic Advanced Critical ENSDWI (5 days)
vManage Administration None Advanced Critical Admin workshop
Policy Configuration None Intermediate Major Hands-on lab
Troubleshooting Basic Advanced Major Bootcamp
API/Automation None Intermediate Moderate Python/REST
Security Features Basic Intermediate Moderate Security focus

Training Plan:

Training Duration Attendees Timeline Cost
ENSDWI (Cisco Official) 5 days 4 engineers Week 1-2 $XX,XXX
SD-WAN Design Workshop 3 days 2 architects Week 2 $X,XXX
Operations Bootcamp 3 days 3 operators Week 3 $X,XXX
Hands-on Lab Practice 2 weeks All team Week 3-5 $X
Total Training Investment $XX,XXX

O-002: Change Management Failures

Attribute Details
Risk ID O-002
Category Operational - Process
Description Inadequate change control causing unplanned outages
Inherent Risk Medium (55/100)
Probability Medium (40%)
Impact Service disruption, compliance violation, audit findings
Root Cause Complex multi-domain changes, template propagation

Change Risk Categories:

Change Type Risk Level Approval Maintenance Window
Template modification High CAB + Architect Weekend
Policy push to production High CAB approval Off-hours
Controller upgrade Critical CAB + Management Scheduled outage
WAN Edge onboarding Medium Team lead Business hours
Routing changes Medium Architect Off-hours
Certificate renewal Low Automated Any time

Change Control Process:

┌─────────────────────────────────────────────────────────────────────────────┐
│                     SD-WAN CHANGE MANAGEMENT WORKFLOW                       │
├─────────────────────────────────────────────────────────────────────────────┤
│                                                                             │
│  Request → Impact Analysis → Lab Test → CAB Review → Schedule → Execute    │
│                                                                             │
│  ┌───────────┐   ┌───────────┐   ┌───────────┐   ┌───────────┐            │
│  │  Change   │──▶│   Risk    │──▶│   Lab     │──▶│    CAB    │            │
│  │  Request  │   │  Assess   │   │  Validate │   │  Approve  │            │
│  └───────────┘   └───────────┘   └───────────┘   └───────────┘            │
│       │              │               │               │                      │
│       ▼              ▼               ▼               ▼                      │
│  ServiceNow     Risk Matrix     Test Results    Meeting Minutes             │
│  Ticket         Document        Sign-off        Approval Record             │
│                                                                             │
│  ┌───────────┐   ┌───────────┐   ┌───────────┐   ┌───────────┐            │
│  │  Schedule │──▶│  Execute  │──▶│  Verify   │──▶│  Close    │            │
│  │  Window   │   │  Change   │   │  Testing  │   │  Ticket   │            │
│  └───────────┘   └───────────┘   └───────────┘   └───────────┘            │
│       │              │               │               │                      │
│       ▼              ▼               ▼               ▼                      │
│  Notification    Runbook         Health Check   Post-Implementation        │
│  to Users        Execution       Results        Review                      │
│                                                                             │
└─────────────────────────────────────────────────────────────────────────────┘

O-003: Monitoring and Visibility Gaps

Attribute Details
Risk ID O-003
Category Operational - Observability
Description Insufficient monitoring during/after migration
Inherent Risk Medium (50/100)
Probability Medium (35%)
Impact Delayed incident detection, prolonged outages, SLA breach
Current State MPLS-focused NMS, limited SD-WAN visibility

Monitoring Requirements:

Layer Tool Integration Status
Controller Health vManage Dashboard Native Planned
WAN Edge Status vManage + SNMP SolarWinds Planned
Tunnel Analytics vAnalytics Native Planned
Application Performance ThousandEyes API Planned
Security Events Splunk SIEM Syslog Planned
Log Aggregation Splunk Syslog/API Existing
Alerting PagerDuty Webhook Existing

Monitoring Implementation Timeline:

Phase Monitoring Capability Target Date
Phase 1 Controller health, basic alerts Week 2
Phase 2 WAN Edge monitoring, tunnel status Week 4
Phase 3 Application analytics, SLA tracking Week 8
Phase 4 Full observability, predictive alerts Week 12

1.9.4 Financial Risk Assessment

F-001: Cost Overrun Risk

Attribute Details
Risk ID F-001
Category Financial - Budget
Description Project exceeds approved budget of $XXX,XXX
Inherent Risk Medium (55/100)
Probability Medium (30%)
Impact Budget reallocation, project pause, scope reduction
Contingency 15% reserve ($XXX,XXX)

Budget Risk Factors:

Factor Impact Likelihood Mitigation
Hardware price increase $XXK 20% Lock pricing with PO
Additional licensing $XXK 25% License audit upfront
Extended timeline $XXK 35% Milestone tracking
Scope creep $XXK 40% Change control process
Training overrun $XXK 15% Fixed-price contracts

Budget Tracking:

Category Budgeted Risk Exposure Contingency
Hardware $XXX,XXX +$XX,XXX Covered
Licensing $XXX,XXX +$XX,XXX Covered
Professional Services $XX,XXX +$XX,XXX Partial
Training $XX,XXX +$XX,XXX Covered
Contingency $XXX,XXX -$XXX,XXX $XX,XXX remaining
Total $XXX,XXX +$XXX,XXX Adequate

F-002: ROI Achievement Risk

Attribute Details
Risk ID F-002
Category Financial - Returns
Description Projected savings not realized, ROI falls below 200%
Inherent Risk Medium (48/100)
Probability Low (25%)
Impact Business case invalidation, stakeholder confidence loss
Target ROI 233% (3-year)

ROI Risk Scenarios:

Scenario Probability 3-Year Savings ROI Status
Best Case 20% $X,XXX,XXX 259% Target
Expected 55% $X,XXX,XXX 233% Baseline
Conservative 20% $X,XXX,XXX 188% Acceptable
Worst Case 5% $X,XXX,XXX 141% Below threshold

Savings Protection Strategies:

Strategy Protected Savings Implementation
MPLS cancellation schedule $XXX,XXX/year Contractual commitment
DIA cost negotiation $XX,XXX/year Multi-vendor quotes
Operational efficiency $XXX,XXX/year Automation metrics
Circuit optimization $XX,XXX/year Bandwidth right-sizing

1.9.5 Organizational Risk Assessment

ORG-001: Stakeholder Resistance

Attribute Details
Risk ID ORG-001
Category Organizational - Change
Description Key stakeholders resist SD-WAN adoption
Inherent Risk Medium (50/100)
Probability Medium (30%)
Impact Delayed approvals, reduced support, project delays
Stakeholders Business units, Operations team, Security team

Stakeholder Analysis:

Stakeholder Influence Interest Current Position Strategy
CIO High High Champion Maintain support
IT Operations Medium High Neutral Early involvement
Security Team High Medium Skeptical Address concerns
Business Units Medium Medium Positive Communicate benefits
Finance High Medium Supportive ROI reporting

Engagement Plan:

Stakeholder Group Engagement Activity Frequency
Executive Sponsor Status briefings Bi-weekly
IT Operations Working sessions Weekly
Security Team Design reviews Monthly
Business Units Communication updates Monthly
All stakeholders Steering committee Monthly

ORG-002: Resource Availability

Attribute Details
Risk ID ORG-002
Category Organizational - Resources
Description Key personnel unavailable during critical phases
Inherent Risk Medium (52/100)
Probability Medium (40%)
Impact Timeline slippage, quality reduction, knowledge gaps
Critical Resources Network architects, Security engineers, Project manager

Resource Risk Matrix:

Role Allocated Backup Risk if Unavailable
Lead Architect 1 FTE 1 backup High - Design delays
Network Engineers 3 FTE 2 backup Medium - Workload
Security Engineer 1 FTE 1 backup High - Compliance risk
Project Manager 1 FTE 1 backup Medium - Coordination
Operations 2 FTE 1 backup Low - Training period

Mitigation: - Cross-training for all critical roles - Documentation of all decisions/designs - Vendor professional services on retainer - Knowledge transfer sessions weekly


1.9.6 Compliance and Regulatory Risk

C-001: PCI-DSS Compliance During Migration

Attribute Details
Risk ID C-001
Category Compliance - Regulatory
Description PCI-DSS requirements not maintained during migration
Inherent Risk High (70/100)
Probability Low (15%)
Impact Audit failure, fines, card processing suspension
Deadline PCI-DSS 4.0 compliance by March 2025

PCI-DSS Control Mapping:

PCI Requirement SD-WAN Control Status
1.1 Network segmentation Service VPN isolation Planned
1.2 Firewall protection Enterprise firewall Planned
2.1 Default password change Template enforcement Planned
3.4 Data encryption AES-256-GCM Planned
4.1 Transmission encryption IPsec tunnels Planned
10.1 Audit logging Syslog to SIEM Planned
11.2 Vulnerability scanning Quarterly scans Existing

Compliance Timeline:

┌─────────────────────────────────────────────────────────────────────────────┐
│                    PCI-DSS COMPLIANCE TIMELINE                              │
├─────────────────────────────────────────────────────────────────────────────┤
│                                                                             │
│  Dec 2025  Jan 2026  Feb 2026  Mar 2026                                    │
│     │         │         │         │                                         │
│     ▼         ▼         ▼         ▼                                         │
│  ┌─────┐  ┌─────┐  ┌─────┐  ┌─────┐                                        │
│  │Start│  │Pilot│  │ Prod │  │Audit│                                        │
│  │Prep │  │ Val │  │Deploy│  │Ready│                                        │
│  └─────┘  └─────┘  └─────┘  └─────┘                                        │
│     │         │         │         │                                         │
│  Controls  Testing   Cutover   QSA                                          │
│  Design   Complete   Complete  Review                                       │
│                                                                             │
└─────────────────────────────────────────────────────────────────────────────┘

1.9.7 Risk Register Summary

Top 10 Risks by Priority

Rank Risk ID Description Inherent Mitigated Priority
1 T-001 Controller infrastructure failure 90 20 Critical
2 T-002 SD-Access integration failure 75 35 High
3 T-005 Security vulnerability exposure 72 30 High
4 T-003 Tunnel formation issues 70 28 High
5 C-001 PCI-DSS compliance gap 70 25 High
6 T-004 Application performance degradation 68 32 Medium
7 O-001 Skills gap 65 30 Medium
8 F-001 Cost overrun 55 28 Medium
9 O-002 Change management failures 55 25 Medium
10 ORG-002 Resource availability 52 28 Medium

Risk Heat Map

┌─────────────────────────────────────────────────────────────────────────────┐
│                           RISK HEAT MAP                                     │
├─────────────────────────────────────────────────────────────────────────────┤
│                                                                             │
│  Impact                                                                     │
│    ▲                                                                        │
│    │                                                                        │
│  5 │ Critical    │            │    T-001     │            │                │
│    │             │            │              │            │                 │
│  4 │ Major       │   T-003    │ T-002,T-005  │            │                │
│    │             │   T-004    │    C-001     │            │                 │
│  3 │ Moderate    │ F-001,O-002│   O-001      │            │                │
│    │             │  ORG-002   │              │            │                 │
│  2 │ Minor       │            │              │            │                │
│    │             │            │              │            │                 │
│  1 │ Negligible  │            │              │            │                │
│    │             │            │              │            │                 │
│    └─────────────┴────────────┴──────────────┴────────────┴────────────▶   │
│                  1            2              3            4           5     │
│              Unlikely      Possible       Probable      Likely   Almost    │
│                                                                  Certain   │
│                                    Probability                              │
│                                                                             │
│  Legend: Risk before mitigation                                            │
│                                                                             │
└─────────────────────────────────────────────────────────────────────────────┘

1.9.8 Risk Mitigation Action Plan

Immediate Actions (Week 1-2)

Action Owner Deadline Status
Complete training enrollment PM Week 1 Pending
Order lab equipment Procurement Week 1 Pending
Establish change control board PM Week 1 Pending
Create monitoring integration plan Operations Week 2 Pending
Document rollback procedures Architect Week 2 Pending

Short-term Actions (Week 3-6)

Action Owner Deadline Status
Complete team training All Week 5 Pending
Validate lab environment Engineer Week 4 Pending
Test SD-Access integration Network Week 5 Pending
Establish monitoring baseline Operations Week 6 Pending
Conduct tabletop exercises Team Week 6 Pending

Long-term Actions (Week 7+)

Action Owner Deadline Status
Production pilot deployment Team Week 8 Pending
PCI-DSS validation Security Week 10 Pending
Full production rollout Team Week 14 Pending
Post-implementation review PM Week 16 Pending
ROI validation Finance Month 6 Pending

1.9.9 Risk Governance

Risk Review Schedule

Review Type Frequency Participants Focus
Daily standup Daily Project team Blockers
Weekly risk review Weekly PM + Leads New risks, status
Steering committee Bi-weekly Sponsors + PM Escalations
Monthly assessment Monthly Full team Register update
Quarterly audit Quarterly Internal audit Compliance

Escalation Matrix

Risk Level Response Time Escalation To Action
Critical < 1 hour CIO + Sponsor Emergency CAB
High < 4 hours IT Director Priority response
Medium < 24 hours Project Manager Standard process
Low < 1 week Team Lead Normal tracking

Risk Acceptance Criteria

Risk Score Decision Authority
0-25 Accept Team Lead
26-50 Mitigate Project Manager
51-75 Transfer/Avoid IT Director
76-100 Escalate CIO/Sponsor

1.9.10 Contingency Planning

Rollback Triggers

Scenario Trigger Rollback Action
Controller failure >30 min downtime Activate DR cluster
Tunnel instability >10% flap rate Revert to MPLS primary
Application SLA breach Voice MOS <3.5 Failback to MPLS
Security incident Active breach detected Isolate SD-WAN overlay
Compliance gap Audit failure imminent Pause migration

Business Continuity

Event Recovery Time Recovery Point Procedure
Single WAN Edge failure <1 minute 0 HA failover
Dual WAN Edge failure <15 minutes 0 MPLS fallback
Controller cluster failure <30 minutes <5 min DR activation
Complete SD-WAN failure <2 hours <15 min Full MPLS revert
Site disaster <4 hours <1 hour DR site activation

1.9.11 Summary and Recommendations

Risk Assessment Summary

Metric Value
Total risks identified 15
Critical risks 1
High risks 4
Medium risks 8
Low risks 2
Overall risk score 47/100 (Acceptable)
Risk mitigation effectiveness 55%

Key Recommendations

  1. Prioritize Training: Address skills gap before production deployment
  2. Validate Integration: Extensive lab testing of SD-Access handoff
  3. Implement Monitoring Early: Full observability before production
  4. Maintain Rollback Capability: Keep MPLS circuits during parallel operation
  5. Document Everything: Runbooks, procedures, and decision records
  6. Engage Stakeholders: Regular communication and expectation management

Go/No-Go Risk Criteria

Criteria Threshold Current Status
Critical risks mitigated All 0/1 ⚠️ Pending
Team training complete 80% 0% ⚠️ Pending
Lab validation passed 100% 0% ⚠️ Pending
Rollback tested Yes No ⚠️ Pending
Monitoring operational Yes No ⚠️ Pending
Stakeholder approval Yes No ⚠️ Pending

Project Risk Status: Ready to proceed with mitigation activities. 8-week readiness phase required before production deployment.


Document Revision History

Version Date Author Changes
1.0 December 2025 Network Architecture Team Initial release

End of Section 1.9 - Risk Assessment