Skechers Steps up Network Transformation with Amazon Web Services Cloud WAN, Network Firewall, and Direct Connect

Authors: Ameel Kamboh, Nick Berg, Vivek Shervegar |

This post is co-written with Dino Padilla, Sr. Cloud Engineer, Skechers USA, and Gabriel Sandoval, Sr. Manager Cloud Platforms & GenAI, Skechers USA

In early 2024, global footwear leader Skechers USA continued its cloud transformation journey. To address the infrastructure challenges that could threaten its growth, Skechers redesigned its Amazon Web Services Cloud network. This blog post chronicles how Skechers migrated from a complex, fragmented network topology to a streamlined, resilient global infrastructure—securely powered by Amazon Web Services Cloud WAN, Amazon Network Firewall, and Amazon Direct Connect.

Reasons to Migrate and Business Problems to Solve

As Skechers cloud platform engineers navigated the complexities of cloud networking, they encountered several challenges that prompted Skechers to reevaluate its infrastructure and practices. Three key issues stood out as significant hurdles in its cloud environment: excessive VPNs, aging firewalls, and manual route management.

1. Excessive VPNs
Skechers’ cloud network had organically grown into a global, multi-region infrastructure, resulting in a proliferation of Virtual Private Networks (VPNs). While these provided secure connections, Skechers cloud engineers found themselves managing an increasingly complex set of policies and a costly network topology that was becoming difficult to maintain and troubleshoot. And with rapid network expansion and hybrid connectivity, constant security analysis became cumbersome because it wasn’t centrally managed.

2. Aging firewalls with single points of failure
As Skechers scaled its cloud presence, it realized that maintaining the legacy firewall infrastructure was not only becoming a security liability but also creating potential single points of failure. And with continual security updates and maintenance delays, these vulnerabilities risked both network stability and business continuity.

3. Manual route management
Skechers’ legacy approach—manually managing network routes and analyzing secure network flows—had become increasingly time-consuming and error-prone. The cloud platform engineering team recognized that this approach was unsustainable and hindered their ability to scale efficiently.

These challenges led Skechers to identify the following three critical business concerns.

i. Risk reduction—modernizing its cloud network infrastructure would eliminate single points of failure and enhance its overall security posture.
ii. Improved time to delivery—streamlining network management and automating processes would allow for faster implementation and new services in Skechers’ cloud environment.
iii. Less operational overhead and waste—simplifying cloud network topology and automating route management would reduce IT workloads, minimize human errors, and optimize resource allocation.

By addressing these issues directly, Skechers aimed to create a more robust, efficient, and scalable cloud networking solution that would better serve its needs and support future growth.

The Path to Transformation

First, Skechers comprehensively reviewed its recurring challenges. In collaboration with Amazon Web Services and its partners, Skechers held several infrastructure discussions. It settled on addressing business requirements using Amazon Web Services Cloud WAN, Amazon Network Firewall, and Amazon Direct Connect.

Recognizing the complexity and scale of the complete transformation, Skechers created a phased implementation timeline of 12 months. To build its core network, Skechers established the Amazon Web Services Cloud WAN and its various segments. Skechers also migrated from all VPNs to Amazon Direct Connect, significantly enhancing network performance and reliability. Finally, Skechers systematically migrated subnets into the Amazon Web Services Cloud WAN core network, integrating resources into the new architecture.

Using Amazon Web Services Network Manager, Skechers managed and visualized the entire network from a single portal. This portal helped the team streamline changes and view network utilization reports without switching screens. Configuration changes can also be local—Skechers can wait until maintenance windows to apply changes to the production network—reducing stress and outages that could affect operations.

For infrastructure as code, Skechers used Terraform in conjunction with a third-party Runway tool. Skechers engineers also developed custom scripts to audit their progress, allowing Skechers to track the migration meticulously. To measure migration success, Skechers focused on key metrics for lowering latency, reducing the number of active VPN tunnels, and minimizing the number of core network attachments.

Conclusion

This carefully orchestrated approach helped Skechers navigate the complexities of its network transformation successfully. By using Amazon Web Services managed services and following a well-planned, phased implementation, Skechers modernized its infrastructure while maintaining service continuity for its users. The solution was successful: Skechers accelerated VPC deployment time by 80 percent, eliminated 100 percent of associated VPNs and third-party firewalls, and significantly reduced transit gateway route management efforts. Skechers has built a more robust, efficient, and scalable network architecture that not only addresses current needs but also positions the company for a competitive edge, continued growth, and innovation in the global marketplace.

Contact an Amazon Web Services representative to learn how we can help accelerate your business.

Further reading

  • Amazon Web Services Cloud WAN and Amazon Transit Gateway migration and interoperability patterns
  • Extending a VPC to a Local Zone, Wavelength Zone, or Outpost
  • Smart Store Solutions on Amazon Web Services
  • Amazon Web Services cloud solutions for retail

Acknowledgment

Thank you for your contribution to this blog:

Gabriel Sandoval, a native of Southern California, has roots in diverse communities, including Culver City, South Bay, East Los Angeles, South Central, and Watts. His journey in the technology sector began immediately after high school graduation, showcasing his early passion for the field. As a former Venice Gondolier, Gabriel has cultivated a powerful growth mindset that has driven innovation. Fostering the school’s motto, “Rowing not drifting,” his forward-thinking approach has significantly shaped the future of Cloud technology and expanded its capabilities. Through his work, Gabriel continues to push the boundaries of what’s possible in the ever-evolving tech world. You can reach him on LinkedIn.

Dino Padilla is a senior cloud engineer with 10+ years of experience in enterprise technologies. Specializing in multi-cloud environments, Dino has successfully led large-scale digital transformations for large scale enterprises across diverse industries. His deep knowledge of Amazon Web Services, coupled with a strong background in DevOps practices, containerization, and serverless architectures continues to drive his optimization of cloud infrastructure for scalability, security, and cost-efficiency, consistently delivering solutions that drive business growth and innovation. You can reach him on LinkedIn.


Ameel Kamboh

Ameel Kamboh

Ameel Kamboh is a Senior Solutions Architect at Amazon Web Services with a background in building 9-1-1 networks globally. With 28+ years of experience in networking and building complex applications, Ameel has focused his designs on high availability and scalability. At Amazon Web Services, Ameel has broadened his scope in the retail enterprise sector, delivering innovative solutions to customers.

Nick Berg

Nick Berg

Nick Berg is a Senior Enterprise Account Manager at Amazon Web Services with 15+ years of experience in digital transformations and enterprise technology. In his current role, Nick serves as a strategic advisor for fashion and apparel customers and is an active member of the Amazon Web Services retail community.

Vivek Shervegar

Vivek Shervegar

Vivek Shervegar is a Technical Account Manager at Amazon Web Services, with 8+ years of experience in Network Engineering and Security. In his current role, Vivek serves as an operational solutions architect, focusing on driving operational excellence for Amazon Web Services Retail customers. He leverages his technical expertise to advocate for and implement best practices, ensuring optimal performance and reliability of cloud infrastructure.

The mentioned AWS GenAI Services service names relating to generative AI are only available or previewed in the Global Regions. Amazon Web Services China promotes AWS GenAI Services relating to generative AI solely for China-to-global business purposes and/or advanced technology introduction.