Software-defined WAN (SD-WAN) is one of the most rapidly adopted technologies of the past decade. According to a recent study published by Dell’Oro Group, the worldwide sales of SD-WAN technologies are forecasted to grow at double-digit rates over each of the next five years to surpass $3.2 billion in 2024. This growth is certainly a testament to some of the more well-known benefits of SD-WAN technology, such as centralized network policy management, network flexibility and application-aware routing. More recently, SD-WAN has emerged as a key component for building more flexible, integrated security frameworks.
With SD-WAN, branch offices become part of an enterprise’s larger network topology, with their own internet egress. Corporate devices can access the Internet via multiple endpoints, adding a layer of complexity to network security. However, if properly configured and equipped, SD-WAN can simplify management, help improve security and decrease threat vectors. In sum, SD-WAN can improve an organization’s security posture and help decrease the stress and costs associated with a security intrusion.
In this article, we will review the integral role SD-WAN plays in enterprise network security approaches as network and security continues to converge in order to best support hybrid workforces, the migration to the cloud and increased security threats.
Traditional security models were designed to support a walled castle approach where a company’s data, applications, and users operate behind a firewall at a centralized headquarters or data center. As more enterprises continue to support hybrid workforces and cloud migration, critical data and applications are also moving out of the traditional data center to the edge. As security perimeters evolve, every access point and network element become a potential risk for security breach. The basic firewall functionality may not be enough to help protect enterprise networks. Organizations are better served by using an SD-WAN solution that integrates security into the network functionality. Following are some key considerations for optimization:
Network policies and segmentation for security
SD-WAN delivers the flexibility to segment networks and implement application-aware routing, thus limiting the attack surface of highly sensitive data and systems. For example, segmenting mission critical systems and data from those less critical systems like basic productivity, office and research tools creates risk domains. Network segmentation can minimize the impact of a successful attack to said domain. When set up properly, enterprise security policies with segmentations can help prevent or reduce the impact of a security incursion, and hopefully prevent propagation beyond the borders of the impacted segment.
Without SD-WAN, application-specific security for cloud-based applications can be complicated and expensive. By setting up protected regional zones to securely direct cloud-based application traffic to where it needs to go based on corporate security policies, SD-WAN can help you architect and incorporate security controls to platforms and apps into your connectivity fabric.
To help protect the site-to-site traffic of corporate locations, SDN management can connect all locations with a secure tunnel using AES256 encryption. SD-WAN can also help prioritize and route that traffic by application, and then allow IT leaders to apply security policies using the SD-WAN appliances as enforcement.
Unified threat management (UTM)
UTM delivers multiple security functions through a single service designed to help protect business infrastructure. This combined security approach can present a unified security posture over geographically dispersed, distributed networks. SD-WAN appliances, with UTM and/or next-generation firewall capabilities built in, to help protect each branch location – getting back to the expanding perimeter point. Using SD-WAN technology that includes integrated security solutions can reduce the complexity of deploying and networking a separate suite of security tools. This includes point solutions like NGFW, IDS/IPS, URL or a fully stand-alone UTM.
Single pane of glass monitoring
Once proper orchestration and security policies are in place, IT teams can monitor all traffic and ports. With SD-WAN’s real-time, simultaneous management of the network and UTM threat detection on a single pane of glass, flagging risks and thwarting potential threats can help reduce corporate risk profile.
For retail or other credit-card-accepting digital commerce organizations, finding an SD-WAN solution that is PCI-compliantshould be a top consideration for transmitting sensitive credit card data using industry-standard encryption. Flexible provisioning and segmentation capabilities of SD-WAN are especially relevant for retailers to easily isolate their POS systems, as well as other critical networks and data. Segregating the POS system from the rest of the network is highly recommended and considered a best practice.
Managed security and managed SD-WAN
Managing both an SD-WAN and advanced security is simplified when combined, but can still be a lot to handle, especially in an environment where companies may be working with reduced staff. Working with a service provider that has a broad purview of the threat landscape can reduce a threat before it even reaches the organization’s perimeter. Threat visibility and management are a critical component in managed security services and can offer peace of mind in an environment where security threats are constantly changing.
SD-WAN with Security simplifies management with agile network design that enables organizations to transform in stages, allowing new and old networks to co-exist. This reduces the complexity and effort required to redesign networks, providing a smooth migration path for any deployment models, from flat networks to highly segmented ones. And as this migration advances, special security rules and policies can be applied to reduce risk along the way. Optimally, advanced security and network architecture can work in harmony to deliver a network with enhanced performance, exceptional user experiences and reliable connectivity with a strong security posture.
Help defend your network against fast-changing and malicious attacks with the Comcast Business suite of cybersecurity offerings.
Joseph Richardson is Senor Director Cybersecurity Products, Comcast Business.
This guest blog is part of a Channel Futures sponsorship.
Log in with your Channel Futures account
Alternatively, post a comment by completing the form below:
Your email address will not be published. Required fields are marked *
Channel Futures’ @MSP_501 special award winners were honored during the #MSP501 gala Thursday night in Orlando.… twitter.com/i/web/status/1…
Pictures from @MSP_Summit Day 3. Highlights included a CIO panel, the #MSP501 awards gala and more.… twitter.com/i/web/status/1…
For four panelists at this year’s #MSPSummit, the pandemic forced their companies to become more nimble. Learn how… twitter.com/i/web/status/1…
[email protected] taps Alan Atkinson as chief partner officer. dlvr.it/SYPcGr https://t.co/8LVhLUUyY5
See what this group of IT leaders, including @LeeMangold, had to say to channel partners. dlvr.it/SYPV8Q https://t.co/RE60DfC2sc
In three to five years, 80% of what marketers do will be dependent on #AI, say experts at the #MSPSummit.… twitter.com/i/web/status/1…
.@Avaya‘s CEO and channel leader address financial issues, #layoffs and company turnaround. #CCaaS… twitter.com/i/web/status/1…
.@upstackhq acquires Stellar Connect, the latest in 20-plus purchases. #UCaaS dlvr.it/SYMsNt https://t.co/tGR5wY60dV
The industry's largest and most comprehensive partner awards program.
Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.
Get the latest information on the next industry-leading Channel Partners event.
Educational slide shows and images from live events.
Want to reach our audience? Access our media kit.
How SD-WAN Helps Secure the Expanding Network Perimeter – Channel Futures