SD-WAN (software-defined wide area network) and security technologies are convergently evolving—responding to the needs of the market while stimulating new demand through innovation. SD-WAN and security capabilities are being integrated in platforms both on-premises and in the cloud. What’s more—network and security functions once tied to dedicated hardware solutions are now being delivered more effectively via flexible software applications.
Overcoming WAN security concerns
In a recent survey administered by Gartner on behalf of Fortinet, 72% of the respondents confirmed that “security is the biggest WAN concern,” outranking performance at 58% and cost at 47%. Not a surprising result considering the potential impacts that a single security event can have in terms of network performance and financial damages.
Security can no longer be an afterthought. It must be designed as a fundamental component in SD-WAN deployments—whether integrated into the platform itself or as an adjacent service. SD-WAN solutions today often become hybrid solutions in order to maximize returns on prior investments, therefore, any embedded security functions must also be designed for a complex, hybrid world.
The simplification of existing technology in one area often introduces greater complexity elsewhere to stimulate innovation that will yield a greater aggregate value. As overall solution complexity ebbs and flows, the dynamic environment can be very challenging to manage. Network and security management challenges can be multiplied by many factors in a WAN, including:
Security gains from technological advances
Software-defined networking introduced the concept of network functions virtualization (NFV), including security. Service chaining enabled multiple functions to be linked together and work in harmony. Software-defined technologies can deliver seamless security across vast WANs with centralized management. The virtualization and integration of network and security functions can reduce dependencies on dedicated hardware solutions. This standardization, simplification and automation can improve the uniformity—and therefore the integrity—of security across all locations, while reducing the need for human intervention.
While virtualization has simplified the physical world, it has also enabled the logical complexity required for Unified Threat Management (UTM) to address ever-growing complexity in the threat landscape. User segmentation enables security capabilities to be applied to each segment type in the most efficient and cost-effective manner possible. For example, PCI DSS (Payment Card Industry Data Security Standard) Compliance may apply to a company at large, but there may be relatively small subsets of employees or network segments that require special handling from a network and security perspective.
IT and security leaders must carefully consider and evaluate segments of user types, or “security classes,” for WAN traffic, and impose policy and technical controls to ensure traffic and apps are treated appropriately. Service providers can help with hosted security options and demonstrating how customers can segment traffic to engage or bypass various security functions.
SD-WAN deployments can also enable Internet connections to software-as-a-service (SaaS) applications in the cloud, but those cost savings come with new security risks. Cloud-based application access may precipitate a new approach to security with a next‑generation virtualized firewall (NGFW) that runs at the network core. Once customized for the specific apps used in the enterprise, a cloud NGFW can be serviced‑chained into SD-WAN connections to as many WAN locations as desired.
Security gains from technology-empowered humans
SD-WAN solutions offer “hard savings” relative to the MPLS solutions they are slowly displacing. Less tangible—but perhaps of even greater importance—are the “soft savings” that an SD-WAN solution with integrated security can yield.
In the past, “rip and replace” WAN deployments created significant disruptions and distractions for all users and especially for the IT professionals tasked with challenges well above and beyond “business as usual” operations. That kind of chaos creates opportunities for existing and emerging security vulnerabilities to be more easily exploited. In contrast, SD-WAN solutions can be deployed “over the top” (OTT) of existing networks. Security risk factors can be mitigated because businesses can progressively deploy SD-WAN by a self-defined project plan and schedule, adjusting on the fly to fight the unexpected, but inevitable, fires of the day. Top tier service providers also offer premium high touch services to fully outsource the deployment and/or ongoing management of SD-WAN, as needed or desired.
Once deployed, SD-WANs provide greater security because the people who manage them can operate more effectively and efficiently via a “single pane of glass” that simultaneously monitors the environment for network and security events. With an integrated SD-WAN and security deployment, security can be managed from a centralized portal, and modifications to security policies can be made for all locations in a matter of minutes, without the need for on-site IT support that could previously take days or weeks for hundreds of locations. Some amount of “soft savings” are realized from operational efficiencies. Much greater savings may be realized when (not if) a security event does occur. A fully-integrated portal for managing network and security enables operators to recognize, analyze and respond to events as quickly as possible. When a security event is significant, every second saved in mitigating it may prove invaluable to protecting the company’s infrastructure, data and—ultimately—its brand and reputation.
Wherever you are in your path to digital transformation, ensuring your existing network security plans help you realize the full value of prior investments and the new investments you make will support the evolving needs of your business well into the future will be key.
Mike Frane is the Vice President of Product Management for SD-WAN at Windstream Enterprise, where he is responsible for the company’s overall SD-WAN strategy, as well as the network and security service portfolios. Since joining the organization in 2008, he’s overseen the launch and lifecycle of services including LTE wireless, Ethernet and MPLS IPsec access elements, Secure WiFi & Analytics, Application Performance Optimization, IPsec VPN and Unified Communications. Prior to Windstream’s acquisition of EarthLink, Mike led the launch of EarthLink’s SD-WAN service; their most successful product introduction in over a decade. Mike has a BS in Genetics and Cellular Biology from the University of Minnesota and was involved in gene therapy research at the Institute of Human Genetics before entering the telecommunications industry.
Learn More About SD-WAN
Or call us direct:
Enter your business location zip code below for business solutions in your area.
Find business zip code