How Businesses Gain from Integrating SD-WAN and Security

by Mike Frane
April 16, 2019

SD-WAN (software-defined wide area network) and security technologies are convergently evolving—responding to the needs of the market while stimulating new demand through innovation. SD-WAN and security capabilities are being integrated in platforms both on-premises and in the cloud. What’s more—network and security functions once tied to dedicated hardware solutions are now being delivered more effectively via flexible software applications.

Security is biggest WAN concern

Overcoming WAN security concerns

In a recent survey administered by Gartner on behalf of Fortinet, 72% of the respondents confirmed that “security is the biggest WAN concern,” outranking performance at 58% and cost at 47%. Not a surprising result considering the potential impacts that a single security event can have in terms of network performance and financial damages.

Security can no longer be an afterthought. It must be designed as a fundamental component in SD-WAN deployments—whether integrated into the platform itself or as an adjacent service. SD-WAN solutions today often become hybrid solutions in order to maximize returns on prior investments, therefore, any embedded security functions must also be designed for a complex, hybrid world.

The simplification of existing technology in one area often introduces greater complexity elsewhere to stimulate innovation that will yield a greater aggregate value. As overall solution complexity ebbs and flows, the dynamic environment can be very challenging to manage. Network and security management challenges can be multiplied by many factors in a WAN, including:

  • Connection complexity. Network performance requirements and security needs may vary by users, transactions, applications, sites and link types. As a simple example, the guest enjoying complementary WiFi over a cup of coffee in a café likely requires less security than the employee who processes that same guest’s credit card at the table via a tablet.
  • Security-induced latency. As more users of all types use more cloud-based applications and services, security functions such as deep packet inspection, content filtering and data loss protection can impair application performance—reducing productivity and negatively impacting the customer or user experience.

Security gains from technological advances

Software-defined networking introduced the concept of network functions virtualization (NFV), including security. Service chaining enabled multiple functions to be linked together and work in harmony. Software-defined technologies can deliver seamless security across vast WANs with centralized management. The virtualization and integration of network and security functions can reduce dependencies on dedicated hardware solutions. This standardization, simplification and automation can improve the uniformity—and therefore the integrity—of security across all locations, while reducing the need for human intervention.

SD-WAN Security

While virtualization has simplified the physical world, it has also enabled the logical complexity required for Unified Threat Management (UTM) to address ever-growing complexity in the threat landscape. User segmentation enables security capabilities to be applied to each segment type in the most efficient and cost-effective manner possible. For example, PCI DSS (Payment Card Industry Data Security Standard) Compliance may apply to a company at large, but there may be relatively small subsets of employees or network segments that require special handling from a network and security perspective.

IT and security leaders must carefully consider and evaluate segments of user types, or “security classes,” for WAN traffic, and impose policy and technical controls to ensure traffic and apps are treated appropriately. Service providers can help with hosted security options and demonstrating how customers can segment traffic to engage or bypass various security functions.

SD-WAN deployments can also enable Internet connections to software-as-a-service (SaaS) applications in the cloud, but those cost savings come with new security risks. Cloud-based application access may precipitate a new approach to security with a next‑generation virtualized firewall (NGFW) that runs at the network core. Once customized for the specific apps used in the enterprise, a cloud NGFW can be serviced‑chained into SD-WAN connections to as many WAN locations as desired.

Security gains from technology-empowered humans

SD-WAN solutions offer “hard savings” relative to the MPLS solutions they are slowly displacing. Less tangible—but perhaps of even greater importance—are the “soft savings” that an SD-WAN solution with integrated security can yield.

In the past, “rip and replace” WAN deployments created significant disruptions and distractions for all users and especially for the IT professionals tasked with challenges well above and beyond “business as usual” operations. That kind of chaos creates opportunities for existing and emerging security vulnerabilities to be more easily exploited. In contrast, SD-WAN solutions can be deployed “over the top” (OTT) of existing networks. Security risk factors can be mitigated because businesses can progressively deploy SD-WAN by a self-defined project plan and schedule, adjusting on the fly to fight the unexpected, but inevitable, fires of the day. Top tier service providers also offer premium high touch services to fully outsource the deployment and/or ongoing management of SD-WAN, as needed or desired.

Once deployed, SD-WANs provide greater security because the people who manage them can operate more effectively and efficiently via a “single pane of glass” that simultaneously monitors the environment for network and security events. With an integrated SD-WAN and security deployment, security can be managed from a centralized portal, and modifications to security policies can be made for all locations in a matter of minutes, without the need for on-site IT support that could previously take days or weeks for hundreds of locations. Some amount of “soft savings” are realized from operational efficiencies. Much greater savings may be realized when (not if) a security event does occur. A fully-integrated portal for managing network and security enables operators to recognize, analyze and respond to events as quickly as possible. When a security event is significant, every second saved in mitigating it may prove invaluable to protecting the company’s infrastructure, data and—ultimately—its brand and reputation.

Wherever you are in your path to digital transformation, ensuring your existing network security plans help you realize the full value of prior investments and the new investments you make will support the evolving needs of your business well into the future will be key.