If you’re a business executive, it’s time to get smart about SD-WAN.
SD-WAN, short for software-defined wide-area networking, has emerged as an important technology in helping your organization save money, improve the user experience and empower branch offices in the cloud era.
These are all good reasons to deploy SD-WAN, particularly in this time of digital transformation and workplace modernization. But getting smart about SD-WAN is also about ensuring that your IT, network and security teams are paying proper attention to cybersecurity protections. Otherwise, the benefits of the technology could be outweighed by the risks.
Without getting too deep into the technical weeds, SD-WAN is a design that separates the hardware and software in the wide-area network, similar to how virtualization works in servers. This enables centralized, cloud-based control to simplify management across multi-cloud environments—and particularly in connecting and unifying branch offices in the cloud.
In the pre-cloud Dark Ages of just a few years ago, the standard model for supporting branch offices was to use a wide-area network, typically MPLS from a telecom carrier, to carry all traffic to and from a data center, where security was managed centrally.
This was essentially “the worst of all worlds,” according to Naveen Zutshi, chief information officer at Palo Alto Networks. “In the branch offices, you had a lot of hardware to manage and maintain and, because you were back-hauling everything to the data center, you often had performance and latency issues. Plus, the bandwidth was expensive.”
Even if that model were efficient and inexpensive—which it isn’t—it would no longer be feasible in the cloud era, when branch offices and remote users are increasingly bypassing centralized IT and going directly to the cloud.
By empowering these branches and users with SD-WAN, IT teams can re-assert control over connectivity, while providing much greater performance and reliability for a better user experience. They can also empower more flexible connectivity options because the architecture easily allows for the use of any combination of transport services.
Better still, this centralized cloud control means that IT can leverage the SD-WAN architecture to improve the organization’s overall cybersecurity posture. This is indicative of a broader trend in cloud security, which Gartner has labeled “secure access service edge,” or SASE. This is another important new term to get smart about.
The concept behind SASE is that as more and more applications and business activities move to the cloud, networking and security teams need a new way of delivering and securing these services. As Gartner notes, “the enterprise perimeter is no longer a location; it is a set of dynamic edge capabilities delivered when needed as a service from the cloud.”
How do you make sure your organization is moving in the right direction when it comes to the growing number of remote and branch office users that require secure access to cloud-based applications to conduct day-to-day business activities?
As a start, you’ll need to know which questions to ask. When it comes to SD-WAN, Sean Duca, a chief security officer at Palo Alto Networks, says: “Too many organizations prioritize connectivity and cost benefits with SD-WAN. Security must be at the top of the list and should be natively integrated with connectivity to simplify operations and gain a more holistic view of security.”
Here are some key questions to ask:
- Can you extend to branch offices the same consistent security protections that are in your data center and cloud environments?
- Can you leverage flexible deployment for specific needs, including on-premises and as-a-service models in any combination?
- Does the solution use machine learning and threat intelligence to provide added protection against malware, targeted attacks and insider threats at your branches?
- Does the SD-WAN solution support a Zero Trust architecture so only authorized users, devices and applications are allowed onto the network?
- Can you create and enforce precise policies to safely enable all of your business-critical applications while also preventing attacks?
- Is the solution simple to deploy, manage and scale, leveraging automation to accelerate the onboarding of new branches?
One of the challenges for business leaders is that technology is evolving rapidly as more applications move into cloud environments, whether public, private or hybrid. Sometimes it’s difficult to keep up with all of the buzzwords.
SD-WAN and SASE are terms that will come up more frequently, as IT and security leaders look to support their branch offices with a better user experience through improved performance, higher reliability, reduced complexity and increased intelligence.
You don’t have to know in detail how the technology works, but you do have to ask the vital question when you see SD-WAN or SASE in budget proposals or wish lists. That question, of course, is: “What about security?” You’ll be glad you asked.