SD-WAN is a hot topic, but how many solutions are truly security-first?
SD-WAN is gaining real traction because the value it can bring to organisations of all shapes and sizes is becoming increasingly clear. It fuels greater agility, productivity and resilience, but how many solutions are truly security-first? Tim Mercer, CEO of disruptive cloud specialist Vapour, explores…
It may sound like a bold claim to make, but SD-WAN (software-defined wide area networks) has the potential to be truly game-changing technology. That doesn’t mean it is new, of course – in fact, the networking architecture has been around for some time.
However, as more organisations have moved to a cloud-first strategy – not least during the pandemic – it has opened up a whole new world of network speed, agility, and resilience for organisations, almost irrespective of size or sector.
And let’s face it, these benefits are highly sought after right now, particularly among fast-paced firms hungry for growth.
Unlocking the benefits of hybrid working – what about the risks?
Remote working is now a common and permanent practice for a number of organisations. However, there’s more to remote working than simply staying at home. This flexible working practice and the demand for a hybrid approach can and will see employees coming online from multiple locations, on an intermittent and varied basis. Their places of residence, coffee shops, co-working spaces, hotel rooms, customer sites, and the traditional office environment, will all be ‘normal’ and acceptable places of work, and differing schedules to suit individuals’ personal circumstances will remain common. The days of commuting to one central location, during a defined time period, and connecting to the corporate infrastructure, are therefore long gone.
This has the potential to become IT’s worst nightmare.
A break from tradition
Traditionally, in the simplest of terms, an IT leader would build a circuit which comes into the corporate network (the office). To provide remote employee access, they’d then build a tunnel to the internet, which feeds into that network via a firewall, so that data can be retrieved. So far, so good.
However, in such a scenario, the company’s network and security solutions are likely to have been supplied by (at least) two providers. Each may have delivered a fantastic service, in respect of what they’ve been contracted to do. But the challenges associated with this disparate provision are growing. If the performance of an application suddenly drops, for instance, how does the IT professional identify the route cause? The temptation is to simply procure more bandwidth – especially when it’s cheap. But this is just a sticking plaster. It doesn’t get to the heart of the issue by considering endpoint risks or threats posed by ‘dirty’ traffic, for instance.
SD-WAN can wholly address such challenges, but only if security lies at the heart of the infrastructure. And sadly – from a networking perspective – very few SD-WAN solutions are really engineered to be security-first.
In designing or searching for an effective SD-WAN solution, IT leaders must therefore prioritise one with security at the heart. It cannot be a bolt-on or an afterthought – it must be integral.
Key to this is bringing network and security policies together.
Some SD-WAN solutions, for example, enable the company to secure each colleague via a downloadable SaaS licence for their device, which protects both the endpoint and corporate network, irrespective of location and using only a basic internet service from any provider. This means that the security lies in the architecture of the hardware and software.
Using network firewall or SASE-based cloud services, IT leaders are then empowered by one integrated solution, which delivers rapid cloud connectivity and transparent visibility to each endpoint via a ‘single pane of glass’. The IT leader therefore gains newfound control over the entire network, with peace of mind from a security perspective too.
With advanced routing and self-healing capabilities, the right SD-WAN solution will also automatically detect the speed, performance, and traffic on the network, understand it, and ‘fix’ itself according to real-time activity. This ability to auto-balance the load dynamically for greater network efficiency will liberate businesses previously shackled by costly, management-intensive VPNs, which are usually made available for a limited number of senior colleagues only.
SD-WAN in action
If an employee is watching Netflix on a company laptop, for instance, SD-WAN will recognise that this is ‘dirty’, non-work-related traffic which cannot come via the corporate network, and it will be pushed back to the right path – the individual’s home broadband.
Normally, the endpoint would have to go to the firewall to determine what to do with the traffic. Here, SD-WAN can drill down to the application layer and correlate the traffic with the security policies on the device, to know immediately what to do. If a company operates a BYOD regime, the IT leader can also set policies and workflows with IP, time, or functionality rules, so that the same network security and performance is guaranteed.
In short, endpoint-borne risks such as firewall weaknesses or unsecure home routers will not pose a threat to corporate networks, because access is controlled dynamically by the SD-WAN solution based on colleagues’ real-time security posture. Any potential threats will be instantly flagged to contain incidents as quickly as possible.
Technically complex, operationally effortless
Delivering high performance, affordable SD-WAN solutions is not something every provider can do. For that reason, when an IT leader complains of connectivity speeds, the easier option is for providers to simply recommend more bandwidth. And, with the cost of circuits falling, it’s hard to push back on this apparent resolution.
However, for many businesses, traditional networks will no longer be fit for this purpose. We’re not all in the same network anymore, so it’s not a case of routing all the traffic into one place, through a huge firewall, and back out.
The SD-WAN alternative sounds complex, and it really is – we’re talking an intelligent, responsive, end-to-end encrypted network with AI at its heart, after all. Even ‘super techies’ are finding themselves having to look at things in an entirely new way – global networks are easy compared to this!
However, from the IT leader’s perspective, SD-WAN is deployed with zero touch provisioning, no hardware installations, and self-configuration for ultimate ease. And the right provider will ensure the process to implement is robust and as hassle-free as possible.
But security criteria MUST be at the top of the agenda, if the solution is to deliver the benefits businesses are really seeking. IT teams are here to deliver IT services, after all. They don’t want to be held back by infrastructure constraints. It’s about time that tech enabled them to do their jobs.