Blogposts

Prioritising Network Security in SD-WAN Deployment

As an overlay networking technology, SD-WAN has been effective in solving enterprise IT challenges related to the management of transport links which include Ethernet, dedicated internet access (DIA), Multiprotocol Label Switching (MPLS), broadband and so on.

With SD-WAN, network policy and configuration are managed via a centralised controller to intelligently handle traffic across the entire wide area network (WAN). This translates well to overall increase in efficiency as well as cost savings.

Yet network security remains a wildcard in SD-WAN deployments.

For enterprises, it is a newfound challenge as the application of security framework becomes more apparent in this new environment.
 
According to a Gartner survey, 72% of respondents cited security as the topmost concern when it comes to their WAN.

Who do you blame when things go south?

No one, really. 

The combination of various links across multiple endpoints creates many vulnerabilities and adds complexity when applying security policy.

Security appliances can be added to secure SD-WAN connection between a branch office and corporate headquarter, but things can quickly become unmanageable and extremely expensive when deployed across tens and hundreds of sites.

Integrating third-party security appliances adds more challenges in terms of scalability as well as consistency.

A different security vendor is responsible for each component of the security architecture, while the maintenance of these security appliances becomes a heavy long-term investment. Upgrading and troubleshooting will be extremely difficult to manage which evidently negates the benefits of using SD-WAN.

Now, some enterprises may look at pushing out this responsibility to a managed service provider (MSP) to alleviate immediate concerns. But they will soon become disenchanted by the fact that they do not have much control over the SD-WAN service.
 
Changes to security policy will have to go through a lengthy process that could take days. Furthermore, being locked into multi-year contract and adding to the overall cost of deploying an SD-WAN.

Integrating cloud-based security stack in SD-WAN

With Security-as-a-Service (SECaaS), SD-WAN providers can integrate security into their offering.

Not only does a cloud-based security stack provide a complete set of security features, security policy can also be easily configured and managed via a single orchestrator. Enterprises gain control over the security services as they add new links to the WAN. 

There will no longer be any need for third-party security appliances, managing it through another service provider or installing additional software or virtual network function (VNF). The SD-WAN deployment can be scaled more efficiently and securely in this manner with centralised security control across the entire WAN.  

Must-have SD-WAN security features

Some of the most important security features in SD-WAN include next generation firewall, unified threat management (UTM) and intrusion detection and prevention systems (IDPS).

These security services ensure that the enterprise is able to control, limit or block certain access to minimise the risk of network-based exploit attacks and malware. It should also be able to detect and stop worms, trojans and other malicious threats.

Considering how SD-WAN is rapidly enhancing the traditional WAN, security needs to become an integral feature in the overall offering. With an integrated cloud-based security stack, enterprises can connect their data centres, branch offices and the public clouds with a peace of mind.

To learn more about other other factors to consider when adopting SD-WAN, consider reading this: From MPLS to SD-WAN, What should Enterprise Consider?

Get in touch with us to learn how Epsilon SD-WAN can help you scale and secure your WAN.

Author


dongliang

Dong Liang

Global Product Manager, Enterprise Services