As a result of today’s increasingly mobile workforce, many essential business applications operate over the Internet across multiple clouds. The advent of SD-WAN technology marked a critical step in the evolution of networking. However, this has also brought about a raft of new security challenges. This guide looks into the subject of SD-WAN technology and its associated security challenges and benefits.
What is SD-WAN?
Software-defined wide area networking (SD-WAN) takes the benefits of software-defined networking (SDN) technology and applies these to traditionally hardware-based networking.
It provides an overlay architecture that centralises and simplifies network management, making the network more elastic. SD-WAN supports numerous connection types (e.g. Internet, MPLS) and provides a simple interface for managing WAN. It supports VPNs and other third-party services such as WAN optimisation controllers and firewalls.
What are the Security Benefits of SD-WAN?
SD-WAN allows for encrypted tunnels to be created between every site in the network, making the connection as secure as a VPN without the provisioning or configuration involved in setting up VPNs. SD-WAN solutions also have in-built encryption capabilities, ensuring that only authorised users can access the network and view connected assets.
What’s more, an SD-WAN created with virtual overlays allows micro-segmentation to extend beyond the data centre. Micro-segmentation refers to the segmenting of traffic based on application characteristics and policies.
SD-WAN facilitates granular control and enables companies to tell networks how certain types of traffic should be handled, making it far less likely for unwanted or harmful traffic to enter the network.
SD-WAN Security Tips
- Use native NGFW protection: Choose an SD-WAN solution with in-built next-gen firewall (NGFW) security, as this will ensure consistent monitoring and protection throughout the network. Also, protection will natively follow workloads, data and applications even if the SD-WAN adapts to dynamic networking demands
- Integrate it with existing architecture: Whatever security strategy you select for deploying SD-WAN, it should allow for easy integration with existing security architecture so that it is kept simplified and management control is centralised
- Encrypt SD-WAN traffic: With organisations adding more applications and connections than before, the potential attack surface increases and greater amounts of critical information need to be protected, so data encryption becomes even more essential
- Inspect encrypted traffic: Even though SSL traffic is likely to increase, most businesses do not have adequate SSL inspection as part of their SD-WAN solutions. Encrypted network traffic needs to be inspected so that hidden malware placed inside encrypted tunnels is discovered and eradicated
Mistakes to Avoid with SD-WAN
You should take time to educate yourself on SD-WAN so that you can fully understand which security features are integrated into the solution and which are missing. You should also ensure that all the relevant stakeholders have a firm understanding of SD-WAN and are aware of how it will benefit the organisation.
Don’t sacrifice security to save on costs. Cheaper solutions are not only less secure, but they are also a false economy as you will probably undertake the complex task of adding extra layers of security at a later date.
Don’t take a hands-off approach following deployment. Keep up to date with the latest security features and carefully evaluate how these can benefit your business.
Guest Blog by Orla Forrest, Marketing Executive at Paradyn
