Business & Technology
With the escalating adoption of bandwidth-hungry SaaS applications, VPs of networking are having to rethink their wide-area networking (WAN) strategies. Instead of accommodating increasing and variable demand with costly, inflexible WAN connections, network leaders have turned to software-defined wide area networks (SD-WAN).
SD-WAN architecture is attractive because it provides more efficient and cost-effective bandwidth allocation, but also because it improves WAN performance, agility, and operational flexibility. As network leaders assess their SD-WAN options, however, what is often missing from their deliberations is how to adequately address security risks.
SD-WAN security is a multifaceted challenge facing network administrators. As organizations have demanded better security for their cloud applications, SD-WAN vendors have started to promote VPN tunnels, next-generation firewalls, micro-segmentation, and various IPSec solutions. However, they often fail to confront the most significant challenge in SD-WAN security: Integrating these solutions in a meaningful way.
Many embedded security features rely on Layer 3 network controls and don’t provide the robust cloud security functions required in a modern IT environment. Instead, many embedded security solutions for SD-WAN-enabled appliances are only concerned with perfunctory specs and place a far greater emphasis on pumping out packets at breakneck speed.
This approach to SD-WAN security is no doubt incomplete and will heighten your organization’s attack surface. Instead, organizations need to take an integrated, centrally orchestrated approach to SD-WAN security as soon as possible.
Embedded security may seem like a moot point for many enterprises in which security and networking are handled by different functions in the organization. The networking team deploys an SD-WAN solution, and the security team is responsible for deploying a next-generation firewall (NGFW) as a gatekeeper for the SD-WAN-enabled appliance. But if implementing SD-WAN involves two teams, managing two types of products, and using separate management consoles, the TCO of the solution may become more than what the CIO bargained for.
What’s more, a lack of integration between SD-WAN and NGFW products also heightens risk due to potential gaps between the disparate technologies that cybercriminals are highly motivated to exploit. Finally, and perhaps more importantly for some, network performance bottlenecks are almost guaranteed to ensue. For example, increasing SSL-encrypted enterprise traffic, which now comprises over 50% of all network traffic, must be thoroughly checked for hidden malware, a CPU-intensive process that results in significant overhead for many traditional NGFW solutions
In an attempt to address this challenge, several vendors have begun to offer advanced firewall features embedded into their SD-WAN appliances. It sounds promising until you realize they’re not integrated: You must still manage separate security and networking domains, which hampers IT visibility and control.
So, what’s left? As is often the case, the answer is revealed through a change in perspective: Rather than trying to find an SD-WAN solution with security features, you might be better served by seeking to create a secure environment for implementing SD-WAN. One of the best available ways to do so is through an SD-WAN-enabled next-generation firewall.
For enterprises with high-security requirements, an NGFW is essential to provide Layer 3 through Layer 7 protection. But what about SD-WAN functionality? Lest “SD-WAN-enabled NGFW” become a euphemism for SD-WAN compromise, candidate NGFWs claiming to provide SD-WAN functions should be assessed for several key capabilities:
That’s up to you. A fully integrated secure SD-WAN solution should integrate both networking and security functions for simplified management through a single pane of glass. This not only reduces finger-pointing and wasted time but also increases your flexibility in allocating FTE resources.
One thing is certain: A SD-WAN focused solely on network performance won’t provide the protection you need. However, by integrating your SD-WAN with crucial security features, you can lower TCO while meeting the needs of both your networking and security teams—if you know what to look for.
Take a security-driven networking approach to improve user experience and simplify operations at the WAN edge with Fortinet Secure SD-WAN.